Windows authentication is perfect in intranet environments where everyone signs on to the website with the same credentials used to log into Windows. For sites meant for public viewing on the Internet, Windows authentication will not usually be appropriate. Visitors will be prompted for their user name and password and when they do not have an account in the specified domain (e.g. guest users), they won't be able to access content.
The good news is that there are other ways to authenticate a user. ASP.NET supports at least two alternatives. The first uses Microsoft Passport, which users may already use to authenticate against other websites. In order to implement Passport, you have to subscribe to its services, which can be too costly for a small website.
Another alternative is to use Forms authentication, which is the topic of this chapter. Users enter credentials into a form. The web application uses this information to decide whether or not...