There is a lot more to security than just this.
You can also have role based security, path based security and more with other
tags as well as the <authorize> tag. But I can't include it all here there is
plenty of information in the .NET Framework SDK as well as other sites out
there on security using <authenticate> and <authorize>. For more information
on security in ASP.NET see
Security in ASP.NET.