Last night, I had the opportunity to speak to the New Hampshire .Net Users Group about .Net Security, in particular speaking about User (Role-Based) Security and Code Access Security. My emphasis was on how .Net addresses these important issues in security:
Authentication: Who are you?
Authorization: What are you permitted to do?
While doing some research for this presentation, I found this nice little book from the Microsoft Patterns and Practices Group called Designing Application-Managed Authorization (you can download the PDF here). This book details some of the ideas I spoke about last night regarding use of the Principal and Identity objects to validate a user (Authentication above) as well as various methods to enforce what that user is able to do (Authorization above).