c# - Owin OAuth localhost/Token returns 404 -

firstly, works when run visual studio using iis express.

i have asp.net web api running owin oauth. configuration part of startup class:

private static void configureauth(iappbuilder app) {     var oauthoptions = new oauthauthorizationserveroptions     {     #if debug         allowinsecurehttp = true,     #endif         tokenendpointpath = new pathstring("/token"),         accesstokenexpiretimespan = timespan.fromdays(30),         provider = new applicationoauthprovider()     };      app.useoauthauthorizationserver(oauthoptions);     app.useoauthbearerauthentication(new oauthbearerauthenticationoptions()); } 

this register part of webapiconfig.cs

public static void register(httpconfiguration config) {     // web api configuration , services     config.suppressdefaulthostauthentication();     config.filters.add(new hostauthenticationfilter(oauthdefaults.authenticationtype));      var cors = new enablecorsattribute("*", "*", "*");     config.enablecors(cors);      // web api routes     config.maphttpattributeroutes();      // odata     var builder = new odataconventionmodelbuilder();     builder.entityset<employee>("employee");     config.mapodataserviceroute(         routename: "odataroute",         routeprefix: "odata/",         model: builder.getedmmodel()     );      config.routes.maphttproute(         name: "defaultapi",         routetemplate: "api/{controller}/{id}",         defaults: new { id = routeparameter.optional }     ); } 

i have deployed application on iis version 8.5.* , works except localhost/token endpoint. combined mvc + web api project.

i using .net v4.5 application pool (.net clr version: 4.0) integrated pipeline mode , microsoft.owin.host.systemweb.dll present in bin folder.

why 404 when make request token endpoint?

i had same issue. here problem:

#if debug     allowinsecurehttp = true, #endif 

locally (iisexpress), you're running debug build , compiler directive sets allowinsecurehttp true. means can ask new oauth token on both http , https.

deploying iis means first release build. compiler directive omits allowinsecurehttp line. property defaults false, means can oauth token on https. if try ask token on http, server answer 404.