There are several options that could be used to solve this problem. The primary, and likely easiest-to-implement, option is to create a custom authentication provider that implements IIdentity and IPrincipal. By overriding the base methods with the custom code that accesses the database, you can use the same methods to determine authenticity as you would with a .NET-delivered authentication provider.

It should not, as long as you develop your solution using IIdentity and IPrincipal interfaces rather than the implementation. If the authentication mechanism changes, managing that in ...