I am looking to upgrade a project I have from ASP.NET Web Forms to MVC 4.

In the process of the upgrade I am trying to re-evaluate the way we handle authentication and login.

Currently, when a user attempts to log in, I (the front-end), make a call to the database to validate and then that comes back as yay or nay with an associated ‘token’. I then have to pass that token to the next page on our site where it gets placed into a javascript object. That token is then passed with every ajax call and is updated after each with a new token. I personally manage that token within the client browser.

Now, in MVC 4 the default Internet Application comes with the needed logic to employ some form of local registration and login. But I don’t understand how it works.

After a user ‘registers’ where does that get stored?

When a user is logged in and then changes pages, how does that user stay logged in?How does his credentials get passed?

It seems to me that the current way that we handle our login is grossly outdated and flawed. But at this time I do not understand how I could setup MVC to look at our current (external, its not within this project) database to authenticate users.

I have a book on MVC 4 but it doesn’t seem to go into detail on how this works.

Any help would be appreciated.

Thanks!