AspNetCore.Docs/aspnetcore/security/authorization/introduction.md

---
title: Introduction | Microsoft Docs
author: rick-anderson
description: 
keywords: ASP.NET Core,
ms.author: riande
manager: wpickett
ms.date: 10/14/2016
ms.topic: article
ms.assetid: a6a556ed-ba59-4107-9358-44cf20e5931b
ms.technology: aspnet
ms.prod: asp.net-core
uid: security/authorization/introduction
---
# Introduction

<a name=security-authorization-introduction></a>

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.

Authorization is orthogonal and independent from authentication, which is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.

## Authorization Types

In ASP.NET Core authorization now provides simple declarative [role](roles.md#security-authorization-role-based) and a [richer policy based](policies.md#security-authorization-policies-based) model where authorization is expressed in requirements and handlers evaluate a users claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.

## Namespaces

Authorization components, including the `AuthorizeAttribute` and `AllowAnonymousAttribute` attributes are found in the `Microsoft.AspNetCore.Authorization` namespace.
Add docfx content 2016-10-29 01:35:15 +08:00			`---`
title + meta on technology 2016-11-17 08:24:57 +08:00			`title: Introduction \| Microsoft Docs`
Add docfx content 2016-10-29 01:35:15 +08:00			`author: rick-anderson`
keywords and decription meta-data 2016-11-18 04:13:02 +08:00			`description:`
			`keywords: ASP.NET Core,`
Add docfx content 2016-10-29 01:35:15 +08:00			`ms.author: riande`
			`manager: wpickett`
			`ms.date: 10/14/2016`
			`ms.topic: article`
			`ms.assetid: a6a556ed-ba59-4107-9358-44cf20e5931b`
title + meta on technology 2016-11-17 08:24:57 +08:00			`ms.technology: aspnet`
Bulk metadata fix (#2871) * meta data fix * Revert "meta data fix" This reverts commit ba3688347667594a0967b08196cbb5308500a217. * meta data fix2 * test * Update owin-oauth-20-authorization-server.md * Update api-ref.md * Update api-ref.md * test * test2 2017-03-03 08:50:36 +08:00			`ms.prod: asp.net-core`
Add docfx content 2016-10-29 01:35:15 +08:00			`uid: security/authorization/introduction`
			`---`
			`# Introduction`

			`<a name=security-authorization-introduction></a>`

Update introduction.md 2016-12-04 10:04:32 +08:00			`Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.`
Add docfx content 2016-10-29 01:35:15 +08:00
			`Authorization is orthogonal and independent from authentication, which is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.`

			`## Authorization Types`

Fix typo of word Policies (#2449) 2016-12-29 03:57:04 +08:00			`In ASP.NET Core authorization now provides simple declarative [role](roles.md#security-authorization-role-based) and a [richer policy based](policies.md#security-authorization-policies-based) model where authorization is expressed in requirements and handlers evaluate a users claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.`
Add docfx content 2016-10-29 01:35:15 +08:00
			`## Namespaces`

Api link fix (#2115) * quick test * quick test * quick test * Revert "quick test" This reverts commit 91b07a3df541769ef7a137e039d6a7f91cdcdf3b. * Revert "quick test" This reverts commit e44af19bb4e60cb8299790b7db34a37f0c645e48. * Revert "quick test" This reverts commit 6872a1921dbd997b3027873fe823f87ee8601024. * Removed links to old api site * Fixed link to H1 * quick fix * Fixed link to H1 * reverted to match master * removed random character. * removed random unix character * removed random unix character * removed random UTF character * removed random UTF character * removed random UTF character * removed random UTF character * removed random UTF character * removed random UTF character * Quick fixes * Update CONTRIBUTING.md * removed random UTF character * removed random UTF character * Update routing.md * Update validation.md * Update overview.md * Update linuxproduction.md * Update web-publishing-vs.md * Update sociallogins.md * Update cors.md * Update cross-site-scripting.md * Update overview.md * Update key-encryption-at-rest.md * Update adding-model.md * Update new-field.md * Update validation.md * Update first-web-api.md * Update nano-server.md * Update your-first-mac-aspnet.md * Update linuxproduction.md 2016-11-08 01:58:40 +08:00			Authorization components, including the `AuthorizeAttribute` and `AllowAnonymousAttribute` attributes are found in the `Microsoft.AspNetCore.Authorization` namespace.