If your application is targeted for use inside an organization, and users accessing the application have existing user accounts within the local user database of the Web server or Active Directory, you should authenticate users with Windows authentication.
By default, Form authentication is used.
Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.
You can also authenticate users using a service from Microsoft called Passport. Passport
is a centralized directory of user information that Web sites can use, in exchange for a fee, to authenticate users. Users can choose to allow the Web site access to personal
information stored on Passport, such as the users' addresses, ages, and interests.
You can explicitly disable authentication for your application if you know that it will be used only by anonymous users.
<authentication mode="None" />