Authentication vs Authorization

There are some differences between authentication and authorization but I always used to have difficulties telling them apart. Now I remember them again so I would like to share them with you.

Authentication checks who is trying to log on, usually by asking a username. It also verifies whether the person logging on is the one he claims to be. Asking a password is a common way to do so. Other ways for authentication exist as well, like a smartcard or fingerprints. So basically authentication checks the authenticity of the actor logging on.

Authorization is all about checking access rights. The person logged on receives a role. According to this role he's permitted to access only certain parts of the application while other persons can access the whole application. Authorization makes sure you only access what you're supposed to.

Related Posts by Categories


Recent Articles

Top Commenters

Recent Comments