I am not sure what it is called what I want, so that is the main reason I post here, I am new to asp.net / mvc and just webdevelopement. However I got a WCF service that got (custom) security. (IAuthorizationPolicy, IPrincipal and UserNamePasswordValidator).

However I am failing to find a good article on ASP.net security. All the guides I find is about sql membership provider, with a automatic genareted databse, but ofc I don’t want to create a new user table etc, I want to use my old one (with already hunderds of users in it). But I know I ll need to add a new table to keep track of cookies (so I can compare the GUID to the cookie GUID, or something I dunno I am just reading here and there). But could anyone please provide me a good tutorial for custom forms authentication, ps I must also be able to give access to roles,(I got a (role)table for it as well already). Is it then possible to use authorization with atributes like:

[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]
public ActionResult GetUserStats(int userid)
{

PS: I know I ll get shot because this question will be too open etc, I did research, didn t find any up to date(ASP.NET mvc 4, the one with all the openauth stuff and webmatrix security preinstalled) article how to do this all.

EDIT: http://dotnetspeak.com/index.php/2011/07/asp-net-mvc-custom-authentication/ seems to be the best article I’ve found so far, but it uses json, and memory reader/writer lol? And it doesn t save sessions in a DB ? Not certain or it is a good method, any advice?