Introduction:
ASP.NET authentication modes include Windows, Forms, Passport, and None.

Main:
Windows authentication: With this authentication mode, ASP.NET relies on IIS
to authenticate users and create a Windows access token to represent the authenticated
identity.

IIS provides the following authentication mechanisms:

Basic authentication:
Basic authentication requires the user to supply credentials
in the form of a user name and password to prove their identity. It is a
proposed Internet standard based on RFC 2617. Both Netscape Navigator and
Microsoft Internet Explorer support Basic authentication. The user’s credentials
are transmitted from the browser to the Web server in an unencrypted
Base64 encoded format. Because the Web server obtains the user’s credentials
unencrypted, the Web server can issue remote calls (for example, to access
remote computers and resources) using the user’s credentials.

Note: Basic authentication should only be used in conjunction with a secure channel
(typically established by using SSL). Otherwise, user names and passwords can be
easily stolen with network monitoring software. If you use Basic authentication you
should use SSL on all pages (not just a logon page), because credentials are passed on
all subsequent requests.

Digest authentication:
Digest authentication, introduced with IIS 5.0, is similar to Basic authentication except that instead of transmitting the user’s
credentials unencrypted from the browser to the Web server, it transmits a
hash of the credentials. As a result it is more secure, although it requires an
Internet Explorer 5.0 or later client and specific server configuration.

Integrated Windows authentication:
Integrated Windows Authentication (Kerberos or NTLM depending upon the client and server configuration) uses
a cryptographic exchange with the user’s Internet Explorer Web browser to
confirm the identity of the user. It is supported only by Internet Explorer (and
not by Netscape Navigator), and as a result tends to be used only in intranet
scenarios, where the client software can be controlled. It is used only by the
Web server if either anonymous access is disabled or if anonymous access is
denied through Windows file system permissions.

Certificate authentication:
Certificate authentication uses client certificates to positively identify users. The client certificate is passed by the user’s browser
(or client application) to the Web server. (In the case of Web services, the Web
services client passes the certificate by means of the ClientCertificates property
of the HttpWebRequest object). The Web server then extracts the user’s
identity from the certificate. This approach relies on a client certificate being
installed on the user’s computer and as a result tends to be used mostly in
intranet or extranet scenarios where the user population is well known and
controlled. IIS, upon receipt of a client certificate, can map the certificate to
a Windows account.

Anonymous authentication:
If you do not need to authenticate your clients (or you implement a custom authentication scheme), IIS can be configured for
Anonymous authentication. In this event, the Web server creates a Windows
access token to represent all anonymous users with the same anonymous (or
guest) account. The default anonymous account is IUSR_MACHINENAME,
where MACHINENAME is the NetBIOS name of your computer specified at
install time.

Passport authentication:
With this authentication mode, ASP.NET uses the centralized authentication services of Microsoft Passport. ASP.NET provides a
convenient wrapper around functionality exposed by the Microsoft Passport
Software Development Kit (SDK), which must be installed on the Web server.

Forms authentication:
This approach uses client-side redirection to forward unauthenticated users to a specified HTML form that allows them to enter their
credentials (typically user name and password). These credentials are then
validated and an authentication ticket is generated and returned to the client.
The authentication ticket maintains the user identity and optionally a list of roles
that the user is a member of for the duration of the user’s session.
Forms authentication is sometimes used solely for Web site personalization. In
this case, you need write little custom code because ASP.NET handles much of
the process automatically with simple configuration. For personalization scenarios,
the cookie needs to hold only the user name.

Note: Forms authentication sends the user name and password to the Web server in plain
text. As a result, you should use Forms authentication in conjunction with a channel
secured by SSL. For continued protection of the authentication cookie transmitted on
subsequent requests, you should consider using SSL for all pages within your application
and not just the logon page.

None: None indicates that you either don’t want to authenticate users or that you are using a custom authentication protocol.

Conclusion:
Hope this helps,
Happy Coding.

References:
msdn.microsoft.com