17.1. Understanding Authentication
Authentication is the process of confirming the identity of a person. Say a man arrives at the door to repair your home's heating system. You need to determine who this person is by looking at some credentials.
The credentials could be a photo identification card plus the fact that the man is wearing company overalls, carrying tools, and arrived in a heating company's truck. Therefore, you're satisfied that this person is a heating system repairperson. You've authenticated the worker.
However, you haven't yet authorized him to do any work. You ask others in the house if they've called for a furnace repair. To make a long story short, the company's dispatcher got the street number wrong. The unhappy neighbors are freezing while the technician dawdles at the wrong house!
In the Web site context, users frequently provide their name and password to request authentication. Whatever they offer as credentials must match what's recorded in your site's database. After the system establishes their identity, a second mechanism (such as belonging to a specific role) determines whether the person can navigate to some or all of the site's pages.
Get ASP.NET 3.5 For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
