Forms authentication is one of the most compelling and useful new features of ASP.NET. It enables developers to declaratively specify which files on their site can be accessed and by whom, and allows identification of a login page. When an unauthenticated user attempts to retrieve a page protected by forms authentication, ASP.NET automatically redirects them to the login page and asks them to identify themselves. Included here is an overview of forms authentication and what you need to know to put it to work. Also included is hard-to-find information on the security of cookie authentication and on combining forms authentication with role-based URL authorizations.
MSDN Magazine May 2002
View Complete Post