How does the server-side ASP.NET app get access to which user is then logged in?