Here is how we can use roles. EmployeeController will only be accessible to users that have a claim type role, such as Admin or Manager:
[Route("api/[controller]")]
[Authorize(Roles = "Admin, Manager")]
public class EmployeeController : Controller
{
}