"Security" is a term that is often overused and encompasses so many different topics that it can be confusing. When someone is talking about securing an application, often they are talking about things completely irrelevant to our needs. To distill the concept of security down a bit, the topic of security in this chapter is limited to just the notion of securing an ASP.NET application.
In this chapter, you will learn the important distinction between authentication and authorization. You will learn how to identify the users connecting to your websites as well as how to discern what they can and cannot do. You will also get an introduction to some of the new ASP.NET controls relating to users and security. Finally, you will see how to use and extend the new Membership provider that comes with ASP.NET 2.0.