Difference between Authentication and Authorization

Authentication is identifying the user. Authorization is determining what level of access the user has. Suppose, you have 2 types of users to your website normal and admins. When the user tries to access the website, you ask them to log in. This is authentication part. Once you know the user is valid, then you determine to which pages the user has access to. Normal users should not be able to access admin pages. This is authorization. There are 3 ways of implementing Authentication in ASP.net
  • Windows Authentication
  • Forms Authentication
  • Passport Authentication
There are 2 ways of implementing Authorization in ASP.net
  • ACL authorization (also known as file authorization)
  • URL authorization.