Since this is an MVC application you can write a custom attribute that you place on a base controller that all the controllers inherit from.
public class MyAuthorization : AuthorizeAttribute
{
//Call a stored proc or your database layer to check for the
//correct license validity
}
[MyAuthorization]
public class BaseController : Controller
{
}
public class HomeController : BaseController
{
}
With this every time a controller is hit it will check for the license key.
This is how we handle our authorization time out. We check our database to see if the user has been inactive for 20 mins and log them out if so.