Authentication And Authorization In MVC


This article will explain the concept of authentication and authorization in the MVC application. Whenever we developers develop any web application, we think of security. That means we need to make sure that only authenticated and authorized users can access our webpage. In this article, I will discuss the following.
  1. What are Authentication and Authorization?
  2. What are the different types of Authentication?
  3. How to implement Authentication and Authorization in ASP.NET MVC application?

What is Authentication?

Authentication is a process to ensure and confirms a user’s identity and whether the user is registered or not to access particular data or web pages. In other words, we can say that it is a process to validate someone against some data source.

What is Authorization?

Authorization is a security mechanism which is used to determine whether the user has access to a particular resource or not. The main point that you need to remember is, authentication happens first, then only authorization.

What are the types of authentication?

There are three types of authentication available in ASP.NET MVC.
  1. Forms Authentication
  2. Window Authentication
  3. Password Authentication
Forms Authentication
For form authentication the user needs to provide his credentials through a form.
Windows Authentication
Windows Authentication is used in conjunction with IIS authentication. The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication. When IIS authentication is completed, then ASP.NET uses the authenticated identity to authorize access.
Password Authentication
It is a centralized authentication service (paid service) provided by Microsoft which offers a single login and core profile services for member sites.

Different ways to implement authentication in MVC

There are many different ways to implement authentication in MVC. In my upcoming article series, I will explain two ways to implement Authentication and Authorization in MVC applications:
  1. Forms Authentication
  2. ASP.NET Identity