Reinventing the wheel when it comes to auth/credential management these days is not a great idea.
For ASP NET Core, there’s Identity, IdentityServer and OpenIddict to start with (at least that I’m aware of), all of them solid offerings. I recommend we build upon one of these.
Edit: further discussion at What kind of authorization framework/library should we use?.