Authentication: Who the user is? or Authentication is process of Identifying the user is valid or not from the database.
Authorization: To Identify what kind of authority or rights does user has.
In ASP.NET there are three way to do Authentication and Authorization.
In this methadology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.
This is a cookie based authentication where user name and password stored on client machine as cookie files or they are sent to URL for every request. Form-based authentication presents the users with an HTML-based web page that prompts the user for credentials.In case browser doesnot support cookies then username and password passed via URL string for every request.
Passport authentication is based on passport website provided by the microsoft.So when user logins with credentials it will be reached to the passport website(i.e. hotmail,devhood,windows live etc) where authentication will happen.If authentication is successful it will return a token to your website.
Following is the video for Authentication and Authorization
Asked In: Many Interviews |