1-ASP.NET applications can use the existing security features provided by Win- dows and IIS.
2-.NET represents users who have been identified with Windows authentication using a combination of the WindowsPrincipal and WindowsIdentity classes.
3-To represent users who have been identified with non-Windows authentication schemes, such as Forms authentication, The GenericPrincipal and GenericIdentity or FormsIdentity classes are used.
4-You can create your own principal and identity implementations by creating classes that implement IPrincipal and IIdentity.
5-The IPrincipal object that represents the authenticated user is associated with the current HTTP Web request using the HttpContext.User property Within ASP.NET Web applications.
6-Gates are access control points within your application through which autho- rized users can access resources or services.
7-Gatekeepers are responsible for controlling access to gates.
8-Use multiple gatekeepers to provide a defense-in-depth strategy.