In the question, you are mixing two parts 1. Authentication and 2. Authorization.
- For Authentication: Forms authentication can be worked out.
- For Authorization: You have to implement custom Authorization filter in your MVC part of application. Ref: http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspxAlso it can be used as custom attribute for ASP.NET forms.