Authorization is process that comes after authentication and means that
application is checking if user have rights to access to some part of web
application. Very common example is administration area of site. Depending of
user rights, application will allow or deny access to specific pages on site.
An authentication system is how you identify yourself to the computer. The goal behind an authentication system is to verify that the user is actually who they say they are.
Authorization
Once the system knows who the user is through authentication, authorization is how the system decides what the user can do.
There are three major ways to authenticate and authorize users within an ASP.NET Web application:
(1) Windows integrated authentication.
Identifies and authorizes users based on the server' s users list
(2) Forms authentication.
Directs users to a logon Web form that collects user name and password information, and then authenticates the user against a user list or database that the application maintains.
(3) Passport authentication.
Directs new users to a site hosted by Microsoft so that they can register a single user name and password that will authorize their access to multiple Web sites.
No comments:
Post a Comment