Difference Between Authentication and Authorization
authenticationauthorization
Basic question from a novice:
What is the difference between authentication and authorization?
Best Answer
Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.
Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.
"Client Certificate Mapping Authentication" is intended for use with Active Directory.
Imagine a scenario in which you've deployed User Authentication certificates using AD CS and configured the Certificate Template to allow Active Directory storage. Now you can employ "non-IIS" Client Certificate Mapping Authentication on an AD member server with IIS installed, and have IIS automatically map the certificate to a user by querying Active Directory
"IIS Client Certificate Mapping Authentication" is intended for non-AD CS certificates and standalone servers.
Since Active Directory will not be used to map certificates to users in this scenario, you'll need to define the mappings in the configuration files, either as one-to-one mappings or many-to-one mappings.
Best Answer
Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.
Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.