A code group is a set of assemblies that share a security context.
Authentication happens first. You verify user’s identity based on credentials. Authorization is making sure the user only gets access to the resources he has credentials for.
Authentication modes in ASP.NET is None, Windows, Forms and Passport.
The CLR computes actual permissions at runtime based on code group membership and the calling chain of the code.
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.