Theoretically you want to use FormAuthentication. It works with default AuthorizeAttribute out of the box.
If you want to implement your own logic, you can override AuthorizeAttribute.
Here the example -
public class MyAuthorizeAttribute : AuthorizeAttribute
{
private bool AuthorizeUser(AuthorizationContext filterContext)
{
bool isAuthorized = false;
if (filterContext.RequestContext.HttpContext != null)
{
var context = filterContext.RequestContext.HttpContext;
if(context.Session["UserId"] != null)
isAuthorized = true;
}
return isAuthorized;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException("filterContext");
if (AuthorizeUser(filterContext))
return;
base.OnAuthorization(filterContext);
}
}
Usage
[MyAuthorizeAttribute]
public class MyController : Controller
{
...
}