The web.config file has all of the configuration settings on an Application.
Authentication is the process of determining the authenticity of a user based on the user’s credentials.
Whenever a user logs in to an application, the user is first authenticated and then authorized.

1. Forms Authentication
2. Windows Authentication
3. Passport Authentication


You can set it in the web.config file as below,

or or

1. Forms Authentication:

This type of authentication is based on cookies. The username and password is stored in Database.This Forms authentication supports both Session and Cookies.
If the cookie isn't present, ASP.NET redirects the user to a web form you provide.
SYNTAX:


2. Windows Authentication:

This type of authentication is default one. Here a user can authenticated by their own windows account. So that this kind of Authentication is used only for Intranet not for web.
SYNTAX:


3. Passport Authnetication:
This passport authentication is the authentication service that uses the Microsoft's Passport Services. It allows the user to create a single sign in name and password to authenticated.

SYNTAX:


AUTHORIZATION:

It is the process of finding the accessibilty for a previously authenticated user.Authorization is only works with the Authenticated User/Person.