Managing Different User Roles ASP.NET MVC

[renefuzzy]

I am currently developing a ASP.NET MVC4 website, and I would like to know whats the best practices storing the logged-on user's data (include privileges) and authorize the user securely, being able to access this data in both my views and controllers.One thing to important mention - I am NOT using the Membership class (I've saw that its an overhead for me to use it, and I would like to implement the exact things I need and learn from the process).The only way I thought to do it is storing all the data inside the session object, and having a wrapper to the session object (static class) and use it like \[code\]SessionManager.IsLoggedIn()\[/code\], \[code\]SessionManager.GetUserPriviliges()\[/code\] or simply creating a method that returns hard-typed UserSessionData \[code\]SessionManager.GetSessionData()\[/code\] that contains all the data required. This is one way to use it in both controllers and views. Shall I derive from Controller and create a \[code\]RolesController\[/code\] which stores UserSessionData so I won't need to call it again and again in my controllers?I guess I won't be able to use the common \[code\]AuthorizedAttribute\[/code\] so I will have to implement it by using the session wrapper (Is it safe to use only the session data? since I am not using the 'official' authorization method and therefore I don't really know how it should be implemented).As you see, I have an idea but since its my first time doing it I would like to learn about the best practices and the way it should be done correctly. I will be thankful if you will explain your answers since I want to get the complete idea and I haven't done it before in MVC.Thanks in advance!