认证与授权

Question

How the process Authentication is differ from authorization? In my winforms application with c# and mySQL I have a login page for validating an user, then shows the admin page if the user is admin and user home if he is not an admin, Actually what we are doing through a process of login? whether it is authorizing or authenticating an user?

Answer 1

Authentication: The process of a user, authenticating(Log In) themselves to a system to use the features provided.

Authorization: Being authorized to, for instance, see a specific page of your application.

Quick example: If a user logged in to your system, and they are authenticated as a user with user permissions, you will not allow them to see your admin pages, since the user does not have the same authorization as a Admin in your application.

In your scenario, when the user logs in, it is the process of authentication.

Answer 2

in short 
 when you try to login is Authentication (verify user by his identity like login credential)

after successful login user have some authority(like admin can change everything and user can only view they can add or edit some thing depends on access) is called Authorization

Answer 3

The first process , the process of validating an user is called authentication where we check whether such an user with some user id and password is belongs to our database.

The second process , based on the type of user or the level of user in the hierarchy we are disable or enables some/few pages and/or redirecting to admin home/user home these processes are called Authorization.