Take a look at http://www.asp.net/web-forms/videos/authentication. It seems like its geared towards a newcomer audience. (Yes, it says web-forms, but the information is applicable to a broader scope).

Asp.net already has libraries built in for the basics. You should look into [RoleProvider][2] and [MembershipProvider][3]. 

Basically, you should authenticate each HTTP request. How you perform authentication and how you persist it is up to you. It's possible to store a cookie on the client, use a session, etc...

[The definitive guide to forms based website authentication][1] is a nice cross-platform list of do's and don'ts. Tons of info there, and once you're up and running, this will have a bunch of gotchas you may have missed.


 [1]: https://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication
 [2]: http://msdn.microsoft.com/en-us/library/9ab2fxh0%28v=vs.100%29.aspx
 [3]: http://msdn.microsoft.com/en-us/library/yh26yfzy%28v=vs.100%29.aspx