c# - saving session data once authenticated .net -

so i'm building web application in .net using c#, mvc , sqlexpress. want users able login , depending on group belong to, see part of ui.

i have created tables groups , users in database, created models tables using ado.net wizard model creation.

i have added controller has methods checking if user exists, , if password correct. question how store information user authenticated "©correct" way?

at moment, create new object in session variable made available system.web.mvc.controller. have made flag object session["authenticated"] = true , created object holds information (username, group affiliation etc...) session["user"].

i have stumbled upon articles describe implementing own membership provider (here , here) feel need break existing classes password security , account control in order implement them inside of custom membership provider.

is custom membership provider implementation necessary or data saved in session enough?

a better way if don't want go down membership provider route forms authentication (http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.100).aspx).