Authentication And Authorization In MVC
Authentication And Authorization In MVC
This lecture will explain the authentication and authorization. Whenever we develop web application first of all we think about security. That means we need to make sure that only authenticated and authorized users can access our website. Here we will discuss the following
- What are Authentication and Authorization?
- What are the different types of Authentication?
- How to implement Authentication and Authorization in ASP.NET MVC application?
What is Authorization?
Authorization is a security mechanism which is used to determine whether the user has access to a particular resource or not. The main point that you need to remember is, authentication happens first, then only authorization.
What is Authentication?
Authentication is a process to ensure and confirms a user’s identity and whether the user is registered or not to access particular data or web pages. In other words, we can say that it is a process to validate someone against some data source.
What are the types of authentication?
There are three types of authentication available in ASP.NET MVC.
- Forms Authentication
- Window Authentication
- Password Authentication
Forms Authentication
For form authentication the user needs to provide his credentials through a form.
Windows Authentication
Windows Authentication is used in conjunction with IIS authentication. The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication. When IIS authentication is completed, then ASP.NET uses the authenticated identity to authorize access.
Password Authentication
It is a centralized authentication service (paid service) provided by Microsoft which offers a single login and core profile services for member sites.
Different ways to implement authentication in MVC
There are many different ways to implement authentication in MVC. In my upcoming article series, I will explain two ways to implement Authentication and Authorization in MVC applications:
- Forms Authentication
- ASP.NET Identity
