Nearly every application deals with data and resources that need to be protected. Implementing secure authentication and authorization is therefore an essential requirement in most cases.
While historically the solution to that problem has been either Windows authentication or username/password, this might not hold true anymore. In the distributed and mobile application landscape, passwords have become an anti-pattern, and single sign-on, security token services and federation are the prevalent technologies to achieve a seamless security experience for your users.
We have worked in this space for several years, and our lead security consultants have in the past published books and open-source software toolkits to simplify identity management and access control for your .NET-based applications.