diff --git a/source/Clients/Clients.sln b/source/Clients/Clients.sln
index 712a89526..521c5cfb5 100644
--- a/source/Clients/Clients.sln
+++ b/source/Clients/Clients.sln
@@ -53,6 +53,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebForms OWIN Implicit", "W
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "JavaScript Client Manual", "JavaScriptImplicitClient Manual\JavaScript Client Manual.csproj", "{0109EFFE-B823-47C0-A27D-6DFD7B7169F2}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sample Web Api Using Pop", "SampleAspNetWebApiWithPop\Sample Web Api Using Pop.csproj", "{BB87949A-9B35-42D1-8805-799BAC60BBC5}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -335,6 +337,22 @@ Global
 		{0109EFFE-B823-47C0-A27D-6DFD7B7169F2}.Release|x64.Build.0 = Release|Any CPU
 		{0109EFFE-B823-47C0-A27D-6DFD7B7169F2}.Release|x86.ActiveCfg = Release|Any CPU
 		{0109EFFE-B823-47C0-A27D-6DFD7B7169F2}.Release|x86.Build.0 = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|ARM.Build.0 = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|x64.Build.0 = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Debug|x86.Build.0 = Debug|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|ARM.ActiveCfg = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|ARM.Build.0 = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|x64.ActiveCfg = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|x64.Build.0 = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|x86.ActiveCfg = Release|Any CPU
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -342,5 +360,6 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{C8CD1733-783A-4655-814B-9CF7FD7FDFE8} = {22C083F3-1F8A-4E90-B79C-13A6012492BC}
 		{CFD6A3D6-02A2-4A7B-AF63-B9526A1F50E8} = {22C083F3-1F8A-4E90-B79C-13A6012492BC}
+		{BB87949A-9B35-42D1-8805-799BAC60BBC5} = {22C083F3-1F8A-4E90-B79C-13A6012492BC}
 	EndGlobalSection
 EndGlobal
diff --git a/source/Clients/Constants/Constants.cs b/source/Clients/Constants/Constants.cs
index f5e271a33..0d8e29fa7 100644
--- a/source/Clients/Constants/Constants.cs
+++ b/source/Clients/Constants/Constants.cs
@@ -12,5 +12,6 @@ public static class Constants
         public const string TokenRevocationEndpoint = BaseAddress + "/connect/revocation";
 
         public const string AspNetWebApiSampleApi = "http://localhost:2727/";
+        public const string AspNetWebApiSampleApiUsingPoP = "http://localhost:46613/";
     }
 }
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/App_Start/WebApiConfig.cs b/source/Clients/SampleAspNetWebApiWithPop/App_Start/WebApiConfig.cs
new file mode 100644
index 000000000..b51929751
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/App_Start/WebApiConfig.cs
@@ -0,0 +1,25 @@
+using System.Web.Http;
+
+namespace SampleAspNetWebApiWithPop
+{
+    public static class WebApiConfig
+    {
+        public static HttpConfiguration Register()
+        {
+            // Web API configuration and services
+            var config = new HttpConfiguration();
+            config.Formatters.Remove(config.Formatters.XmlFormatter);
+
+            // Web API routes
+            config.MapHttpAttributeRoutes();
+
+            config.Routes.MapHttpRoute(
+                name: "DefaultApi",
+                routeTemplate: "{controller}",
+                defaults: new { id = RouteParameter.Optional }
+            );
+
+            return config;
+        }
+    }
+}
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Controllers/IdentityController.cs b/source/Clients/SampleAspNetWebApiWithPop/Controllers/IdentityController.cs
new file mode 100644
index 000000000..4cb19902b
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Controllers/IdentityController.cs
@@ -0,0 +1,22 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Web.Http;
+
+namespace SampleAspNetWebApiWithPop.Controllers
+{
+    [Authorize]
+    public class IdentityController : ApiController
+    {
+        public dynamic Get()
+        {
+            var principal = User as ClaimsPrincipal;
+
+            return from c in principal.Identities.First().Claims
+                   select new 
+                   {
+                       c.Type,
+                       c.Value
+                   };
+        }
+    }
+}
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Controllers/TestController.cs b/source/Clients/SampleAspNetWebApiWithPop/Controllers/TestController.cs
new file mode 100644
index 000000000..990326962
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Controllers/TestController.cs
@@ -0,0 +1,14 @@
+using System.Collections.Generic;
+using System.Web.Http;
+
+namespace SampleAspNetWebApiWithPop.Controllers
+{
+    public class TestController : ApiController
+    {
+        // GET api/<controller>
+        public IEnumerable<string> Get()
+        {
+            return new string[] { "value1", "value2" };
