Using Azure Active Directory authentication in ASP.NET Core 2.0 from Web App to Web API

I am trying to pass Azure Active Directory credentials from an ASP.NET Core 2.0 Web App to an ASP.NET Core 2.0 Web API so that the Web API can react based on the user's properties and permissions.

There are, admittedly, quite a few tutorials out there about these technologies in various scenarios and combinations, but I've been having trouble finding clear help specifically for Core 2.0 due to how recently it was released, and I'm avoiding getting too invested in any of the Core 1.x tutorials because it seems there have been some breaking changes when it comes to this (JWT, authentication, etc.). I'm entirely new to Core, so I can't tell what's what.

My goal is to ascertain how this is supposed to be done according to Microsoft's suggestions/standards (if they exist). I want to minimize complexity and make use of the tools that have been designed for this ecosystem.

I have registered both the Web App and the Web API in my Azure Active Directory. When I debug my Web App, I am required to log in via my work/school account with Microsoft, and that is working as expected.

This is all unmodified from what was created as a result of my using the templates/wizards to get started, but for reference:

In the Web App:

Startup.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        // (other unrelated stuff)

        app.UseAuthentication();

        // (other unrelated stuff)
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddAzureAd(options => Configuration.Bind("AzureAd", options))
        .AddCookie();

        services.AddMvc();
    }
}

Controllers/HomeController.cs

[Authorize]
public class HomeController : Controller
{
    public IActionResult Index()
    {
        // ****************************************************************
        // let's imagine I wanted to call the Web API right here, passing authentication
        // and whatnot... what should that look like according to this framework?
        // ****************************************************************

        return View();
    }

    // (other unrelated actions)
}

In the Web API:

Startup.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        // (other unrelated stuff)

        app.UseAuthentication();
        app.UseMvc();
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));

        services.AddMvc();
    }
}