Now that you’ve learned about authentication, you are ready to deal with authorization. Again, authorization is to measure or establish the power or permission that has been given or granted by an authority. In ASP.NET applications, the owner of the application or administrator of the application makes determinations about authorization.
Two types of authorization are available:
Users. Authorization that allows or denies access on a user-by-user basis.
Roles. Authorization that allows or denies access based on roles that are used to group users with common permissions or power levels, such as Administrators, Managers, Users, and so on.
These are the two types of authorization schemes that you can deal with. ...