Role-based security involves authentication and authorization. Authentication involves verifying the identity of the requesting account, and authorization refers to granting rights based on that identity.
In Windows applications, authentication is mainly based on the user's Windows login credentials. The user is authenticated as soon as he logs on to Windows, and this identity then is used by .NET applications to implement security. The .NET Framework provides various other forms of authentication, mainly used by ASP.NET applications. But you need to know about them because they are specified in the exam objectives.
The following list summarizes the various forms of authentication provided by the .NET Framework: