What is the difference between Authorization and Authentication?

Both Authentication and Authorization are concepts of providing permission to users to maintain different levels of security, as per the application requirement.

Authentication is the mechanism whereby systems may securely identify their users. Authentication systems depend on some unique bit of information known only to the individual being authenticated and the authentication system.

Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have,to secured resources controlled by the system.

When a user logs on to an application/system, the user is first Authenticated, and then Authorized.

ASP.NET has 3 ways to Authenticate a user:
1) Forms Authentication
2) Windows Authentication
3) Passport Authentication (This is obsolete in .NET 2.0)
The 4th way is “None” (means no authentication)

The Authentication Provider performs the task of verifying the credentials of the user and decides whether a user is authenticated or not. The authentication may be set using the web.config file.

Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs on to an application, the credentials are matched with the Windows domain through IIS.

There are 4 types of Windows Authentication methods:
1) Anonymous Authentication – IIS allows any user
2) Basic Authentication – A windows username and password has to be sent across the network (in plain text format, hence not very secure).
3) Digest Authentication – Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above
4) Integrated Windows Authentication – Relies on Kerberos technology, with strong credential encryption

Forms Authentication – This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.

Authorization in .NET – There are two types:

FileAuthorization – this depends on the NTFS system for granting permission
UrlAuthorization – Authorization rules may be explicitly specified in web.config for different web URLs.

What do you mean by authentication and authorization?

Authentication is the process of validating a user on the credentials (username and password) and authorization performs after authentication. After Authentication a user will be verified for performing the various tasks, It access is limited it is known as authorization.

What is the difference between Windows authentication and Forms authentication?

Windows authentication uses actual Windows users. Forms authentication users are independent of the operating system.

What is the difference between Authentication and Authorization?

Authentication is the process of identifying users.
Authentication is identifying/validating the user against the credentials (username and password) and Authorization performs after authentication.
Authorization is the process of granting access to those users based on identity.
Authorization allowing access of specific resource to user.

How do I sign out in forms authentication?

FormsAuthentication.Signout ()

List the types of Authentication supported by ASP.NET.

  • Windows (default)
  • Forms
  • Passport
  • None (Security disabled)

What are the authentication modes in ASP.NET?

None, Windows, Windows and Passport.