forms auth or custom header auth for odata which is better

Question

I need this up and running quick but I spent the last few hours researching/worrying about which would be better:

Asp.net Forms Authentication

vs

Custom Header Token:
On the server

protected override void OnStartProcessingRequest(ProcessRequestArgs args)
{
     if (string.IsNullOrEmpty(WebOperationContext.Current.IncomingRequest.Headers.Get("magic")))
     {
           throw new DataServiceException(403, "Sorry No Magic found");
     }
      else
     {
           base.OnStartProcessingRequest(args);
     }
}

On the Windows Forms client

static void datProvider_SendingRequest(object sender, SendingRequestEventArgs e)
{
    e.RequestHeaders.Add("magic","HASHED_userbased_token");
}

Considerations:

• I've never used forms auth (but I can learn?)
• The user registration is complex (Employee records are checked then users are created based on those)
• I have my own custom usergroups/permission tables/system
• There is no SSL (client doesnt care about this fact, data is not all that valuable)
• I seem like Im more in control with the custom header.

Answer 1

Use a custom header token. Forms auth assumes that a human will be authenticating to the service, which would be a pretty strange thing to happen on an OData end-point. OData is more about computers or services authenticating to the OData service.