Authentication is the process of verifying the identity of a user by validating their credentials against some authority. Credentials include a username and password combination, or a fingerprint or face scan. Once authenticated, a user can make claims, for example, what their email address is, and what groups or roles they belong to.
Authorization is the process of verifying membership of groups or roles before allowing access to resources such as application functions and data. Although authorization can be based on individual identity, it is good security practice to authorize based on group or role membership because that allows membership to change in future without reassigning access rights.
There are multiple authentication and authorization mechanisms to choose from. They all implement a pair of interfaces in the System.Security.Principal...