ZDNet

True role-based authorization in ASP.NET

When I first heard that ASP.NET did role-based authorization, I was excited—until I found out that the only way to implement it was using Windows authentication. This requires all users and their ...
Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...