.net - Token Based Authentication using ASP.NET Web API 2 and Owin throws 401 unautorized -

i have create oauth authentication using guide taiseer joudeh. have created endpoint /token make authentication. works , revice result this.

{   "access_token": "dhbvpjshuois6k8ndsxfroptq63qlww_7bifl0lozixhznngld0qcu-x4q4qa7xwhhiqeqbbk6gyu_hliyfubsfmsdxwqloqayabjhnnsnjpmmhnadb-kcqznpqy7-waaqkmcvh1hpqx4l30sxlx0l8mbjtrtkx9-jxhawdpapqya9lu4ai2-z5-zxxorifdl-svxrunbtdqmnrxoh_oeyclungzw-is543ttj0bysq",   "token_type": "bearer",   "expires_in": 86399 } 

but if use access token in header of next call of enpoint has authorizeattribute alwayse recive unauthorized error. if take in in currentprincipal of current thread it's genericprincipal.

my startup class looks (looks similar in guide)

public class startup     {         public void configuration(iappbuilder app)         {              httpconfiguration config = new httpconfiguration();             icontainer container = autofacconfig.register(config, app);              configureoauth(app, container);              webapiconfig.register(config);             automapperconfig.register();              app.usewebapi(config);         }         public void configureoauth(iappbuilder app, icontainer container)         {             oauthauthorizationserveroptions oauthserveroptions = new oauthauthorizationserveroptions()             {                 allowinsecurehttp = true,                 tokenendpointpath = new pathstring("/token"),                 accesstokenexpiretimespan = timespan.fromdays(1),                 provider = container.resolve<ioauthauthorizationserverprovider>()                             };              // token generation             app.useoauthauthorizationserver(oauthserveroptions);             app.useoauthbearerauthentication(new oauthbearerauthenticationoptions());          }      } 

and oauthserviceprovider this:

public class simpleauthorizationserverprovider : oauthauthorizationserverprovider     {         private readonly iuserbl userbl;           public simpleauthorizationserverprovider(iuserbl userbl)         {             this.userbl = userbl;         }          public override async task validateclientauthentication(oauthvalidateclientauthenticationcontext context)         {             context.validated();         }          public override async task grantresourceownercredentials(oauthgrantresourceownercredentialscontext context)         {              context.owincontext.response.headers.add("access-control-allow-origin", new[] { "*" });              userdto user = mapper.map<userdto>(userbl.login(context.username, context.password));              if (user == null)             {                 context.seterror("invalid_grant", "the user name or password incorrect.");                 return;             }              var identity = new claimsidentity(context.options.authenticationtype);             identity.addclaim(new claim("sub", context.username));             identity.addclaim(new claim("role", "user"));              context.validated(identity);          }     } 

the difference i'm using version 3 of owin , not 2 guide. there breaking changes broken code?

edit 1:

i'am using autofac resolve interface ioauthauthorizationserverprovider:

builder.registertype<simpleauthorizationserverprovider>()                 .as<ioauthauthorizationserverprovider>()                 .propertiesautowired()                  .singleinstance(); 

foa, not seem using simpleauthorizationserverprovider class in configureoauth() method.

so, please change code :

oauthauthorizationserveroptions oauthserveroptions = new oauthauthorizationserveroptions() {              allowinsecurehttp = true,             tokenendpointpath = new pathstring("/token"),             accesstokenexpiretimespan = timespan.fromdays(1),             provider = new simpleauthorizationserverprovider(),         }; 

and please comment happens.