-
Book Overview & Buying
-
Table Of Contents
Blazor WebAssembly by Example - Third Edition
By :
Authentication and authorization form the foundation of application security. Authentication is the process of obtaining credentials from a user to verify their identity. Authorization is the process of determining what the user is allowed to access based on their assigned rights.
Authentication always precedes authorization. In other words, you must first determine who the user is before you can determine what they are allowed to do:

Figure 13.1 – Authentication vs. Authorization
The preceding figure illustrates the difference between authentication and authorization. The left side shows a sample login screen used to authenticate the user. The right side shows groups or roles to which the user belongs. These are used for authorization.
Real security can only be enforced on the server. You cannot authenticate your users on the client, nor can you reliably authorize their actions on the client. A malicious user can modify client-side code, so any...