I used external authentication for this. Basically I just used QlikAuthNet from Branch. The user hits the url for the virtual proxy that forwards them to the external authentication (your page). After you do whatever magic you need to do to authenticate the user, you create a ticket something like:
var req = new Ticket()
UserDirectory = "DATABASE",
UserId = "whatevertheuseridis"
That routes them back to the Qlik server which then automatically logs them into that account.
UserDirectory would be whatever name you gave your database user directory. I called mine, strangely enough, "DATABASE".
The ODBC user directories in general have basically nothing to do with authentication. The user directories are just used to look up user attributes, that can be used to limit access to applications etc (stream access rules).
To perform a database based authentication you'll need to set up a custom authentication module as described here: Authentication API
Basically Qlik redirects to the URL that is specified in the virtual proxy config. At this URL you can perform the user authentication (i.e. offer a login screen and validate that the user against your database). Once you validated the user credentials, you request a QlikTicket using Qlik's Add ticket call as already described above. With this ticket in place you again redirect to the originally requested URL (part of the ticket response). And you're done.
Perhaps the qlik-authentication project on Qlik Branch might be a good point to start, if you're not familiar with this.