If Azure ACS does not cover your needs, then the traditional ASP.NET methods are still available for use. ASP.NET membership providers have offered developers an easy way to integrate the user stores into an application. Other capabilities such as session state, roles, and so on are all core to the ASP.NET provider model.
When a user clicks on the Login button in a silverlight RIA Services application, it is actually using the built-in ASP.NET membership providers under the covers. This allows Silverlight the same flexibility that ASP.NET has in selecting a provider, based on the desired backing stores.
The providers grant features to an application such as membership (username and passwords), session state, roles, and so on.