发表新帖
发表新帖

Is there a difference between authentication and authorization?

后端 未结
关注
17 2303
囚心锁ツ
囚心锁ツ 2020-12-04 06:38

I see these two terms bandied about quite a bit (specifically in web-based scenarios but I suppose it\'s not limited to that) and I was wondering whether or not there was a

相关标签:
17条回答
  • 萌比男神i
    2020-12-04 06:57

    Authentication: verifying who a user is.

    To authenticate, the user provides credential information such as a username and password and if the credentials are valid, the user receives a token that can be sent in with future requests as verification of her authentication.

    Authorization: determining what a user is allowed to do.

    From the user’s perspective, a successful authorization takes place when she is able to send a request to access a system and do something (such as upload a file in the system) and it works.

    Authentication only verifies identity—it confirms that a user is who she claims to be. Authorization determines which resources a verified user can access.

    0 讨论(0)
  • 囚心锁ツ
    2020-12-04 06:58

    Authenticating a user on a website means that you verify that this user is a valid user, that is, verifying who the user is using username/password or certificates, etc. In common terms, is the person allowed to enter the building?

    Authorization is the process of verifying if the user has rights/permission to access certain resources or sections of a website, for example, if its a CMS then is the user authorized to change content of the website. In terms of the office building scenario, is the user allowed to enter the networks room of the office.

    0 讨论(0)
  • 予麋鹿
    2020-12-04 07:01

    The main point is:

    • Authentication deals with user account validation. Is this a valid user? Is this user registered in our application?. e.g.: Login
    • Authorization deals with user access validation to certain feature. Does this user have the authorization/right to access this feature? e.g.: Claims, Roles
    0 讨论(0)
  • 醉梦人生
    2020-12-04 07:05

    Authorization is a process by which server determines if the client has permission to use a resources or access file.

    Authentication is used by a server when the server needs to know exactly who is accessing their information or site.

    0 讨论(0)
  • 梦如初夏
    2020-12-04 07:06

    In my experience, Authentication usually refers to the more technical process, i.e. Authenticating a user (by checking login/password credentials, certificates etc), whereas Authorization is used more in the Business Logic of an application.

    For example, in an application, a user might login and be authenticated, but not authorized to perform certain functions.

    0 讨论(0)
 看不清?
提交回复
热议问题