I have this authentication check in my global.asax file in the Session_OnStart() call:

if (Session["Authenticated"] == null)
        {
            Response.Redirect("~/Login.aspx");
        }

This kind of session authentication is tightly coupled in all our web apps so I have to use it this way. This global.asax sits in an older Webforms project, which my MVC project is sitting in. So for this reason I believe its letting me access my controller action e.g http://localhost/controller/action directly without my session authentication being populated, i.e its not redirecting. I have added this bit of code to EACH controller action to get around this, but is there a way to set this somewhere globally (not in the global.asax) so that I only have to call it once for all controller actions? Thanks.

You should create a basecontroller that all your controllers inherit from. then you simply have the logic in one place. i.e.:

public abstract class BaseController : ControllerBase

you could then use the initialize method in the new BaseContoller to do the common logic. i.e.

[edit] - changed to OnActionExecuting, rather than Initialize. This isn't the most elegant of places to do it as we're on the cusp of the view being called. however, it's a starting point.

protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
    // you should be able to get session stuff here!!
    base.OnActionExecuting(filterContext);
}

and in each controller:

public class AnotherNormalController : BaseController