Token end point not resolving against a controller type

Question

I've been trying to follow examples of how to configure Web Api to use bearer tokens with Asp.Net Identity 2.0, and I've run into a hiccup. Following this tutorial http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api it states that i should be able to post to http://{servername}/Token to get a bearer token. when i do this, i get an exception for Castle Windsor when it tries to resolve Token as a controller.

What i'm trying to accomplish overall is to sign in using using the canned Account controller and then retrieve a token. I am trying to use both cookies and bearer tokens.

1. is this the right approach to use the default account controller to authenticate?
2. if this is not the correct approach, should i follow the tutorial more closely and have the user sign-in against an api controller?
3. what do i need to do for my IoC configuration to make sure my end points resolve?

Answer 1

Authorization in WebApi should be handled in a MessageHandler, not at controller level.

You should create a MessageHandler responsable to verify an OAuth Berarer Token: that message handler may(should) resolved by your IoC and than configurated in the WebApi pipeline.

public static void RegisterGlobalHandlers(HttpConfiguration config, IWindsorContainer container)
{
    var authorizationMessageHandler = container.Resolve<AuthorizationMessageHandler>();
    config.MessageHandlers.Add(authorizationMessageHandler);
}

DotNetOpenOAuth is a great place to start: have a look to the mvc5 sample/message handler implementation.