I have an ASP.NET MVC OWIN website that uses a CustomOAuthProvider : OAuthAuthorizationServerProvider middleware in it's HTTP pipeline.
That's interacting with an OAuth cookie to maintain the login session.
I was under the broad impression that ValidateClientAuthentication was supposed to get hit every time the user hits the webserver to get a new page, to check the cookie was valid ... but putting a debug point in there and running the site ... didn't hit that.
Is there a method on that class that does get hit every time, which I can use to intercept some of that checking?