ASP.NET actually supports four types of authentication:
If your application is targeted for use inside an organization, and users
accessing the application have existing user accounts within the local user
database of the Web server or Active Directory, you should authenticate users
with Windows authentication.
By default, Form authentication is used.
Form-based authentication presents the user with an HTML-based Web page that
prompts the user for credentials.
You can also authenticate users using a service from Microsoft called Passport.
Passport is a centralized directory of user information that Web sites can use,
in exchange for a fee, to authenticate users. Users can choose to allow the Web
site access to personal
information stored on Passport, such as the users’ addresses, ages, and
You can explicitly disable authentication for your application if you know that
it will be used only by anonymous users.
<authentication mode="None" />