Chapter 27. The System.Web.Security Namespace
System.Web.Security namespace includes the modules that
implement various types of ASP.NET authentication, such as
PassportAuthenticationModule. You don’t
interact directly with these modules in an ASP.NET application; instead, the
ASP.NET framework uses the appropriate module (based on the options you have set in the
web.config file) to authenticate the user.
After this point, ASP.NET provides identity information in the
System.Web.HttpContext.User property and uses this identity
to authorize access to resources such as files and URLs (using modules like
FileAuthorizationModule, which are also
found in this namespace).
One reason you might use the types in this namespace is to handle authentication
events. Generic security events, like
System.Web.HttpApplication.AuthorizeRequest are already
available in the
global.asax file. However, each
authentication module also provides its own
event, which can be used to validate a user programmatically or attach a new
System.Security.Principal.IIdentity instance. Event
Authenticate events are coded in the
global.asax file, but defined in this namespace.
Another important class in this namespace is
FormsAuthentication. This class provides the shared methods you need to use in your login page if you use ASP.NET’s forms-based security. ...