Source Code – https://github.com/ehelin/AmazonLambdaApi (look for commit around the date of the blog post)
Following this process (see reference #1), I was able to secure the .NET 4.6.1 GET API using the [Authorize] decorator very easily (locally). I will explore other ways to secure Web API’s in the next blog entry before moving onto the Angular JS site addition.
My steps using the above process were as follows:
1) Adding the ‘[Authorize]’ decorator to a method or class restricts access
2) This call registers a user for access
3) This call retrieves a token for that user
4) Using the token, access is granted
5) Same call, but from the .NET Core Service Implementation
NOTE: To replicate something like this on production, a developer would either need to migrate the database created by Visual Studio or migrate the tables/stored procedures into a database that is available. I believe the local database Visual Studio created for me is in the App_Data folder of the .NET 4.6.1 Web API and is related to the .NET 2.0 Membership provider created by Microsoft in the past (my guess).