Authorization and Authentication

-
Hello..!!!

Lot of times we see  warning message saying "You are not Authorized to use this " or "Authenticate yourself to download this file"

These two words may confuse us bit because they are too similar to write and pronounce. All the services or APIs will go under Authorization and Authentication steps in order to give access to the resources.Let's dig deep into it.

So, will discuss below in this article
  • What is Authentication and Why 
  • What is Authorization
  • An Example to differentiate them

What is Authentication


Who are you

Yes..!! Authentication is a process of verifying who you are. Generally if we visit any e commerce site or social network site, we will be prompted to Sign In/Login with a UserID/Username and Password. Sometimes it could ask for mobile number to verify you through OTP 

If you are failed in Authentication process you are not even allowed to see the home page in some web applications(so sad). This process comes under security verification

Today we save a lot of sensitive data(Bio data , photos, documents etc) in online portals. Any one can pretend to be you and access your personal info on the web site and may misuse it. This looks small but when it comes to a big aspect of data, Authentication plays a big roll in security point of view

We have to prove ourselves that we are valid user to use the portal/web site. As said earlier others may pretend to be you and can login to the application. So, to avoid this there are different types of authentications that are followed by lot of applications

Single(One) factor authentication

As the name itself indicates , it takes only one factor or credential to prove the identity of the user to be able to use the resources of the application
Generally this will be a password which was given by the user while registering for that web site. Some times this password may be auto generated by the application itself. Some systems will ask us to solve a  CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart.. very short full form πŸ‘€πŸ‘€ ) to prevent the resources to be used by Automated Systems. But nowadays hackers can easily pass in this with distinction marks.

Hackers can also crack password trying all the combination of the letters, words, symbols for each length of the password

To overcome this and to increase the work load for hackers, most of the applications consider  another factor of authentication to identify the user

Two factor authentication

Along with the password, application will ask user to set another factor which is uniquely identified by the end user. This depends on the application, some apps ask for security question and the answer to be set while sign up process.

What is your favorite color ? ☝
What is your crush name ?πŸ’–
Whom will you murder if you get a chance to?πŸ‘…πŸ’ͺπŸ’£

This list goes on. Main problem with this is, user himself will forget the answer

Some Applications goes for OTP authentication to login the portal. This is more secured and most  commonly used by lot of applications.

These factors may be more in some secured applications to make sure the user is the one who claimed to be the valid user with the given combination of credentials on that applications, then it is called Multi Factor Authentication

What is Authorization


Well, we have logged into the application successfully. But then we will be provided with a set of resources/features to be used. Permissions on these resources will be decided by the system based on some criteria which is internal to the application


Yes.. Based on the role in that application, we will be given with the permissions. So, Authorization is the ability to access the system resources such as files, database, photos, documents, etc to read/write/execute them

Generally admin users will have most of the rights to access the features to have the control over the application. 

A Dream travel to Bangkok

Suppose, we have decided to go to Bangkok(Most preferred) for a vacation . We need to travel on flight and booked tickets for window seats. There will be a Pilot who controls the flight. We on-boarded the flight and directly went to the flight controls cabin and tried to drive it with 120 kmph speed like DhoomπŸš…πŸš….. But suddenly we were kicked out of the flight with the same speed πŸš€πŸ™Œ.

Here, both of us has to prove our identity to enter the flight, but we as passengers are not allowed to the cabin. Here both rolls were Authenticated but we are not Authorized to enter the cabin to control the flight but the Pilot does

Hope you got the clear difference between the Authentication and Authorization

Thanks...!!!
The Midnight Coder

Comments

Post a Comment

Popular posts from this blog

Dependency Injection in C Sharp(C#)

-
Hello..!! Welcome back to The Midnight Coder.. Today we will discuss about an interesting topic called "Dependency Injection" . So, Dependency Injection is a powerful Injection which kills the insects,bacteria and virus(Corona) in our stomach..😼😼😼 Just kidding Will go step by step. For simplicity and to save some energy I will call  it as DI What is DI Why DI Sample Problem and Code DI Types and Usage Download C# code samples here This topic makes bit confusion. So, Before continuing further I need some Deals/Promises to be clear. So that you can understand the concept of DI easily. Yes, but I can do this in a different way Is this the only way ? I won't do that So, Don't ask these yourself in middle of this article to avoid confusion. Just go with the flow, implement it. You will definitely find the difference What is DI There are few definitions for  DI. I've tried to make it simple below " DI is a process of removi...
Read more

What is .Net, ASP.Net and MVC.Net ?

-
Image
Hello.. !! After being a Software Developer for more than 1 year, got a brilliant doubt in my mind and  was actually confused with the terminology.  Here is an interesting conversation "Hey buddy, what technology you are working on ? " "dot Net"  "Oh, ASP.Net or MVC.Net ?"  "Oops..!! Are they not same ?" πŸ˜•πŸ˜• So before writing a lot of code, this is the time we need to focus on what actually they are. What is .Net ? First let's hear from the inventors. According to Microsoft, " .NET is a free, cross-platform, open source developer platform for building many different types of applications.With .NET, you can use multiple languages, editors, and libraries to build for web, mobile, desktop, gaming, and IoT(Internet of Things)" Yes, It is a platform where we can develop wide variety of applications like Self Contained (Desktop, Most famous NextΛƒ buttons to install the software), Web Applications (Host in ser...
Read more

ASP.NET Web API with C# - Implementing GET method and accessing in C#,JQuery

-
Image
Hello.. !! We have seen how to create a ASP.NET Web API   project   and accessing it through localhost. Now we will implement CRUD(Create, Read,Update, Delete) operations for the project we have seen earlier Here is the project description "Build a  Web API  project for a  Super Market/ Mart  where there is a huge DB warehouse of  Products  which are belongs to different categories and with prices. These products are associated with  Sellers  data. This DB warehouse also contains all  Orders  data associated with  Customer  details" What we do in this article Adding a Model Implement GET operation Access it from C# and Javascript Download Web API solution Download Web API Sample Code Files First we need to create a  Web API  project. You can easily follow this link to know how to create it. After having all these set, we can move further Adding a Model Right Click on the Mo...
Read more