You Have To Tell In The Startup You Are going to use authentication write below code in start.cs and this says you are adding the authentication service in your application using a cookies
after that you have to tell the application to add authentication and authorization
app.UseAuthentication();
app.UseAuthorization();
After that you have to create a simple AccountController With Login Get Post Methods and Logout Method With Simple View Then You Have To Add a attribute Called [AllowAnonymous] This will keep this method accessable for anyone without login see below
Then You Have Login Users Using based on their credentials and after that you have use a method SignInAsyncs Login User With given identity claim and roles after that you can compare roles of user when you are authorizing method or controllers like see next point
now you have to use role base authorization for a method or a controller so you can simply provide a parameter called role to the Authorize attribute Like this [Authorize(Role = "Admin")]