安全概念: Impersonation, Authentication, Authorization

Impersonation
Sometimes we want users' requests to be run in the security context of some other user identity. For that we use impersonation. Impersonation is a process in which a user accesses the resources by using the identity of another user. An example of impersonation is the use of the IUSR_machinename account that is created by IIS. When a Web site has anonymous access enabled, then IIS runs all the users' requests using the identity of the IUSR_machinename account.

 

Authentication
Authentication is a process in which the security infrastructure makes sure that the users are who they say they are. In order to do this, the security infrastructure collects the user's credentials, usually in the form of user ID and password, checks those credentials against any credentials' store. If the credentials provided by the user are valid, then the user is considered an authenticated user.

 

Authorization
Once we have authenticated the user and the user has valid credentials, it is time to check authorization.

Authorization is a process in which the security infrastructure checks whether the authenticated user has sufficient rights to access the requested resource. If user has sufficient rights to access a resource, for example, the user has "write rights" on a file, then the operation succeeds; otherwise the operation fails.

 

出处:

http://www.15seconds.com/Issue/020312.htm