Windows authentication is enabled by default.
When Windows authentication is enabled, users are identified by their Microsoft Windows account names.
Roles correspond to Microsoft Windows groups.
.NET Passport authentication is the same type of authentication used at Microsoft websites such as MSN and Hotmail.
If you want to enable users to log in to your application by using their existing Hotmail usernames and passwords, then you can enable .NET Passport authentication.
The final type of authentication is Forms authentication.
When Forms authentication is enabled, users are typically identified by a cookie.
When a user is authenticated, an encrypted cookie is added to the user's browser.
As the user moves from page to page, the user is identified by the cookie.
When Forms authentication is enabled, user and role information is stored in a custom data store.
You can store user information anywhere that you want.
For example, you can store usernames and passwords in a database, an XML file, or even a plain text file.
You enable a particular type of authentication in an application's root web configuration file.
The following file enables Forms authentication.
The possible values for the mode attribute are None, Windows, Forms, and Passport.
File: Web.Config