ASP.NET has more specialized type of state management called profiles. Profiles allow you to store and retrieve user-specific information from a database.

The process of determining a user’s identity. This involves entering credentials (typically a user name and password) into some sort of login page or window. These credentials are then authenticated against the Windows user accounts on a computer, a list of users in a file, or a back-end database.

Once a user is authenticated, authorization is the process of determining whether that user has sufficient permissions to perform a given action (such as viewing a page or retrieving information from a database).

Configure a user profile provider

Define the user profile

Uniquely identify users

Set and save a user profile

Recognize a returning visitor

One key feature of nearly every enterprise Web application is the ability to manage users and their access to the features of a site.

This includes creating and editing users, managing their passwords, authenticating users based on role, and much more.

ASP.NET includes membership features that reduce the amount of code you have to write to perform above mentioned tasks.

Wizard-based configuration of user management capabilities

Browser-based user management and access control configuration

A set of ASP.NET controls that provides users with the ability to log in, log out, create new accounts, and recover lost passwords

The Membership and Roles classes, which you can use to access user management capabilities within your code

ASP supports at least four types of authentication:

Windows authentication enables you to identify users without creating a custom page. Credentials are stored in the Web server’s local user database or an Active Directory domain. Once identified, you can use the user’s credentials to gain access to resources that are protected by Windows authorization.

Forms authentication enables you to identify users with a custom database, such as an ASP.NET membership database. Alternatively, you can implement your own custom database. Once authenticated, you can reference the roles the user is in to restrict access to portions of your Web site.

Passport authentication relies on a centralized service provided by Microsoft. Passport authentication identifies a user using his or her e-mail address and a password, and a single Passport account can be used with many different Web sites. Passport authentication is primarily used for public Web sites with thousands of users.

Anonymous authentication does not require the user to provide credentials.