System.Web.Security (system.web.dll)sealed class

ASP.NET uses this class automatically to determine whether access to a specified resource (a URL requested by the client) should be allowed or denied, based on the identity of the currently authenticated user. This class is used as needed, but is not directly referenced in the web.config file. You can configure URL authorization by adding a list of users or roles in the <allow> or <deny> elements of the <authorization> section of a configuration file.

Both the FormsAuthenticationModule and PassportAuthenticationModule set the System.Web.HttpContext.SkipAuthorization property to True when redirecting the client to a login page so they can bypass the UrlAuthorizationModule checks.

public sealed class UrlAuthorizationModule : System.Web.IHttpModule {
// Public Constructors
   public UrlAuthorizationModule( );
// Public Instance Methods
   public void Dispose( );                           // implements System.Web.IHttpModule
   public void Init(System.Web.HttpApplication app);            // implements System.Web.IHttpModule

    Part I: Introduction to ASP.NET
    Part III: Namespace Reference
    Chapter 40. The System.Web.UI.MobileControls Namespace
    Chapter 42. The System.Web.UI.WebControls Namespace