I am new the webAPI2, so please excuse me if my question is trivial. I want to implement token based security for my webAPI, so that other applications (apart from my SPA) can also call my webAPIs.

I started with Owin OpenAuth and implemented a POC. Everything worked well. But when I had to send client to Authorization to Authorization server, I could not find any inbuilt function to do that. I had to build this my self. Then I came across DotNetOpenAuth that provides APIs to set the communication as well. As far as I could find out, Microsoft is favoring Owin OpenAuth over DotNetOpenAuth.

Can anybody please provide the differences between these two? Also, which one is recommended?

Thanks In Advance

Brock Allen answered a similar question here

The OWIN middleware is grated more for just the protocol bits, but has none of the necessary persistence bits (or replay protection or refresh token support or many other things). If you are interested in working directly with the protocol because you want to learn it and really learn how to build a server, then the OWIN middleware is an ok place to start. But if all you want is a sever that already has all of those pieces implemented, then consider looking into IdentityServer

or DotnetOpenAuth