Bill N. recently asked this one, here is some of the email:
"I'm working a problem at the office that requires we implement a means of logging in once to a web site and then enable SSO access to all other web apps on that site. We also need to implement roles-based security. We currently have a SQL Server database containing username/password information and roles information. These are not people who are in AD, or are ever going to be in AD. We're currently using a third-party portal solution and a little custom code in each web app for all of this; we're looking to separate authentication and authorization from the vendor(s)."
Here are some links to what I came up with but feel free to add to this if you have some insights: