On the other side of the access-control coin is authorization. This is about determining what a user should be allowed to do within a system, from modifying or adding information stored by a system to even accessing it in the first place. Just as the name suggests, authorization is a precaution of not allowing a user to perform an action until the system knows that the user is authorized to do so.

In almost all access-controlled systems, authorization is dependent on authentication. You can't determine if a user is authorized to perform an action until you can first authenticate that the user is who they claim to be. Authorization has the potential to be a substantially more complex step in the access-control process, though. ...

Get Hands-On Network Programming with C# and .NET Core now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.