|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
ASP.NET Web Application Security
ASP.NET, in conjunction with Microsoft Internet Information Services (IIS), can authenticate user credentials such as names and passwords using any of the following authentication methods:
Windows: Basic, digest, or Integrated Windows Authentication (NTLM or Kerberos).
Forms authentication, in which you create a login page and manage authentication in your application.
Client Certificate authentication
ASP.NET controls access to site information by comparing authenticated credentials, or representations of them, to NTFS file system permissions or to an XML file that lists authorized users, authorized roles (groups), or authorized HTTP verbs.
This section contains topic that describe the specifics of ASP.NET security.