ASP.NET offers two types of authorization
services: file authorization and URL authorization. File authorization
determines which access control lists are consulted based on both the HTTP
method being used and the identity making the request. URL authorization is a
logical mapping between pieces of the Uniform Resource Identifier namespace and
various users or roles.