You should use ASP.NET authentication whenever you have a site that presents, edits, or manipulates information that not everyone should have access to. Some people think that keeping a site’s location secret is a good way to stop intruders from getting access. While this is true to some extent, it is no substitute for authentication—hackers use commonly available programs that sniff out locations of Web sites. So, if your security strategy relies on people not knowing where your site is, it’s definitely time to start thinking about authentication. Obscurity is not security.

Each of the three ASP.NET authentication mechanisms is best suited for a different type of Web application: