An important part of many Web applications is the ability to identify users and control access to resources. The act of determing the identity of the requesting entity is known as <b>authentication</b>. Generally, in order to be authenticated, <b>credentials</b> are presented, which often consist of a user name/password pair. Once an authenticated identity is available, the process of determining whether that identity can access a given resource is known as <b>authorization</b>. ASP+ works in conjunction with IIS to provide authentication and authorization services to applications.
<p>
Another important feature of server applications is the ability to control the identity under which server application code is executed. When a server application executes code with the identity of the requesting entity, this is known as <b>impersonation</b>. ASP+ applications can optionally choose to impersonate requests.
<p>
Some applications also want the ability to dynamically tailor content based on the requesting identity or based on a set of roles that a requesting identity may belong to. In addition to the ability to allow or deny access based on the user or role, ASP+ applications can dynamically check whether the current requesting identity participates in particular role. To further illustrate, an application may wish to check whether or not the current user belongs to the manager's role in order to conditionally generate content for managers.
