How to implement the authorization through token and roles, in WEB API C #, SOAP architecture, through the use of repositories with stored procedures

How can I implement the authorization through token and roles, in WEB API C #, SOAP architecture, through the use of repositories with stored procedures and dependency injection?

public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            }
            else
            {
                string autenticationToken = actionContext.Request.Headers.Authorization.Parameter;
                string decodeautenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(autenticationToken));
                string[] userNamePassworArray = decodeautenticationToken.Split(':');
                string username = userNamePassworArray[0];
                string password = userNamePassworArray[1];

                LoginModel model = new LoginModel();

//validate user credentials and obtain user roles (return List Roles) //validar las credenciales de usuario y obtener roles de usuario

            model.Roleslist = _serviceUsuario.ObtenerRoles(username, password);

            if (model.Roleslist !=null)
            {
                //this line takes a list of roles and divides them with a comma.
                string ListRoles = string.Join(",", model.Roleslist.Select(x => x.Roles));

                Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);

                //ClaimsIdentity oAuthIdentity = await model.Roleslist.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
                //ClaimsIdentity cookiesIdentity = await model.Roleslist.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);

                //it does not work
                var authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(30), false, ListRoles);
                string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                HttpContext.Current.Request.Cookies.Add(authCookie);

                //  HResult = 0x80004002 Message = You can not convert an object of type 'System.Security.Claims.ClaimsIdentity' to the type 'System.Web.Security.FormsIdentity'.
                FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                FormsAuthenticationTicket ticket = id.Ticket;
                string userData = ticket.UserData;
                string[] roles = userData.Split(',');
                HttpContext.Current.User = new GenericPrincipal(HttpContext.Current.User.Identity, roles);
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "El nombre de usuario o la contraseña no son correctos.");
            }
        }
    }