Hi there,
I am developping a shopping cart application with ASP.Net but I am quite confused between options:

which authentication scheme better? :windows, passport, and forms? I know it is up to me, but which one you prefer (subjectively)?

again, which one you choose between cookies, view state and session? What is the differences between them?
Thanks
Pat

Windows authentication will require you to create an account for each user on the system / domain / etc in question. Not typically advised for e-commerce.

Passport auth is nice enough, but I think it costs $10k to license its use.

Forms auth can be as simple (user logins in web.config) or as complex (role based authentication in SQL Server) as you need for your application. I'm using the role based SQL authentication in an app and couldn't be happier with it. It took a bit to get the framework setup, but once it was there was no going back.

Regarding your other question, they're all about maintaining state. The question is just how much state do you need and where do you want the data stored.

Cookies typically are fairly small meaning they won't hold much data, but are well supported. These are useful for maintaing user specific login and customization information across browser sessions. You have to be careful as some users will not allow cookies.

Viewstate by default is so that HTML and WebControl Server Controls in ASP.NET can maintain state across browser requests. This information gets encoded and stored in a specific value within the page response (what gets sent to the client.) You can de/serialize your data in there, but a large amount of data is going to mean an even bigger viewstate.

Session variables are stored per browser session. Typically, this is what I've seen a lot of shopping cart apps use for the cart itself. Session variables are fairly easy to use, you just have to make sure the data is present before relying on it (ie, check to make sure the session didn't timeout.)

Usually most applications will make use of all these technologies as they're not mutually exclusive (I'm referring to the state methods, not authentication though that is possible too...) I use cookies to store the authentication information, viewstate with some datagrid handling routines, and sessions for some user specific / instance specific data. It's just a matter of determining what you need and how best to accomplish it.

Thanks alot for your replies. I am really appriciate it.
Pat