We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
Unfortunately, activation email could not send to your email. Please try again.
Platform : ASP.NET
|
Category : Security

What is the difference between authentication and authorization

Authentication is the process of identifying and verifying who the client accessing the server is.
For example, if you use
  • Windows authentication and are browsing an ASP.NET page from server -- ASP.NET/IIS would automatically use NTLM to authenticate you as SYNCFUSION\user1 (for example).
  • Forms based authentication, then you would use an html based forms page to enter username/password -- which would then check a database and authenticate you against the username/password in the database.

Authorization is the process of determining whether an authenticated user has access to run a particular page within an ASP.NET web application. Specifically, as an application author decide to grant or deny the authenticated user "SYNCFUSION\user1" access to the admin.aspx page. This could be done either by explicitly granting/denying rights based on the username -- or use role based mappings to map authenticated users into roles (for example: an administrator might map "SYNCFUSION\user1" into the "Power Users" role) and then grant/deny access based on role names (allowing a degree of abstraction to separate out your authorization policy).

You are using an outdated version of Internet Explorer that may not display all features of this and other websites. Upgrade to Internet Explorer 8 or newer for a better experience.