I have the following code in my startup.cs. Setting up the TokenEndpointPath works perfectly in IIS Express and when the Web API project is deployed to the root of a website in IIS. However, if I host in a nested application (i.e. an application within a website) in IIS calls to the token endpoint result in a 404. Is there a way to base the TokenEndpointPath off of the actual IIS structure instead of the root, as it does here? Right now:

This Works

http://server:80/api/token

This does not

http://server:80/app/api/token

    var request = HttpContext.Current.Request;
    app.UseOAuthAuthorizationServer(newOAuthAuthorizationServerOptions
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = newPathString("/api/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(oauthTokenTimeoutInMinutes), 

        Provider = new Provider.ActiveDirectoryAuthorizationServerProvider()
    });

As commented, I have tested your issue by setting TokenEndpointPath = new PathString("/api/Token"). At first, my connectionString looks like the following:

<connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-WebApi-20150818041808.mdf;Initial Catalog=aspnet-WebApi-20150818041808;Integrated Security=True" providerName="System.Data.SqlClient" />    
  </connectionStrings>

After publishing the project to Local IIS (7.5), getting 500 error response when sending POST request to

http://localhost/webapi/api/token

Then I updated connectionString like the following:

<connectionStrings>    
    <add name="DefaultConnection" connectionString="Data Source=192.168.1.247;Initial Catalog=MyDB;Integrated Security=True;MultipleActiveResultSets=True;" providerName="System.Data.SqlClient" />
  </connectionStrings>

It works like the following screenshot: