Authorization Vs Authentication

Authentication

Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers to the questions:

  • Who is the user?
  • Is the user really who he/she represents himself to be?

Authentication is the process of obtaining identification credentials from a user ( such as name and password ), and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity.

ASP.NET implements authentication through authentication providers, the modules that contain the code to authenticate the requestor’s credentials. Following are built in ASP.Net authentication providers.

  • Windows Authentication Provider
  • Forms Authentication Provider
  • Passport Authentication Provider

Authorization

Authorization, by contrast, is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system.

Authorization systems provide answers to the questions:

  • Is user X authorized to access resource R?
  • Is user X authorized to perform operation P?
  • Is user X authorized to perform operation P on resource R?

Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.

ASP.NET implements authorization through authorization providers, the modules that contain the code to authorize access to a given resource. ASP.NET includes the following authorization modules.

  • File Authorization Provider
  • URL authorization

Authentication and authorization are somewhat tightly-coupled mechanisms – authorization systems depend on secure authentication systems to ensure that users are who they claim to be and thus prevent unauthorized users from gaining access to secured resources.

ASP.NET Membership (Providers)

ASP.NET Roles (Providers)

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s