Web AA === ###### tags: `Web Frontend` `Web Backend` `M$` ## Authentication vs. Authorization Authentication = login + password (process of ascertaining who you are) Authorization = permissions (rules that you are allowed to do) ## AntiForgeryToken - [CSRF](http://blog.techbridge.cc/2017/02/25/csrf-introduction/) - [ASP.NET MVC](http://kevintsengtw.blogspot.tw/2013/01/aspnet-mvc-validateantiforgerytoken.html) - [AngularJS in ASP.NET MVC](http://techbrij.com/angularjs-antiforgerytoken-asp-net-mvc) ## Two-Factor Authentication - [Implementing Free Two-Factor Authentication in .NET using Google Authenticator](http://brandonpotter.com/2014/09/07/implementing-free-two-factor-authentication-in-net-using-google-authenticator/) - [BrandonPotter/GoogleAuthenticator](https://github.com/BrandonPotter/GoogleAuthenticator)