authorization

I'm creating an ASP.NET MVC application. Due to the complex authorization, I'm trying to build my own login system. I'm not using ASP.NET membership providers, and related classes) I'm able to create new accounts in the database with hashed passwords. How do I keep track that a user is logged in? Is generating a long random number and putting this with the userID in the database and cookie enough? After validating the user credentials you can have a code like: public void SignIn(string userName, bool createPersistentCookie) { int timeout = createPersistentCookie ? 43200 : 30; //43200 = 1 month

Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action. Eg if(userIsAuthorized) { //do stuff } else { //return to login page } I believe I am using 'Forms Authentication' This question is kind of similar to this but none of the answers given seemed to work. EDIT: I have done some more digging- it seems if I breakpoint on an Action that has [Authorize] , the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in If you just want to know if the user is logged in: if (User.Identity

SUMMARY: Is it possible to ask for authorization onOpen()? DETAILED VERSION: I have a spreadsheet with buttons that gets distributed to a lot of people. When any button is pressed, some functions that require permissions are called, so Google Apps Script shows this popup: AFTER this is accepted, everything runs well, since it has authorization now. However, I want to run things that require permissions BEFORE a button is pushed, when the Workbook is opened. However, if you place authorization-requiring code into an onEdit or onOpen function, it runs with no privileges by default and crashes