I recently built a site using Asp.Net.
The way I chose to implement user login is through a base 'UserAwareController' class, that all controllers extend. It contained a reference to the UserRepository, and exposed a protected GetCurrentUser() method that concrete controllers could query.
The whole process felt a bit wishy-washy to me. Is Action Filters a good alternative? What are its benefits? Is there something else I might be missing?
I don't see anything wrong with your present approach, except for if you made the UserAwareController just for this purpose. But, using Action Filters is also a good idea to inject user to your action or controller. Personally, I used Action filters in my project. I needed to have a admin user accessible in my actions, I injected the user using Action Filter.
Generally Action Filters show out there potential when you need to do some thing specific before executing the action or after executing action. Action filter represents a cross-cutting concern to your action method.
I would recommend you using the membership provider for storing and retrieving user information. The default ASP.NET MVC template has an example. This video might also be worth watching.
Composition is always better than inheritance, In your case there might be also a need that your view also needs to know the User like display name/ authentication status etc etc. Pls check the following article where I have detailed how to managed these kind of shared services.