You do not have to use Framework security
The Framework security is optional. If you like you can switch off Framework security and just use the server's native security (the http server for web users). In this way you can still control who accesses your application, but you won't be able to control what they can do within the Framework.
Or you can switch off the web and Windows sign on (allowing the server to handle these) but still apply the user's authorities to Framework objects.