Authentication through a token pass in ASP.NET MVC

Question

I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language.

We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the page written in .NET. Almost all the tutorials and articles I've read about security for ASP.NET, and most languages, the message has generally been "just use the built in stuff and don't mess with it".

I have code that takes the token, goes into the database and gets the user details.. what do I do then to integrate that into the built-in security stuff for ASP.NET? I'd like to ultimately use Action Filters for authorization on my controllers. Thanks.

Answer 1

Once you get the user details you could emit an authentication cookie:

FormsAuthentication.SetAuthCookie("username", false);

This will append a cookie to the response so now the user will be authenticated and you can safely redirect to a controller action decorated with the [Authorize] attribute.