ASP.NET Core Web Api and Angular application exemplifying how you can secure a web api using cookies
You can run the ASP.NET Core application using the command line executing dotnet run.
You can run the Angular client (assuming you have all the required dependencies installed) by doing: ng serve --open.
This project is described in detail in two blog posts: Secure an ASP.NET Core Web Api using Cookies and ASP.NET Core Web Api Antiforgery.