This sample shows how to build a .Net web application which hosts both MVC and Web Api. Sample uses OpenID Connect to sign-in users from a single Azure Active Directory tenant, using the ASP.Net OpenID Connect OWIN middleware.
This sample based on AzureADSamples/WebApp-OpenIDConnect-DotNet
Web Api request detection solution from article Using cookie authentication middleware with Web API and 401 response codes
How to configure Application Roles in Azure Active Directory you can read in artcile Roles based access control in cloud applications using Azure AD