Posted By : Murugan Andezuthu Dharmaratnam
Posted On : 21 January 2015
Keywords : Authentication And Authorization , Authentication, Authorization ,Authentication ASP .Net MVC, Authorization ASP .NET MVC

Authentication And Authorization In ASP.NET MVC

Introduction To Authentication And Authorization


Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user's identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to authorization process.

The ASP.NET authentication scheme that is used to identify users who view an ASP.NET application. An application has two separate authentication levels because all requests coming through IIS before it handled by ASP.NET. After IIS authentication schemes ASP.NET implements additional authentication schemes.

The various authentication schemes are:

  • Windows Authentication
  • Forms Authentication
  • Passport Authentication


Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.

ASP.NET allows two ways to authorize access to a given resources

  1. URL authorization
  2. File authorization

Let us have a look on the figure , it shows how to authenticate and authorize a user that pretends to acess resources.The figure will explains in detail the same.

Murugan Andezuthu Dharmaratnam

Murugan is a technology leader with 14 years of hands-on experience in full life cycle systems design, development, implementation, and management. In addition to systems design and development, his core competencies include cloud design and architecture, interactive web applications and websites development, mobile computing, and Healthcare Information Technology. His experience is very diverse with a broad range of technologies within multiple industry settings including private, public, and non-profit. Coupled with his technology expertise, Murugan is a well-organized, result-oriented, and a highly analytical leader with proven track record in developing and implementing very complex systems.