{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我想做一个坏孩纸 的问题《Is there a difference between authentication and a》','https://www.manongdao.com/q-1186838.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I see these two terms bandied about quite a bit (specifically in web-based scenarios but I suppose it's not limited to that) and I was wondering whether or not there was a difference.
It appears to me that they both mean you're allowed to be doing what you're doing. So is this just a nomenclature thing, or is there a basic difference in meaning?
Authentication:
Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user's identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process.
Authorization:
Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.
Authenticating a user on a website means that you verify that this user is a valid user, that is, verifying who the user is using username/password or certificates, etc. In common terms, is the person allowed to enter the building?
Authorization is the process of verifying if the user has rights/permission to access certain resources or sections of a website, for example, if its a CMS then is the user authorized to change content of the website. In terms of the office building scenario, is the user allowed to enter the networks room of the office.
If I can log-in, my credentials are verified and I am AUTHENTICATED. If I can perform a particular task I am AUTHORIZED to do so.
Simple real time example, If student is coming to school then principal is checking Authentication and Authorization. Authentication: Check student ID card it mean He or She belong to our school or not. Authorization: Check student have permission to sit in Computer Programming Lab or not.
Authentication refers to verifying an entity's identity. Authorization deals with what an authenticated entity is allowed to do (e.g. file permissions).
Authentication: verifying who a user is.
To authenticate, the user provides credential information such as a username and password and if the credentials are valid, the user receives a token that can be sent in with future requests as verification of her authentication.
Authorization: determining what a user is allowed to do.
From the user’s perspective, a successful authorization takes place when she is able to send a request to access a system and do something (such as upload a file in the system) and it works.
Authentication only verifies identity—it confirms that a user is who she claims to be. Authorization determines which resources a verified user can access.