Typically authentication is handled by specifying the authentication node in your web.config. For instance, for Form based authentication you would put :
<authentication mode="Forms">
<forms name=".ADUAUTH" loginUrl="Login/login " protection="All" timeout="30" />
</authentication>
Also synchronize your session timeout with the authenication timeout
<sessionState mode="StateServer” cookieless="false" timeout="30" />
The loginUrl is where ASP.NET will send users with a ReturnUrl specified whenever their authentication cookie is invalid. (e.g. http://myapp.com/Login/login?ReturnUrl=/The_Page_I_was_On
)
Check out How ASP.NET Security Works