Difference between authentication and authorization filters in aspnet-mvc5

巧了我就是萌 提交于 2021-02-07 14:27:24

问题


Why authentication filter is included in mvc 5? What is the major difference between authentication filter and authorization filter in mvc 5?


回答1:


I found the following blog post: ASP.NET MVC 5 Authentication Filters

Basically its about separation of concerns.

Authentication: find out WHO issued a request.

Authorization: find out whether a known user is allowed to perform a certain action.




回答2:


To answer this you must understand the difference between authentication and authorization. Simply put,

  • Authentication is the server trying to identify the user (i.e. asking the question of 'who are you'). Usually this involves entering usernames, passwords, and/or access tokens.
  • Authorization is the server determining whether the claimed user can/cannot perform certain actions.

Given the above definitions, authorization must come after authentication since you must be able to identify the user before determining what actions are legal for that particular user.

For ASP.NET MVC, authentication filters run before authorization filters as explained above. They both allow you the specify custom authentication (via IAuthenticationFilter.OnAuthentication and IAuthenticationFilter.OnAuthenticationChallenge) and authorization logic (via IAuthorizationFilter.OnAuthorization) respectively.



来源:https://stackoverflow.com/questions/39264993/difference-between-authentication-and-authorization-filters-in-aspnet-mvc5

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!