DotNetOpenAuth ctp 4.0 ResourceServer.VerifyAccess()方法抛出null

我在尝试让DotNetOpenAuth ctp 4.0工作时遇到了困难。情况如下：我有一个与OAuth2示例中的资源服务器类似的资源服务器，但我使用的是WCF Web Api预览6，因此我编写了一个可扩展性点，负责验证向操作发出请求的客户端是否已被授权执行该操作，为了实现这一点，调用了ResourceServer.VerifyAccess方法。这个方法抛出了一个null异常，我还没有找到原因。

这就是我如何编写操作处理程序：

protected override HttpRequestMessage OnHandle(HttpRequestMessage input)
    {
        var principal = VerifyOAuth2(input);
        if(principal == null)
        {
            throw new HttpResponseException(new HttpResponseMessage
                                                {
                                                    StatusCode = HttpStatusCode.Unauthorized,
                                                    Content = new StringContent("Invalid Access Token")
                                                });
        }
        var roles = _authorizationAttribute.Roles.Split(new[] {" "}, StringSplitOptions.RemoveEmptyEntries);
        if(!roles.Any(role => principal.IsInRole(role)))
        {
            throw new HttpResponseException(new HttpResponseMessage
            {
                StatusCode = HttpStatusCode.Forbidden,
                Content = new StringContent("User has not permission to access this resource")
            });
        }
        return input;
    }
    private static IPrincipal VerifyOAuth2(HttpRequestMessage request)
    {
        var headers = request.Headers;
        var headersCollection = new WebHeaderCollection();
        foreach (var header in headers)
        {
            headersCollection.Add(header.Key, header.Value.ToString());
        }
        using (var signing = MvcApplication.CreateAuthorizationServerSigningServiceProvider())
        {
            using (var encrypting = MvcApplication.CreateResourceServerEncryptionServiceProvider())
            {
                var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
                IPrincipal result;
                var httpRequestInfo = new HttpRequestInfo(request.Method.ToString(), request.RequestUri,
                                                          request.RequestUri.AbsoluteUri, headersCollection, request.Content.ReadAsStreamAsync().Result);//Since I dont have an HttpResourceInfo Object I need to build one from my request, using an overloaded method. 
                var error = resourceServer.VerifyAccess(httpRequestInfo, out result); //here is where the exception is thrown. 
                // TODO: return the prepared error code.
                return error != null ? null : result;
            }
        }

我不知道这段代码是否有帮助，但如果没有，你能告诉我这个方法什么时候抛出空引用异常吗？？也许这会对我有所帮助！提前谢谢。