Kerberos, NTLM, PKI, SSL, roles, AzMan, DACL, impersonation, etc. in .NET

You would imagine that topics like authentication (who you are) and authorization (what you are allowed to do), should be by now: a) solved and easily explained; b) standardized. In truth, the latter is a little more truth than the former, but at any rate if you want to understand these subjects you face a real alphabet soup and an entangled concept diversity, with each such concept apparently entitled to a tome by itself. Being 2006, authentication and authorization are still complex and not well understood topics, and, as a consequence, more than a few systems re-invent (poorly and weakly) the wheel.

Well, this article, even though a little bit long, explains in a pretty detailed and decent way many of these concepts. Furthermore, it shows how to implement standard authorization and authentication solutions with the .NET Framework. Recommended reading.