Authentication:-- Authentication is the process of validating a user on the credentials(Ex-User name and Password).
Authorization:--Authorization performs various task like access level and this process happens after authentication .
Authentication is validating person's identity that he or she is the genuine user, example is smartcard has pin feature, in your ATM you need to use PIN, Similarly when user login one need to provide his userid and password (basically logon creditial), if that matched then only you can successfully login in the site.
Authorization is giving speficific role to a set of member (groups), like administrator can do these tasks not other use, this is done using rold based authorization.
hope this help you.
Authentication:
1. Meaning: Authentication is the process of verifying the identity of a user.
2. Example: Suppose, we have 2 types of users ( normal and admins ) to a website. When the user tries to access the website, we ask them to log in. This is authentication part.
3. Types of Authentication: Windows Authentication,Forms Authentication and Passport Authentication
4. When it takes place ? Authentication always precedes to Authorization,event if our application lets anonymous users connect and use the application,it still authenticates them as anonymous.
Authorization:
1. Meaning:Authorization is process of checking whether the user has access rights to the system.
2. Example: Once we know the user is valid, then we determine to which pages the user has access to. Normal users should not be able to access admin pages. This is authorization part.
3. Types of Authorization:ACL authorization (also known as file authorization) and URL authorization
4. When it takes place ? Authorization takes place after Authentication
Authentication
Authentication confirms who you are. For example, you can login to your Unix server using ssh client, or access the server using POP3 and SMTP email client. Typically, PAM (Pluggable Authentication Modules) is used as a low-level authentication schemes into a high level application programming interface (API), which allows programs that rely on authentication to be written independently of the underlying authentication scheme.
Authorization
Authorization is the process to confirm what you are authorized to perform. For example, you are allowed to login to your Unix server via ssh client, but you are not allowed to browser / data2 or other file systems. Authorization occurs after authentication is successful. Authorization can be controlled at the level of file system or use a variety of configuration options such as application level chroot. Normally, the connection attempt should be good authentication and authorization by the system. You can easily find out why the connection attempts are either accepted or rejected with the help of two factors.
Authentication is the process of validating that a person is whom he/she says he/she is.
Once a person is authenticated, Authorization is the process who let the person access or not some places.