»Dotnet Ads
»Message Boards
Message Boards
Dotnet Books
»Member Details
Register
Login
LogOut
Submit Code
Submit Jobs
Submit Projects
»Competition
Community
Winners
Prizes
Write For Us
Members
»Other Resources
Links
Dotnet Resources
|
difference between authentication and authorization?Authentication is the process of identifying and verifying who the client accessing the server is.
For example, if you use
Windows authentication and are browsing an ASP.NET page from server -- ASP.NET/IIS would automatically use NTLM to authenticate you as SYNCFUSION\user1 (for example).
Forms based authentication, then you would use an html based forms page to enter username/password -- which would then check a database and authenticate you against the username/password in the database.
Authorization is the process of determining whether an authenticated user has access to run a particular page within an ASP.NET web application. Specifically, as an application author decide to grant or deny the authenticated user "SYNCFUSION\user1" access to the admin.aspx page. This could be done either by explictly granting/denying rights based on the username -- or use role based mappings to map authenticated users into roles (for example: an administrator might map "SYNCFUSION\user1" into the "Power Users" role) and then grant/deny access based on role names (allowing a degree of abstraction to separate out your authorization policy).
|