The System.Web.Security namespace includes the modules that implement various types of ASP.NET authentication, such as WindowsAuthenticationModule, FormsAuthenticationModule, and PassportAuthenticationModule. You don’t interact directly with these modules in an ASP.NET application; instead, the ASP.NET framework uses the appropriate module (based on the options you have set in the web.config file) to authenticate the user. After this point, ASP.NET provides identity information in the System.Web.HttpContext.User property and uses this identity to authorize access to resources such as files and URLs (using modules like UrlAuthorizationModule and FileAuthorizationModule, which are also found in this namespace).

One reason you might use the types in this namespace is to handle authentication events. Generic security events, like System.Web.HttpApplication.AuthenticateRequest and System.Web.HttpApplication.AuthorizeRequest are already available in the global.asax file. However, each authentication module also provides its own Authenticate event, which can be used to validate a user programmatically or attach a new System.Security.Principal.IIdentity instance. Event handlers for Authenticate events are coded in the global.asax file, but defined in this namespace.

Another important class in this namespace is FormsAuthentication. This class provides the shared methods you need to use in your login page if you use ASP.NET’s forms-based security. ...