Authentication is knowing the identity of the user. For example, Alice logs in with her username and password, and the server uses the password to authenticate Alice. It prove genuineness.
Authorization is deciding whether a user is allowed to perform an action. For example, Alice has permission to get a resource but not create a resource.It is the process of granting approval or permission on resources.
Types of authentication and authorization in ASP.NET
There are three ways of doing authentication in ASP.NET:-
•
Windows authentication: - In this methodology ASP.NET web pages will
use local windows users and groups to authenticate and authorize
resources.
• Forms Authentication: - This is a cookie based authentication where username and password are stored on client machines as cookie files or they are sent through URL for every request. Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.• Passport authentication :- Passport authentication is based on the passport website provided
by the Microsoft .So when user logins with credentials it will be reached to the passport website ( i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.
• None :- No Authentication provided. This is the default Authentication mode.
In the web.config file of your application, you can specify the Authentication mode as shown below : - 
ASP.NET allows two ways to authorize access to a given resources: -
. URL authorization
URL authorization maps users and roles to URLs in ASP.NET applications
. File authorization
File authorization validate the ACL (access control list) of the .aspx or .asmx handler file to determine whether a user should have access to the file.
I am a fresher. It is easy to understand.
ReplyDeleteThank you, Sibin.