+        }
+    }
+}
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Properties/AssemblyInfo.cs b/source/Clients/SampleAspNetWebApiWithPop/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..38105148c
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SampleAspNetWebApiWithPop")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("SampleAspNetWebApiWithPop")]
+[assembly: AssemblyCopyright("Copyright ©  2016")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("bb87949a-9b35-42d1-8805-799bac60bbc5")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version 
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Revision and Build Numbers 
+// by using the '*' as shown below:
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Sample Web Api Using Pop.csproj b/source/Clients/SampleAspNetWebApiWithPop/Sample Web Api Using Pop.csproj
new file mode 100644
index 000000000..93eabf71c
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Sample Web Api Using Pop.csproj	
@@ -0,0 +1,193 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props" Condition="Exists('..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props')" />
+  <Import Project="..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props" Condition="Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" />
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProductVersion>
+    </ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{BB87949A-9B35-42D1-8805-799BAC60BBC5}</ProjectGuid>
+    <ProjectTypeGuids>{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SampleAspNetWebApiWithPop</RootNamespace>
+    <AssemblyName>SampleAspNetWebApiWithPop</AssemblyName>
+    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <UseIISExpress>true</UseIISExpress>
+    <IISExpressSSLPort />
+    <IISExpressAnonymousAuthentication />
+    <IISExpressWindowsAuthentication />
+    <IISExpressUseClassicPipelineMode />
+    <UseGlobalApplicationHostFile />
+    <NuGetPackageImportStamp>
+    </NuGetPackageImportStamp>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="IdentityModel, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\IdentityModel.1.9.2\lib\net45\IdentityModel.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="IdentityModel.Owin.PopAuthentication, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\IdentityModel.Owin.PopAuthentication.1.0.0-build00016\lib\net45\IdentityModel.Owin.PopAuthentication.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="IdentityServer3.AccessTokenValidation, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\IdentityServer3.AccessTokenValidation.2.8.0\lib\net45\IdentityServer3.AccessTokenValidation.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="jose-jwt, Version=1.9.1.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\jose-jwt.1.9.1\lib\4.0\jose-jwt.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.2.33, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.2.206221351\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.1\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security.Jwt, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.Jwt.3.0.1\lib\net45\Microsoft.Owin.Security.Jwt.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security.OAuth, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=8.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.8.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
+      <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.IdentityModel" />
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.20622.1351, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.2.206221351\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNet.WebApi.Client.5.2.3\lib\net45\System.Net.Http.Formatting.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Runtime.Caching" />
+    <Reference Include="System.Web.DynamicData" />
+    <Reference Include="System.Web.Entity" />
+    <Reference Include="System.Web.ApplicationServices" />
+    <Reference Include="System.ComponentModel.DataAnnotations" />
+    <Reference Include="System" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Web.Extensions" />
+    <Reference Include="System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNet.WebApi.Core.5.2.3\lib\net45\System.Web.Http.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Web.Http.Owin, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNet.WebApi.Owin.5.2.3\lib\net45\System.Web.Http.Owin.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Web" />
+    <Reference Include="System.Xml" />
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Web.Services" />
+    <Reference Include="System.EnterpriseServices" />
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="packages.config" />
+    <None Include="Web.Debug.config">
+      <DependentUpon>Web.config</DependentUpon>
+    </None>
+    <None Include="Web.Release.config">
+      <DependentUpon>Web.config</DependentUpon>
+    </None>
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="Web.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="App_Start\WebApiConfig.cs" />
+    <Compile Include="Controllers\IdentityController.cs" />
+    <Compile Include="Controllers\TestController.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Startup.cs" />
+  </ItemGroup>
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(VSToolsPath)\WebApplications\Microsoft.WebApplication.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v10.0\WebApplications\Microsoft.WebApplication.targets" Condition="false" />
+  <ProjectExtensions>
+    <VisualStudio>
+      <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
+        <WebProjectProperties>
+          <UseIIS>True</UseIIS>
+          <AutoAssignPort>True</AutoAssignPort>
+          <DevelopmentServerPort>46613</DevelopmentServerPort>
+          <DevelopmentServerVPath>/</DevelopmentServerVPath>
+          <IISUrl>http://localhost:46613/</IISUrl>
+          <NTLMAuthentication>False</NTLMAuthentication>
+          <UseCustomServer>False</UseCustomServer>
+          <CustomServerUrl>
+          </CustomServerUrl>
+          <SaveServerSettingsInUserFile>False</SaveServerSettingsInUserFile>
+        </WebProjectProperties>
+      </FlavorProperties>
+    </VisualStudio>
+  </ProjectExtensions>
+  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
+    <PropertyGroup>
+      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
+    </PropertyGroup>
+    <Error Condition="!Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props'))" />
+    <Error Condition="!Exists('..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props'))" />
+  </Target>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Startup.cs b/source/Clients/SampleAspNetWebApiWithPop/Startup.cs
new file mode 100644
index 000000000..8b528c3de
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Startup.cs
@@ -0,0 +1,48 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.Owin;
+using Owin;
+using System.IdentityModel.Tokens;
+using IdentityServer3.AccessTokenValidation;
+using Microsoft.Owin.Security.OAuth;
+using IdentityModel.Owin.PopAuthentication;
+
+[assembly: OwinStartup(typeof(SampleAspNetWebApiWithPop.Startup))]
+
+namespace SampleAspNetWebApiWithPop
+{
+    public class Startup
+    {
+        public void Configuration(IAppBuilder app)
+        {
+            JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();
+
+            app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
+            {
+                // we're looking for the PoP scheme, not Bearer
+                AuthenticationType = "PoP",
+
+                Authority = "https://localhost:44333/core",
+                RequiredScopes = new[] { "write" },
+
+                // client credentials for the introspection endpoint
+                ClientId = "write",
+                ClientSecret = "secret",
+
+                // this is used to extract the access token from the pop token
+                TokenProvider = new OAuthBearerAuthenticationProvider
+                {
+                    OnRequestToken = async ctx =>
+                    {
+                        ctx.Token = await DefaultPopTokenProvider.GetAccessTokenFromPopTokenAsync(ctx.OwinContext.Environment);
+                    }
+                }
+            });
+
+            // this registers the middleware that does the signature validation of the request against the pop token secret
+            app.UseHttpSignatureValidation();
+
+            app.UseWebApi(WebApiConfig.Register());
+        }
+    }
+}
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Web.Debug.config b/source/Clients/SampleAspNetWebApiWithPop/Web.Debug.config
new file mode 100644
index 000000000..2e302f9f9
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Web.Debug.config
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- For more information on using web.config transformation visit http://go.microsoft.com/fwlink/?LinkId=125889 -->
+
+<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
+  <!--
+    In the example below, the "SetAttributes" transform will change the value of 
+    "connectionString" to use "ReleaseSQLServer" only when the "Match" locator 
+    finds an attribute "name" that has a value of "MyDB".
+    
+    <connectionStrings>
+      <add name="MyDB" 
+        connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True" 
+        xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
+    </connectionStrings>
+  -->
+  <system.web>
+    <!--
+      In the example below, the "Replace" transform will replace the entire 
+      <customErrors> section of your web.config file.
