3
Reply

What is difference B/W Authentication and authorization?

17y
9.1k
0
Reply

    Best example would be assume your company scenario (if ur working). You may get permission to enter company premises (authentication) but u may not be allowed to enter Data Protection room (authorization)

    Authentication is verifying the identity of a user 

    For example: obtaining some credentials like user's name and password and some other informations and using those credentials to verify the user's identity

    Authorization is process where we check does this identity have access rights to the system.

    For example: Users have to rights to see the any webpages but they are not allowed to edit the contents of that page and also restricted to view some pages which are under the control of the administrators.

    Authentication is the process of identifying and verifying who the client accessing the server is.
    For example, if you use

    • Windows authentication and are browsing an ASP.NET page from server — ASP.NET/IIS would automatically use NTLM to authenticate you as SYNCFUSION\user1 (for example).
    • Forms based authentication, then you would use an html based forms page to enter username/password — which would then check a database and authenticate you against the username/password in the database.

    Authorization is the process of determining whether an authenticated user has access to run a particular page within an ASP.NET web application. Specifically, as an application author decide to grant or deny the authenticated user.This could be done either by explictly granting/denying rights based on the username  or use role based mappings to map authenticated users into roles.

    17y
    0