您还可以考虑将令牌作为cookie包含在响应中

You can also consider including the token as a cookie in the response

[Route("api/agency/login")]
[HttpPost]
public HttpResponseMessage loginApi([FromBody] Users UserObj) {
    var tokanObj = method.AccessToken(UserObj.username, UserObj.Password, "password");

    var response = Request.CreateResponse(HttpStatusCode.OK);
    //use what every you want as the key for the cookie
    var cookie = new CookieHeaderValue("auth_token_key", tokenObj);

    //...set cookie values as needed

    response.Headers.AddCookies(new[] { cookie });

    return response;
}