+      Note that because there is only one customErrors section under the 
+      <system.web> node, there is no need to use the "xdt:Locator" attribute.
+      
+      <customErrors defaultRedirect="GenericError.htm"
+        mode="RemoteOnly" xdt:Transform="Replace">
+        <error statusCode="500" redirect="InternalError.htm"/>
+      </customErrors>
+    -->
+  </system.web>
+</configuration>
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Web.Release.config b/source/Clients/SampleAspNetWebApiWithPop/Web.Release.config
new file mode 100644
index 000000000..c35844462
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Web.Release.config
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- For more information on using web.config transformation visit http://go.microsoft.com/fwlink/?LinkId=125889 -->
+
+<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
+  <!--
+    In the example below, the "SetAttributes" transform will change the value of 
+    "connectionString" to use "ReleaseSQLServer" only when the "Match" locator 
+    finds an attribute "name" that has a value of "MyDB".
+    
+    <connectionStrings>
+      <add name="MyDB" 
+        connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True" 
+        xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
+    </connectionStrings>
+  -->
+  <system.web>
+    <compilation xdt:Transform="RemoveAttributes(debug)" />
+    <!--
+      In the example below, the "Replace" transform will replace the entire 
+      <customErrors> section of your web.config file.
+      Note that because there is only one customErrors section under the 
+      <system.web> node, there is no need to use the "xdt:Locator" attribute.
+      
+      <customErrors defaultRedirect="GenericError.htm"
+        mode="RemoteOnly" xdt:Transform="Replace">
+        <error statusCode="500" redirect="InternalError.htm"/>
+      </customErrors>
+    -->
+  </system.web>
+</configuration>
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/Web.config b/source/Clients/SampleAspNetWebApiWithPop/Web.config
new file mode 100644
index 000000000..7cb12903e
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/Web.config
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  For more information on how to configure your ASP.NET application, please visit
+  http://go.microsoft.com/fwlink/?LinkId=169433
+  -->
+<configuration>
+  <system.web>
+    <compilation debug="true" targetFramework="4.5.2" />
+    <httpRuntime targetFramework="4.5.2" />
+  </system.web>
+  <system.codedom>
+    <compilers>
+      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
+      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
+    </compilers>
+  </system.codedom>
+<system.webServer>
+    <handlers>
+      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
+      <remove name="OPTIONSVerbHandler" />
+      <remove name="TRACEVerbHandler" />
+      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
+    </handlers>
+  </system.webServer>
+  <runtime>
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.20622.1351" newVersion="4.0.20622.1351" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
+</configuration>
\ No newline at end of file
diff --git a/source/Clients/SampleAspNetWebApiWithPop/packages.config b/source/Clients/SampleAspNetWebApiWithPop/packages.config
new file mode 100644
index 000000000..76d80208e
--- /dev/null
+++ b/source/Clients/SampleAspNetWebApiWithPop/packages.config
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="IdentityModel" version="1.9.2" targetFramework="net452" />
+  <package id="IdentityModel.Owin.PopAuthentication" version="1.0.0-build00016" targetFramework="net452" />
+  <package id="IdentityServer3.AccessTokenValidation" version="2.8.0" targetFramework="net452" />
+  <package id="jose-jwt" version="1.9.1" targetFramework="net452" />
+  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net452" />
+  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net452" />
+  <package id="Microsoft.AspNet.WebApi.Owin" version="5.2.3" targetFramework="net452" />
+  <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net452" />
+  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.2.206221351" targetFramework="net452" />
+  <package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net452" developmentDependency="true" />
+  <package id="Microsoft.Owin" version="3.0.1" targetFramework="net452" />
+  <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net452" />
+  <package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net452" />
+  <package id="Microsoft.Owin.Security.Jwt" version="3.0.1" targetFramework="net452" />
+  <package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net452" />
+  <package id="Newtonsoft.Json" version="8.0.2" targetFramework="net452" />
+  <package id="Owin" version="1.0" targetFramework="net452" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net452" />
+</packages>
\ No newline at end of file