Authorization
Authorization is the process of determining what an authenticated identity is permitted to do within a system — which resources it can read, modify, or delete. It runs after authentication (which confirms who you are) and enforces access-control policies such as roles, scopes, or attribute rules on every subsequent…
18 resources across 4 libraries
Glossary Terms(5)
Authentication
Authentication is the process of verifying that a user, device, or system is who or what it claims to be, typically before granting access to a resource. It is…
Authorization
Authorization is the process of determining what an authenticated identity is permitted to do within a system — which resources it can read, modify, or delete.…
XSS
Cross-Site Scripting (XSS) is a web security vulnerability that lets an attacker inject malicious client-side scripts into pages viewed by other users. When un…
OAuth
OAuth is an open standard authorization protocol that lets a user grant a third-party application limited access to their resources on another service, without…
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks an authenticated user's browser into unknowingly submitting a malicious request to a web application…
Study Notes(8)
Action Filters
Learn how filters let you run cross-cutting logic before and after action execution, and how the different filter types fit into the MVC pipeline.
Authorization and Roles
How ASP.NET MVC restricts access to controllers and actions using the [Authorize] attribute, role-based checks, and custom policy-style filters.
Authorization Policies and Roles
Learn how ASP.NET Core moves beyond simple role checks into flexible, claims-based authorization policies for fine-grained access control.
Authorization Code with PKCE
The Authorization Code grant is OAuth 2.0's most secure and widely used flow, and PKCE hardens it further so it is safe for public clients like single-page app…
The Authorization Code Flow
A step-by-step walkthrough of OAuth 2.0's most widely used grant type, the authorization code flow, including why PKCE is now required for public clients.
OAuth and OIDC Security Basics
Learn the difference between OAuth 2.0 (authorization) and OpenID Connect (authentication), and the common misconfigurations that lead to token theft and accou…
Authentication and Authorization in Spring
How Spring Security distinguishes proving identity (authentication) from granting access (authorization), covering roles, method security, and JWT-based statel…
Authentication and Authorization in GraphQL
Learn how to authenticate requests and enforce field-level authorization in a GraphQL API, and avoid common security pitfalls.
Cheat Sheets(1)
Interview Questions(4)
What Are the Basic Security Mechanisms in an Operating System?
An operating system enforces security through authentication (verifying who a user is), authorization (deciding what an authenticated user may do via permissio…
What Are Access Control Lists (ACLs) in an Operating System?
An access control list (ACL) is a per-object list of entries, each pairing a specific user or group with the permissions they hold on that object, giving finer…
What is LDAP (Lightweight Directory Access Protocol)?
LDAP (Lightweight Directory Access Protocol) is an application-layer protocol, typically running on TCP port 389 (or 636 for LDAPS), used to query and modify h…
What Is OAuth?
OAuth is an authorization framework that lets a user grant a third-party application limited access to their resources on another service, without ever sharing…