Summary

The Security Application Block has quite a few different providers. However, each of the providers has a distinct purpose, and developing an application to leverage any one of them is fairly straightforward. It is advantageous to leverage the providers together. For example, the Identity obtained from the AuthenticationProvider can easily serve as one of the arguments for obtaining Profile information. Likewise, the Principal object that is retrieved by calling Getroles on a RolesProvider can be passed to an AuthorizationProvider to determine entitlement for a specific task or operation.

Most importantly, I hope that you have seen that the Security Application Block has realized its design goals with a simple but flexible suite of providers. By leveraging the Security Application Block, an application can be abstracted away from the idiosyncrasies associated with any specific user or authorization store and can instead concentrate on developing the logic to solve the business needs at hand. Furthermore, the code for the application is isolated from changes if user information is moved from one store to another; rather than modifying any code, you only need to change the configuration data.