Authentication and Authorization - Registration Part 1



I finished! On to the next chapter


DMV Analogy

This process is similar to the process at the DMV when you apply for a license. The first time you apply for a license you present artifacts that identify who you are:

  • A birth certificate
  • A Social Security card
  • Your fingerprint
  • oh! And don’t forget the written & behind the wheel driving tests

You’re provided with a license which represents a token that contains your claims:

  • Your name
  • Hair & eye color
  • Height & weight
  • Your home address
  • And the type of vehicle you’re authorized to operate (consider this your role as a driver).


  • Authentication is the method used to identify a user
  • Authorization represents the privileges a user has
    • What are they allowed to do
  • Registration Process
    • This is normally performed by having the user provide a username or email along with a password when they create their account.
  • Login Process (Authentication)
    • A user will use their credentials (username/email & password) in exchange for a token.
  • The token will contain the user's information
    • Technically, these are called "claims"
    • username/email
    • Potentially a role
    • And any other information as the system requires

ASP.NET Web API Controller

ASP.NET uses a naming convention derived from the Controllers name to drive the URL of the API.