I have a C# MVC 5 website that will be called from a legacy 3.5 asp.net application that has performed all the pre-authentication of users. The idea is that the legacy app will generate a "token" (guid) with a matching database entry containing all relevant user information. The token will be passed to the MVC site via the url.
The MVC application needs to authenticate the user via the token received in the querystring and validate via the same database entry (the token will only remain valid for a very short period - say 60 seconds) with that expiry being stipulated and controlled at the database. Once the user is authenticated the user access should be maintained for a given time. I am open to using readonly session state and having access for life of the session or alternatively open to suggestions for handling expiry some other way.
I'm not particularly well versed in aspects of security for .NET having only really used "standard" forms authentication in .NET ASP and even less familiar with MVC.
The closest thing I've found to this concept is the below thread however there is simply not enough detail in the solution for someone with my lack of knowledge / experience to implement, also it's fairly old so may be outdated?
Authenticating users with auth token in query string with ASP.NET MVC
