Yes, this is basically using Forms Authentication cookie management without the Membership store. This is a supported scenario for ASP.NET. Here is an article explaining the difference between the two concepts.
After the initial authentication, Authorize attribute will enforce the identity of the caller. Not only this is adequate, this is the key security feature of the Forms Authentication.