This chapter introduced you to some of the incredibly useful new features of ASP.NET that dealt with security. Security consists of basically two things: authentication and authorization. You saw how to authenticate users using the different authentication providers that ship with ASP.NET and how to work with the Membership provider. In addition, you saw how to authorize users by determining and manipulating their role membership with the Role provider. Finally, you saw how to protect sensitive information contained within the Web.config file by selectively encrypting certain sections.
You should now have a firm grasp of how to protect the information in your configuration file and how to identify and authorize users of your web application, regardless of where you are storing your user information. The next chapter will provide you with even more advanced ASP.NET techniques, including how to create your own custom providers.