authentication authorization basic-authentication
Authentication is about validating your credentials such as Username/User ID and password to verify your identity. The system then checks whether you are what you say you are using your credentials. Whether in public or private networks, the system authenticates the user identity through login passwords. Usually authentication is done by a username and password
Authorization occurs after your identity is successfully authenticated by the system, which therefore gives you full access to resources such as information, files, databases, funds, etc. However authorization verifies your rights to grant you access to resources only after determining your ability to access the system and up to what extent. In other words, authorization is the process to determine whether the authenticated user has access to the particular resources. A good example of this is, once verifying and confirming employee ID and passwords through authentication, the next step would be determining which employee has access to which floor and that is done through authorization
Basic authentication is a method for an HTTP user agent (e.g. a web browser, postman) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the base64 encoding of id and password joined by a single colon :
Base64 is generally used to transfer content-based messages over the Internet. It works by dividing every three bits of binary data into six bit units. The newly created data is represented in a 64-radix numeral system and as seven-bit ASCII text. Because each bit is divided into two bits, the converted data is 33 percent, or one-third, larger than the original data. Like binary data, Base64 encoded resultant data is not human readable
A principal (in computer security) is an entity that can be authenticated by a computer system or network. Principals can be individual people, computers, services, computational entities such as processes and threads, etc.
ThreadStatic: A static variable marked with the ThreadStatic attribute is not shared between threads, therefore each thread gets it’s own instance of the static variable.
More topics covered:
- Postman – sending username and password
- Session
- Context
- Cookie
- Web Api BasicAuthenticaion implementaiton
- AuthorizationFilterAttribute
- Thread.CurrentPrincipal
- RequestContext.Principal
- Request.Properties – storage
- Passing principle to web api controller
Links:
.NET Experts 