Please I need your help to understand this issue..
am building an Authorization server (ASP.Net WebApi hosted on IIS) which responsible for generating jwt tokens based on ASPNet Identity and a resource server which is ASP.Net WebApi OWIN self-Hosted on a Windows Service.
my understanding is the authorization filter executes "AuthenticateAsync", if the filter successfully validates the token, the filter creates an IPrincipal and attaches it to the request.
Please i need to know in the scenario described above who is resposible for executing the AuthenticateAsync and loading the IPrincipal? and how does it work?