Como usar OAuthAuthorizationServerProvider com API da Web

Segui alguns tutoriais para autenticação de API da Web com OWIN. A maioria destes tutoriais personaliza OAuthAuthorizationServerProvider. No entanto, quando depuro "F11" não é atingido a classe OAuthAuthorizationServerProvider

 private void ConfigureAuth(IAppBuilder app)
            app.UseCookieAuthentication(new CookieAuthenticationOptions()



            OAuthAuthorizationServerOptions authorizationServerOption = new OAuthAuthorizationServerOptions()
                 * for demo only
                 * to enforce the Token retrieval over SSL (any non-https requests for requesting the Token will be denied)
                 * set AllowInsecureHttp = false

               // AllowInsecureHttp = true,

                // Add token to the API dir
                //TokenEndpointPath = new PathString("/token"),

                //Provider = new AWOAuthServerProvider(),

                // For test only 1 Day token expiry
                //AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)


            authorizationServerOption.AllowInsecureHttp         = true;
            authorizationServerOption.TokenEndpointPath         = new PathString("/token");
    /*break point*/
            authorizationServerOption.Provider                  = new AWOAuthServerProvider();
            authorizationServerOption.AccessTokenExpireTimeSpan = TimeSpan.FromDays(1);

            // Enable the application to use bearer tokens to authenticate users

            // Token Generation

            //Token Consumption
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()



Como posso usar ou chamar o método ao lado da classe OAuthAuthorizationServerProvider?

 public class AWOAuthServerProvider : OAuthAuthorizationServerProvider
        public override async Task ValidateClientAuthentication
            (OAuthValidateClientAuthenticationContext context)
            await Task.FromResult(context.Validated());

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext  context)

            if (!ValidCredential(context.Password,context.UserName))
                context.SetError("invalid_grant", "The user name or password is incorrect.");

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
            identity.AddClaim(new Claim("username", context.UserName));



Este é um método auxiliar para validar credenciais do Active Directory

         private bool ValidCredential (String password,String username)
                    string[] NTId           = { "", "" };
                    string   netDomain      = "";
                    string   netUserName    = "";
                    bool     isValid        = false;

                    // context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

                    if (username.Equals(null) || username.Equals(""))
                        //Request client Network username
                            NTId = (HttpContext.Current.Request.LogonUserIdentity.Name)
                                                   .Replace(@"\\", @"\")
                        // error
                        catch (Exception e)
                            return false;
 if (NTId.Length == 2)
                    netDomain = NTId[0];
                    netUserName = NTId[1];
                    using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, netDomain))

                        isValid = principalContext.ValidateCredentials(netUserName, password);
                // error 
                catch (Exception e)
                    return false;

                return isValid;
