This may entail showing or hiding data based on the user's role, or offering additional functionality to users that belong to a particular role.
Before we can look at applying fine grain authorization rules, however, we first need to create a page whose functionality depends on the role of the user visiting it.
Let's create a page that lists all of the user accounts in the system in a Grid View.
Since possession of the role cache cookie is sufficient to prove role membership, if a hacker can somehow gain access to a valid user's cookie he can impersonate that user.
The likelihood of this happening increases if the cookie is persisted on the user's browser.
The Login View control, which renders different output for authenticated and anonymous users, can be configured to display different content based on the logged in user's roles.