1) Sitefinity provides the needed functionality to achieve this. You just have to create a public login page and deny anonymous access to all pages (see how to do it automatically
). You can also use windows authentication (as you are talking about an intranet application.
2) As for the current version, permissions for modules are more administration-oriented. The idea behind them is not to restrict users from viewing/editing single items on a page, but to manage administrators,content writers, etc in the backend... Thus, permissions are set per module, and are available mainly for the administration. We are currently working on improvements on permissions and security as adding permissions per category (group of content items) and per blog.
Other improvements are currently considered and some of them will be available in 3.2 in the beginning of 2008. For the moment permissions per user (not per role) are not in our ToDo list as this will complicate the user interface. However, we are seriously considering implementing public permissions (for users that browse the public part of the site to view/edit content items directly).
Unfortunately, it is too early to say exactly which of this functionality will be included in Sitefinity 3.2, more specific information will be available in December.
Thank you for this post as it helps us in making decisions what is most important for our clients. If you have any other ideas or needs please share them with the team and we'll gladly consider them.
the Telerik team