Denis Piliptchouk finished his four part series comparing Java and .NET security, with a piece on user authentication and authorization.  This is the conclusion to the series I posted about here.