DEV Community

Discussion on: Authenticate, Authorization and Claim. All you need to know in ASP.NET Core

v6 profile image
πŸ¦„N BπŸ›‘

// , I don't work with .NET much, or even like it, but I love your simple explanation of the difference between authentication and authorization, Stephany.

Authentication is a process to know who you are.
Authorization is the process to know if you can do what you want.

This is gold. There's also the idea of identity, which is just who you are, as opposed to Authentication, a process to know, or prove who you are.

I've whiteboarded this so many times, and it's great to see someone who understands how these different processes fit together, and why we should discriminate among their separate purposes.