For the server side:
Unfortunately, C# servers don't expose authentication API yet (only C++ does). In order to authenticate the calls on the server side, you need to inspect contents of request headers (and look for the right metadata elements that contains the auth token) in your handlers and then call the code that validates the tokens (probably part of IdentityServer).
Once the server side authentication API is in place, you should be able to register a callback that validates the auth tokens for all incoming calls, so that you don't need to invoke the validation code in each handler yourself.
Here's the issue to track: