Great, great, great book. Despite the title it doesn't stop on security topics exclusively, but analyzes the important entrails of ASP.NET - pipelines, meaning of events, workflows. It will bring all the stuff together and organize your ad-hoc knowledge.
All possible authorization and authentication scenarios reviewed, including the very common mixed authentication with internal and external users, which I haven’t seen described too often. Great tips and trick with detailed instructions are mixed with high-level architecture overviews. Interestingly, book avoids describing the Profile mechanism. Microsoft did lousy job porting this functionality from the
icky Web Site to the Web Application projects and using Profile capabilities requires extra efforts.
This book is strongly recommended for good .NET developers who want to become great .NET developers.