In web applications what's the difference btw authentication and authorization?

What are the different ways of authentication in ASP.NET ?

Scenario: At runtime, whenever the user requests a change in some settings, I update the web.config file dynamically at runtime to store the config values. But I notice that my session state gets lost. Why does this occur?

U want to control anonymous user's access to resources on the server. How would U do it? (Hint: Which user account would U modify? )