Authentication and Authorization are two concepts that often get confused with each other. So, during this video, discuss each of these concepts and explore real examples for each of them.
- [Instructor] Authentication and authorization are two concepts that most people tend to confuse. Both terms are often used in conjunction with each other when it comes to security and gaining access to the system or the application. However, both these terms are quite different with completely different concepts. Authentication means confirming your own identity, but on the other end, authorization means being allowed to access the system. In even simpler terms, authentication is the process of verifying one's self, while authorization is the process of verifying that you have access to. Imagine a school as an application. In a school we have different people, usually the same like in an application that we have different users. For example, in a school we have students, and teachers, and in an application we have administrators, we have basic users, and we have managers. A school has different components, or different rooms, used for different purposes. So for example we have Principal's Office, we have teacher workrooms, and Classrooms. The same way in an application, we have different components, or features. So for example in an application, we might have an admin dashboard, we might have a user dashboard or profile, and chatrooms for example. Only the students and teachers of this school can enter this institution, because they exist in the records of the institution as teachers or students. In other words, they are authenticated to enter the building, so the school in this case, but they do not have access to all the rooms, which means that they are not authorized to have access everywhere they want. For example in a classroom, both students and teachers have access, but in a teacher workroom, only teachers have access, and to the Principal's Office, none of them has access. So this is the key difference between authentication and authorization.
- Differences between authentication and authorization
- Creating a web application with Identity
- Configuring lockout, password, and sign-in settings
- Customizing the Identity model
- Lazy loading
- Authenticating using external provides such as Facebook
- Configuring cookie-based authentication