I’m new to the asp.net world coming from windows programming. The sessions, authentications, page life cycles are still somewhat confusing concepts to me.

I am currently designing a simple website just to learn asp.net. (very simple discussion board w/ tags, sort of like stackoverflow but 100x simpler)

I have designed the data access layer and now on to the business logic. My Business logic looks like the following:

• Backend components: normalizing data, complicated calcultions etc. My backend only has 2 classes and maybe 15~20 members in total.
• A Controller static class for frontend classes to access.

My question are:

• Is the controller class nessasary? Should I instantiate each backend component directly in asp.net pages?
• Who commonly handles sessions and authentications? Should the backend take care of that or should a manager class in the front end be in charge of all the user sessions/authentications?
• I understand each visit to page the the webpage object is re-instantiated, is it really a bad practice if the front-end controls the back end?