Back in the primitive days of personal computing, when each user’s computer stood alone and isolated, security was not such a big deal. Until computers became networked and viruses were let loose as a scourge on the Internet, security for most PCs meant screen-saver passwords and a lock on the office door.

All that has changed. Today’s computers are interconnected in myriad ways, on local networks and over the Internet. The pipes of data that connect your machine to the rest of the world are tremendously beneficial, but at the same time potentially harmful, opening your machine to outsiders. Some of those outsiders are malicious or just plain unwelcome. In any case, it is the job of security to let the good stuff in and keep the bad stuff out.

As part of the .NET Framework, ASP.NET 2.0 has a robust security infrastructure. ASP.NET is designed to work with Microsoft Internet Information Server (IIS), Windows 2000/XP/2003, and the NTFS filesystem . Consequently, there is tight integration with the security provided inherently in those environments. If you are on an intranet and are certain that all your clients will be using Windows and Internet Explorer , there are features you can use to make your job as software developer easier. Alternatively, you can implement your security system independent of Windows and NTFS using the new forms-based security controls.

The fundamental role of security in ASP.NET is to restrict access to portions of a web site. ...