@Stilgar Yeah, I get where you are coming from. Why not just follow the spec, right? Pragmatically though we are hearing from a lot of frustrated Web API developers that want to see JSON when testing with the browser. It's actually a top Web API question on StackOverflow. There is precedence for doing this in other platforms - RoR has pretty much the exact same behavior that we are adopting. So, it's a tradeoff. The good news is that if you really don't like this new default behavior you can turn it off by setting RespectBrowserAcceptHeader on your MvcOptions.
Daniel Roth is a Senior Program Manager on the ASP.NET team working on ASP.NET Web API. Prior to working on ASP.NET Daniel worked on Windows Communication Foundation and he is excited about building HTTP services for the Web. In his spare time he enjoys spending time with his wife and two boys, Benjamin and Joshua.
@BeingDev You will need both your wwwroot and approot to publish to IIS and they should be siblings in your website folder. The wwwroot folder should be configured as the physical path for your website. Also, make sure you use the x64 bit version of DNX when you publish as this is required by IIS. We plan to add tooling in the future to make this easier.
For organizational or corporate account scenarios I recommend looking at leveraging Azure Active Directory. You can find out more about how to do this on Vittorio Bertocci's blog:
You can install the ASP.NET Fall 2012 Update preview from here to play around with the features in the update templates: http://www.asp.net/vnext.
You can find the code for the self-hosted Web API here: http://code.msdn.microsoft.com/ASPNET-Web-API-Self-Host-30abca12.
You can find details on the ASP.NET Web API OData support on Alex James' latest blog post: http://blogs.msdn.com/b/alexj/archive/2012/11/02/odata-in-webapi-microsoft-asp-net-web-api-odata-0-2-0-alpha-release.aspx.
Lastly, I will be making the OAuth2 sample code available on the MSDN Samples gallery as soon as I get the code cleaned up later this week.