What is the difference between Authentication & Authorization

Sometimes people get confused with respect to the difference between user authentication and user authorization. Getting these concepts confused is easy to do—but in summary, authentication is verifying that users are who they say they are, using some form of login mechanism (username/password, OpenID, OAuth and so on— something that says “this is who I am”). Authorization is verifying that they can do what they want to do with respect to your site. This is usually achieved using some type of role-based or claim-based system.
Professional ASP.NET MVC 5, Wrox

Leave a Reply

Your email address will not be published. Required fields are marked *