General account controller

AccountController.cs

using Newtonsoft.Json;
using OrangeMSE.Data;
using OrangeMSE.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Security;

namespace OrangeMSE.Controllers
{
    [Authorize]
    public class AccountController : Controller
    {
        [AllowAnonymous]
        public ActionResult Login(string returnUrl)
        {
            ViewBag.ReturnUrl = returnUrl;
            return View();
        }

        //
        // POST: /Account/Login
        [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult Login(AccountModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                Data.User dbUser = null;
                using (var context = new Entities())
                    dbUser = context.Users.Where(x => x.UserName == model.UserName).FirstOrDefault();

                if (dbUser != null)
                {
                    if (Cryptography.CreatePasswordHash(model.Password, dbUser.Salt) == dbUser.Hash)
                    {
                        string userData = JsonConvert.SerializeObject(new { Role="ComplexUser" }, Formatting.None).ToString();
                        bool isPersistent = true;
                        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                          model.UserName.Trim(),
                          DateTime.Now,
                          DateTime.Now.AddMinutes(120),
                          isPersistent,
                          userData,
                          FormsAuthentication.FormsCookiePath);

                        string encTicket = FormsAuthentication.Encrypt(ticket);
                        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
                        cookie.Expires = ticket.Expiration;
                        Response.Cookies.Add(cookie);

                        return RedirectToAction("Index", "Default");
                    }
                }
            }

            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }

        //
        // POST: /Account/LogOff
        [HttpGet]
        public ActionResult LogOut()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Default");
        }
    }
}

global.asax

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Web;
using System.Web.Http;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.Security;

namespace OrangeMSE
{
    // visit http://go.microsoft.com/?LinkId=9394801
    public class MvcApplication : System.Web.HttpApplication
    {
        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
        }

        protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
            HttpCookie authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                dynamic userData = JsonConvert.DeserializeObject(authTicket.UserData);
                GenericPrincipal userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), userData.Role);
                Context.User = userPrincipal;
            }
        }
    }
}