Authentication is one of the foremost features of web application's security. In ASP.NET, authentication is done at two levels . First, IIS* will perform the required authentication then send out the request to ASP.NET, as described in Figure 1. For ASP.NET application, the underlying web server is IIS. Therefore, every ASP.NET application can continue to leverage the security options provided by IIS.