ASP.NET Core is a fresh start. There is a new security model with a highly extendable authentication pipeline. Authorization is also flexible with policy-based security that can easily be extended. Data Protection can be used to securely store sensitive values in cookies or form fields. There is also utilities that help mitigate common attack vectors such as cross site request forgery and cross site scripting.
For modern web applications with more advanced authentication requirements IdentityServer4 can be embedded in an ASP.NET Core application to issue tokens. Those can then be used as bearer tokens when accessing REST APIs.
This overview explains what is available and shows hands on how applications are configured to use the available features.