Here I want to explain how you can use the authorization principals built in the websf factory. One of the first things I wanted to do when I started experimenting wih the factory was try to implement some the security features that we use in our real world applications.
I mean all of the applications that I have worked on (as far as I can remember) have had security features and the security features were database driven. I.e the roles, rules, users, etc.. all this information is stored in a database.
Out of hte box the reference implementations and samples for the factory all used the web.config files to demo the features...hardly helpful.
So I set out to figure out and understand what the P&P group had already done as far as security and then implement a database driven security features.