ASP.NET for Web Designers

Can I see some form of identification, please?

You've come a long way so far. You have a pouch full of tools to build web applications so that people can visit your site, you can interact with them, and you can trade information, but up until this point those users have remained anonymous. You have come to the place where you will learn how to allow users to identify themselves and then control what information they will be allowed to see.

This is known as authentication and authorization. Let me take a minute here to give some basic definitions of these two words that you'll be studying throughout this chapter.

• Authentication. The process of verifying a user's identity against a known and trusted source.

• Authorization. To measure or establish the power or permission that has been given or granted by an authority.

Although both processes start with the same four letters and are closely integrated, they serve very different purposes in life and hence in your ASP.NET applications. You must first authenticate someone, and only then can you understand what authority or authorization that user might have within your site.