For more information, see the following resources:
The current guide is Volume II in a series dedicated to helping customers improve Web application security. For more information on architecting, designing, building and configuring authentication, authorization, and secure communications across tiers of a distributed Web applications, see "Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication " at http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
The MSDN article "Security Models for ASP.NET Applications" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch02.asp?frame=true
The MSDN article "Designing Authentication and Authorization" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch03.asp?frame=true
"Checklist: Architecture and Design Review" in the "Checklists" section of this guide.