Authenticating and authorizing application users
Many web applications allow users to perform certain operations only if they are registered, and some applications will only allow paid users to view certain content that is not available to non-paying users. Also, as a user, you expect that your personal profile will be editable only by you, and not by other users, unless they are the site administrators. All the scenarios I have detailed here are examples of authentication and authorization.
Authentication is the act of knowing who the user is and verifying their identity, while authorization is the act of allowing or preventing users from performing actions based on their privileges.
The security technique for authentication that we will use in this book is called token-based authentication.This technique involves generating a security token (a hashed string) when the user logs in, and carrying this token with each request the client makes to the server. This technique is highly used in...