As a very fast and dirty solution to the authorization problem for an internally used web application (developed using asp.net core 2.1), I could put the old web.config file to good use: to allow certain users, add the following section:
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" users="domain-name\user1, domain-name\user2" /> </authorization> </security> </system.webServer>
Similarly, to allow members of a certain AD group add the follwoing:
<system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" roles="domain-name\group-name" /> </authorization> </security> </system.webServer>
For more information, see here. Hope this helps someone!