CustomAuthentication

On every request in AuthHttpModule handle r OnAuthenticateRequest is invoked, which create IAuthentication instance and initialize HttpContext property there.

---

Login:

1. Fill email and password fields.
2. AuthenticationController.Index check if there is user with the credentials. If there is, than IAuthentication packes credentials in FormsAuthenticationTicket, encriptes and set result in cookie. 3.IAuthentication.CurrentUser now isn't empty and partial view UserLogin changed.

Logout: delete from response cookie with credentials -> delete cookie on client side.

---

MSDN says:

System.Web.Security.FormsAuthenticationTicket is used to create an object that represents the authentication ticket that is used by forms authentication to identify an authenticated user.

System.Security.Principal.IIdentity object represents the user on whose behalf the code is running.

System.Security.Principal.IPrincipal object represents the security context of the user on whose behalf the code is running, including that user's identity (IIdentity) and any roles to which they belong.