Figure 1. How They Fit Together
The components of the ASP.NET security infrastructure support each other. The ASP.NET 2.0 Login Controls call the methods of the SecurityProvider object to generate the Authorization Cookie which, in turn, is used by the MembershipUser object and the Allow/Deny tags in the Web.config file. All of the objects use the data in the Security database.