Question
I am researching on this topic last weeks and unfortunately I can't figure out. I understand the difference between authentication and authorization.
I will appreciate any guidance on the topic.
What I need as general is to implement single sign on for several web sites which are driven with apis which also should handle authentication. The users should be able to register/login with username/pass or respectively through any third party service like facebook, google+, twitter etc.
In the scenario above what is the better approach? Should I use only identity server, or only authorization server or both?
Thank you in advance.
Solution
Start with IdentityServer - this is your identity management system.
AuthorizationServer in addition is a full featured OAuth2 implementation that can use IdentityServer as a user store.
http://leastprivilege.com/2013/06/16/relationship-between-identityserver-and-authorizationserver/
OTHER TIPS
Your scenario is more like Authentication which is confirming the identity of the user. On the other hand Authorization is if a person or if a role can execute some operation.
When Identity Server 3 was launched, it deprecated AS: The Future of AuthorizationServer, because all the AS features ase now included in IS.
https://stackoverflow.com/questions/21207985
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian