受欢迎的博客标签

  I recommand this workshop https://github.com/blowdart/AspNetAuthorizationWorkshop

This is what Microsoft is recommending for ASP.NET Core if you need your own token server:https://blogs.msdn.microsoft.com/webdev/2016/09/19/introducing-identityserver4-for-authentication-and-access-control-in-asp-net-core/ T

here are some samples here

 https://github.com/blowdart/AspNetAuthorization-Samples/tree/master/src

where you can find authorization about API :

 https://github.com/blowdart/AspNetAuthorization-Samples/blob/master/src/AspNetAuthorization/Controllers/AccountController.cs

And for token authentification here is an interesting blog post

 https://stormpath.com/blog/token-authentication-asp-net-core

one minor variation is to use a JWT token instead of the database. the login method would return a JWT token which has the userid in it. you could also include roles (if supporting real time changes to roles is not required). this seems to be a reasonable article on using JWT  

 https://goblincoding.com/2016/07/07/issuing-and-authenticating-jwt-tokens-in-asp-net-core-webapi-part-ii/  .