As a very fast and dirty solution to the authorization problem for an internally used web application (developed using asp.net core 2.1), I could put the old web.config file to good use: to allow certain users, add the following section:
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="domain-name\user1, domain-name\user2" />
</authorization>
</security>
</system.webServer>
Similarly, to allow members of a certain AD group add the follwoing:
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="domain-name\group-name" />
</authorization>
</security>
</system.webServer>
For more information, see here. Hope this helps someone!