Authentication v/s Authorization

How the process Authentication is differ from authorization? In my winforms application with c# and mySQL I have a login page for validating an user, then shows the admin page if the user is admin and user home if he is not an admin, Actually what we are doing through a process of login? whether it is authorizing or authenticating an user?

---

Authentication: The process of a user, authenticating(Log In) themselves to a system to use the features provided.

Authorization: Being authorized to, for instance, see a specific page of your application.

Quick example: If a user logged in to your system, and they are authenticated as a user with user permissions, you will not allow them to see your admin pages, since the user does not have the same authorization as a Admin in your application.

In your scenario, when the user logs in, it is the process of authentication.

---

in short 
 when you try to login is Authentication (verify user by his identity like login credential)

成功登录后用户有一定的权限（如admin可以改变一切，用户只能查看他们可以添加或编辑一些依赖访问的东西）称为授权

---

The first process , the process of validating an user is called authentication where we check whether such an user with some user id and password is belongs to our database.

The second process , based on the type of user or the level of user in the hierarchy we are disable or enables some/few pages and/or redirecting to admin home/user home these processes are called Authorization.

链接地址: http://www.djcxy.com/p/22246.html

上一篇: 如何使用AWS cognito响应来验证API请求

下一篇: 身份验证v / s授权