It actually depends on how you are hosting your application (e.g. Is it hosted on IIS, Apache, Nginx? Does it have a web application firewall infront of it?)
But in short, you want to set a X-Frame-Options header to "SAMEORIGIN" to block people from iframing your site. I will note that if you yourself are iframing your site then you'll need to do more work.
If you want to set this in code, you can do it in your configure method :
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
app.Use(async (context, next) =>
This just adds an X-Frame-Options header and disallows people from iframing your website.
If you're looking for further options (Like you need to iframe your own website), or you want to do this at the web server level (IIS/Apache etc), then you can read more here : https://dotnetcoretutorials.com/2017/01/08/set-x-frame-options-asp-net-core/