Live Chat Icon For mobile
Live Chat Icon

What is the difference between authentication and authorization

Platform: ASP.NET| Category: Security

Authentication is the process of identifying and verifying who the client accessing the server is.

For example, if you use

  • Windows authentication and are browsing an ASP.NET page from server — ASP.NET/IIS would automatically use NTLM to authenticate you as SYNCFUSION\user1 (for example).
  • Forms based authentication, then you would use an html based forms page to enter username/password — which would then check a database and authenticate you against the username/password in the database.

Authorization is the process of determining whether an authenticated user has access to run a particular page within an ASP.NET web application. Specifically, as an application author decide to grant or deny the authenticated user ‘SYNCFUSION\user1’ access to the admin.aspx page. This could be done either by explicitly granting/denying rights based on the username — or use role based mappings to map authenticated users into roles (for example: an administrator might map ‘SYNCFUSION\user1’ into the ‘Power Users’ role) and then grant/deny access based on role names (allowing a degree of abstraction to separate out your authorization policy).

Share with

Related FAQs

Couldn't find the FAQs you're looking for?

Please submit your question and answer.