Back in the good old days -- before the Internet -- when personal computers were mostly standalone or, at most, connected to an office LAN, security was not such a big deal. Until viruses were invented and became a real threat, security for most PCs meant screen-saver passwords and a lock on the office door.

All that has changed. Today’s computers are interconnected in myriad ways, on local networks and over the Internet. The pipes of data that connect your machine to the rest of the world are double-edged swords: tremendously beneficial, but at the same time potentially harmful, opening your machine to outsiders. Some of those outsiders are malicious or just plain unwelcome. In any case, it is the job of security to let the good stuff in and keep the bad stuff out.

As part of the .NET Framework, ASP.NET has a very robust security infrastructure. ASP.NET is designed to work with Microsoft Internet Information Server (IIS), Windows NT/2000/XP, and the NTFS file system. Consequently, there is tight integration with the security provided inherently in those environments. If you can be certain that all your clients will be using Windows and Internet Explorer, there are features you can take advantage of to make your job as software developer that much easier. Alternatively, you can implement your own security system completely independent of Windows or NTFS.

The fundamental role of security in ASP.NET is to selectively restrict access to portions of a web site. ...