-1

I want to use DotNetOpenAuth to create something like this

Is is authentication or authorization? Any recommended tutorials?

enter image description here

Elad Benda
  • 35,076
  • 87
  • 265
  • 471

2 Answers2

5
  • Authentication - You are who you say you are. Like showing your ID card would mean that you are indeed who you say you are.
  • Authorization - You can access these resources. Knowing who you are, this would be giving (or denying) you access to a building.

In your screenshot you are giving authorization now that you have been authenticated.

Oded
  • 489,969
  • 99
  • 883
  • 1,009
  • Then I need to authenticate and then authorise. I see. – Elad Benda Mar 02 '12 at 18:42
  • Doing something like this will be OK? Or is it missing authentication pashe? http://scatteredcode.wordpress.com/2011/12/01/dotnetopenauth-oauth-and-mvc-for-dummies/ – Elad Benda Mar 03 '12 at 00:52
  • @EladBenda - The blog post seems a bit confused as it mostly deals with authentication but calls it authorization... – Oded Mar 03 '12 at 09:00
  • I don't get it. This sample too -http://blog.bobcravens.com/2010/08/openid-and-oauth-using-dotnetopenauth-in-asp-net-mvc/- uses oauth for authentication. What sample does what I described in my q ? – Elad Benda Mar 03 '12 at 11:49
  • @EladBenda - Nothing will. Authorization is something you need to figure out for your application. It is a mapping between users/roles as authenticated to what they are permitted to do. – Oded Mar 03 '12 at 12:50
  • I will manage authorization for my site, but I want to be given access to the user's gmail. I want to achieve something like the first print screen here http://www.limilabs.com/blog/oauth-with-gmail. how? – Elad Benda Mar 03 '12 at 13:02
3

In easy terms: Authentication is the process of determining the identity of the user. Authorization is the process of determining what a user is allowed to do.

Typically the result of authorization is based on the result of authentication: you may do X if you are Y. When I log in to StackExchange, the system sees I'm Andre (authentication), so regarding to the rules I'm allowed to create gallery chat rooms (authorization).

Andre Loker
  • 8,368
  • 1
  • 23
  • 36
  • Doing something like this will be OK? Or is it missing authentication pashe? http://scatteredcode.wordpress.com/2011/12/01/dotnetopenauth-oauth-and-mvc-for-dummies/ – Elad Benda Mar 03 '12 at 01:05
  • I don't get it. This sample too -http://blog.bobcravens.com/2010/08/openid-and-oauth-using-dotnetopenauth-in-asp-net-mvc/- uses oauth for authentication. What sample does what I described in my q ? – Elad Benda Mar 03 '12 at 11:50