WebAPI Token Issuance Authorization

Question

I am currently using Sessions and overriding the AuthorizeAttribute to manage Authorization for a WebAPI endpoint, which is used by an MVC Web Application. I've been told issuing tokens is the best way to manage users and roles. What I'm trying to understand is:

1. Why is it better than using the Session?
2. Can someone provide a good (simple) example of how to issue tokens, when a user logs in using a WebAPI endpoint, and how to use/track the token after it has been issued.

I've been researching OWIN and a bunch of other stuff and I'm having a difficult time finding a good example of how this works.

Answer 1

1. Tokens are more secure and built into ASP.Net Identity framework. No need to roll your own solution.
2. Look at sections "Get an Access Token" and "Send an Authenticated Request" from this link: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api. The endpoint is already setup in the default MVC template. You can also use PostMan to test.