If you decide to let ASP.NET handle authentication, then you have more control over how the authentication happens while at the same time leaving your set of Windows user identities unadulterated. To let a request get past IIS, allow anonymous access to your virtual directory.
Once a request gets past IIS, it's up to ASP.NET to figure out who the user is and how to dole out access. ASP.NET includes an authentication model named Forms Authentication. You turn on Forms Authentication through the Web.Config file. Either use the typing Wizard (that is, type the <authentication > element by hand, or use the Web Site Administration tool (or the IIS ASP.NET tab) to turn on Forms Authentication.
The Web Site Administration tool is useful for adding users, adding roles, and assigning users to roles. It's the most convenient way to manage users and roles. (If you want to, you may set up your own authentication scheme and database, bypassing the ASP.NET support.)
By using ASP.NET Authentication and Authorization support, the Login controls work automatically. The Login controls supply login functionality for the majority of use cases. (As always, you may bypass the support for an authentication and authorization scheme of your own choosing.)
Tutorial 10 Quick Reference
How to use Forms Authentication in your application
Use the ASP.NET Web Site Administration tool (select
Web site | ASP.NET Configuration)Use the ASP.NET tab in IIS
How to configure the security aspects of your Web site
Use the ASP.NET Web Site Administration tool (select
Web site | ASP.NET Configuration)Use the ASP.NET tab in IIS
How to authenticate a request by hand
Use the
FormsAuthenticationclass's Set Auth cookie
How to invalidate an authentication cookie
Call the
FormsAuthenticationclass'sSignOffmethod
How to view the authentication cookie
Turn on tracing