How does authentication work with ASP.NET (using Live ID and\or Windows Authentication)

Question

I'm primarily a .NET desktop app programmer. Coming into the web world has been difficult. I'm trying to convert one of my Silverlight apps into HTML. But I'm having a hard time figuring out the authentication system. I'm trying to read up on Live ID authentication and Windows Authentication but I'm having a hard time putting it all together in my head. Perhaps you can help?

My App Framework

My client application is a TypeScript (javascript) HTML page (or pages). And the server is a WCF Data Services REST API hosted in ASP.NET. The service works with a SQL database.

The Problems (Claims Based)

When I look at something like Live ID authentication, it's known as claims-based authentication, right? So if I had this implemented correctly, someone comes to the website, I need to verify that they are logged in. How do I do that from a client-side HTML page? Do I have a recurring timer that is validating the login every 30 seconds or something? Or is that done server-side on each call to the service?

I know that if they aren't logged in, I need to send them to the live login page, once they log in, the live page will redirect them to my server with the authorization token in the query string (or something like this). At this point though, what do I do 5 minutes down the line when they make a call to the webservice for data? Is that token sent on every call to the server some how? How do I validate that when they call the service, it is actually them? Do I have to wrap every service call in a ValidateUser() method or something? I have a user ID in the database that I would have to match with their user token somehow.

The Problems (Windows Authentication)

The previous problem still exists here. How do I know that every call from the client is still them? Additionally though, I need to understand what do I do from the HTML side to the server side to authenticate them and then continue the authentication.

Conclusion

I cannot really find any sort of explanation that conceptually explains all of this information and gives me the big picture of how it all works. I'm really hoping someone here can fill in these gaps and give me a better idea on how to implement the client and server authentication.

Thanks!

Update

I found a great book that really explains a lot of this. It's entitled "A Guide to Claims-Based Identity and Access Control". It's part of the patterns & practices series.

Thanks to all for your answers and put me on the right track.