Authentication/authorization in a .net MVC3 rest application returning xml

I have a MVC3 rest application where all controller actions return xml responses instead of the usual html (view) responses.

Users can register as a member by passing their email as a parameter (http://localhost/Account/Register?Email=test@test.com) to a register action. A verification email is sent to the email and the user needs to visit a page to finish registration (password input etc.). When the user finishes the registration process (or logs in) I want to return a xml result with an (authorize) token, identifying the logged in user, which then can be stored and used by other requests to obtain e.g. user information.

Can I use the encTicket as a token?

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                    userName,
                    DateTime.Now,
                    DateTime.Now.AddMinutes(30),
                    isPersistent,
                    userData,
                    null);

string encTicket = FormsAuthentication.Encrypt(ticket);

If I return a xml re开发者_如何学JAVAsponse with the encTicket string, can I pass encTicket as an argument to a controller action, which then decrypts it and use it to authorize the user and return information about the user as xml?

I have a feeling this is not the correct approach. Is there any other way to create a security token which has an expiration and can be passed between controller actions? I'm trying to avoid homebrew code since this is a security issue...

I've also considered using AES (with a secret key only known by my app) to encrypt the id and username of the logged in user, and use the encrypted result as a authorization token.