I am trying to implement authentication using jQuery and Forms Authentication on an ASP.NET MVC 3 web service. The idea is that I’ll do a jQuery AJAX post to the web service, which will do Forms Authentication and return a cookie or token, and with each data access call, my web application (jQuery) will use that cookie or token.

What I have –

I have the AJAX call to the ASP.NET Web service set up, and I have the web service set up as follows:

public ActionResult Login(string userName, string password, bool rememberMe, string returnUrl)
{

    if (ModelState.IsValid)
    {
        if (Membership.ValidateUser(userName, password))
        {
            return Json(FormsAuthentication.GetAuthCookie(userName, rememberMe), JsonRequestBehavior.AllowGet);

        }
        else
        {
            return Json("Authentication Failed", JsonRequestBehavior.AllowGet);
        }
    }
}

This is working so that if I make the AJAX call with correct credentials, I am returned a cookie in JSON, and if not, I’m returned the auth failed string.

What I don’t know – What to do with the JSON cookie once I receive it back. I can store this in HTML5 local storage, but I don’t know what part of it (or the whole thing) to send back with my data access calls, and how to interpret it and check the cookie on the web service side. If I shouldn’t be using cookies, is there a way to generate and use a token of some kind?