Popular blog tags

  I recommand this workshop https://github.com/blowdart/AspNetAuthorizationWorkshop

This is what Microsoft is recommending for ASP.NET Core if you need your own token server:https://blogs.msdn.microsoft.com/webdev/2016/09/19/introducing-identityserver4-for-authentication-and-access-control-in-asp-net-core/ T

here are some samples here


where you can find authorization about API :


And for token authentification here is an interesting blog post


one minor variation is to use a JWT token instead of the database. the login method would return a JWT token which has the userid in it. you could also include roles (if supporting real time changes to roles is not required). this seems to be a reasonable article on using JWT  

 https://goblincoding.com/2016/07/07/issuing-and-authenticating-jwt-tokens-in-asp-net-core-webapi-part-ii/  .