Once you complete developing a web application, you need to secure it. This is when aspect of security comes into picture. There will be some portions of your application which need to be secured from users. Securing an application may need extra hardware to build complex multi-layer systems with firewalls, and also some highly secure features. Security enables you to provide access to a specified user after user is authenticated and authorized to access resources in your web application. The Access Control List is used in authorization process.

The basic concepts of security are Authentication, Authorization, Impersonation and Data or functional security. Authentication is process that enables to identify a user, so that only that user is provided access to resources. Authorization is process that enables to determine whether a particular user can be given access to resources that user requests. Impersonation is process that provides access to resources requested by a user under a different identity. Data or functional security is process of securing a system physically, updating operating system and using robust software.

ASP.NET offers many server controls for developers to create web applications. However, at some point of development time when developer does not get control they want, they can create a new server control. This new server control can be called ASP.NET Custom Server Controls or user control. The basic difference between a ASP.NET Custom Server Controls and a user control is that unlike a user control that does not appear in Toolbox, you can view a ASP.NET Custom Server Controls in Toolbox. ASP.NET Custom Server Controls have their own events such as Enter, Onclick, and Onmouseover.