Most applications have some form of authorization, where they allow or disallow a user access to certain forms, pages, or application functions. Before any authorization can occur, the application must know the identity of the user, so most applications also use some type of authentication.
There are several types of authentication available to a .NET application, including the following:
Integrated Windows domain or Active Directory
ASP.NET membership provider
Custom database tables or LDAP server
In every case, the user's identity and roles are maintained in a .NET principal object, which is available to all code in your application. The support for authorization provided by .NET is role-based. The current ...