Authentication: - prove genuineness
Authorization: - process of granting approval or permission on resources.
The same dictionary meaning applies to ASP.NET as well. In ASP.NET authentication means to identify the user or in other words its nothing but to validate that he exists in your database and he is the proper user.
Authorization means does he have access to a particular resource on the IIS website. A resource can be an ASP.NET web page, media files (MP4, GIF, JPEG etc), compressed file (ZIP, RAR) etc.
So the first process which happens is authentication and then authorization. Below is a simple graphical representation of authentication and authorization. So when the user enters ‘userid’ and ‘password’ he is first authenticated and identified by the user name.
Now when the user starts accessing resources like pages, ASPDOTNETauthentication, videos etc, he is checked whether he has the necessary access for the resources. The process of identifying the rights for resources is termed as ‘Authorization’.
To put it in simple words to identify “he is shiv” is authentication and to identify that “Shiv is admin” is authorization.
Detecting authentication and authorization: - The principal and identity objects
At any moment of time if you want to know who the user is and what
kind of authentication type he using you can use the identity object. If
you want to know what kind of roles it’s associated with then we need
to use the principal object. In other words to get authentication
details we need to the identity object and to know about authorization
details of that identity we need the principal object.
For instance below is a simple sample code which shows how to use identity and principal object to display name and check roles.
Authorization: - process of granting approval or permission on resources.
The same dictionary meaning applies to ASP.NET as well. In ASP.NET authentication means to identify the user or in other words its nothing but to validate that he exists in your database and he is the proper user.
Authorization means does he have access to a particular resource on the IIS website. A resource can be an ASP.NET web page, media files (MP4, GIF, JPEG etc), compressed file (ZIP, RAR) etc.
So the first process which happens is authentication and then authorization. Below is a simple graphical representation of authentication and authorization. So when the user enters ‘userid’ and ‘password’ he is first authenticated and identified by the user name.
Now when the user starts accessing resources like pages, ASPDOTNETauthentication, videos etc, he is checked whether he has the necessary access for the resources. The process of identifying the rights for resources is termed as ‘Authorization’.
To put it in simple words to identify “he is shiv” is authentication and to identify that “Shiv is admin” is authorization.
Detecting authentication and authorization: - The principal and identity objects
At any moment of time if you want to know who the user is and what
kind of authentication type he using you can use the identity object. If
you want to know what kind of roles it’s associated with then we need
to use the principal object. In other words to get authentication
details we need to the identity object and to know about authorization
details of that identity we need the principal object.For instance below is a simple sample code which shows how to use identity and principal object to display name and check roles.