When Enterprise Server for .NET needs to obtain a user token for impersonation, or to validate a set of user credentials, such as to respond to an EXEC CICS SIGNON request, it invokes the logon provider. The logon provider is a plug-in module that handles these functions. It's loaded into the Event Monitor process, and is mostly invoked to handle requests from Service Execution processes, as shown in the following graphic.
Putting logon functions in a separate module gives Enterprise Server for .NET the flexibility to use different security systems or provide special mechanisms for user authentication. Logon providers are configured on a per-system basis, so all regions running on a given host or Windows Azure role use the same logon provider.