Basically you need to create the tokens on the server and you can save those inside database, by mapping with the userid. Each token should have a lifetime and that also should be kept inside the table.
The token should be given to the client perhaps after authentication. At the client end, you can keep this tokens inside the session storage or local storage. You can use cookies as well, but I will suggest you to use session storage so that it can work on any devices.
While sending any request to the server, you have to include the token inside header and match the token and the life time at the server. You can have the logic to increase the token life time or keep it fixed as per your need..
You can you use OWin authentication for this.
Check this post as well
Token Based Authentication using ASP.NET Web API 2, Owin, and Identity - Bit of Technology[
^]