I'm needing some direction on setting up custom authentication/authorization using an API-token like system. Basically users will log in with a username and one time password(token). The application then uses this to make an HTTP API call to an internal system that returns a session token which can then be used for subsequent API calls for the duration of the session. I'm new to ASP.NET 5 so I'm not sure of the best way to implement this. I can force authentication using raw programmatic methods but I'd rather use best practices here. Ultimately I'm looking to have it set up where when you hit the site it checks if you're already authenticated, and if not it redirects you to the login page. I've played around with the Web App template that includes the identity components but I think that may be a bit too top heavy for what I'm trying to do. Any advice would be appreciated.
~dag