nopcommerce +autofac +owin +webapi

 public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            HttpConfiguration config = new HttpConfiguration();
            // Web API 路由
            config.MapHttpAttributeRoutes();
            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}/{namespaces}",
                defaults: new { id = RouteParameter.Optional, namespaces = new[] { "Nop.API.ApiControllers" } }
            );

           
            var builder = new ContainerBuilder();
            // We have to register services specifically for the API calls!
            builder.RegisterApiControllers(Assembly.GetExecutingAssembly());
            
            //Update existing, don't create a new container
            builder.Update(EngineContext.Current.ContainerManager.Container);

            //Feed the current container to the AutofacWebApiDependencyResolver
            var resolver = new AutofacWebApiDependencyResolver(EngineContext.Current.ContainerManager.Container);
            config.DependencyResolver = resolver;


            // enable API versioning
            //config.Services.Replace(typeof(IApiExplorer), new VersionedApiExplorer(GlobalConfiguration.Configuration));
            //config.Services.Replace(typeof(IHttpControllerSelector), new RouteVersionedControllerSelector(GlobalConfiguration.Configuration));

            //exception logger 
            //config.Services.Add(typeof(IExceptionLogger), new SimpleExceptionLogger());
            //exception handler
            //config.Services.Replace(typeof(IExceptionHandler), new GlobalExceptionHandler());


            //we will get JSON by default, but it will still allow you to return XML if you pass text/xml as the request Accept header
            //var appXmlType = config.Formatters.XmlFormatter.SupportedMediaTypes.FirstOrDefault(t => t.MediaType == "application/xml");
            //config.Formatters.XmlFormatter.SupportedMediaTypes.Remove(appXmlType);
            config.EnsureInitialized();
            //FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            //GlobalConfiguration.Configuration.EnsureInitialized();
           

            app.UseAutofacMiddleware(EngineContext.Current.ContainerManager.Container);
            app.UseAutofacWebApi(config);
            app.UseWebApi(config);
            
            //ConfigureAuth(app);

        }



        public void ConfigureAuth(IAppBuilder app)
        {
            // 针对基于 OAuth 的流配置应用程序  
            var OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                //Provider = new NopAuthorizationServerProvider(),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
                //在生产模式下设 AllowInsecureHttp = false  
                /*AllowInsecureHttp设置整个通信环境是否启用ssl， 
                不仅是OAuth服务端，也包含Client端， 
                当设置为false时，若登记的Client端重定向url未采用https，则不重定向*/
                AllowInsecureHttp = true,

            };

            // 使应用程序可以使用不记名令牌来验证用户身份  
            app.UseOAuthBearerTokens(OAuthOptions);
        }
    }

 http://www.nopchina.net/post/nopcommerce-plugin-webapi.html