ASP.NET MVC 5 Authentication Filters

The following are the differences in short:

Authentication: It is a process of verification that verifies “Who you are” (it confirms that you are a valid (or invalid) user).

Authorization: It is a process of verification that verifies “What to do” (It confirms you are permissible to do (or not to do) that).

接口IAuthenticationFilter的OnAuthentication（）方法可以用于执行任何需要的身份验证，而OnAuthenticationChallenge方法基于已验证用户的身份限制其访问。

The OnAuthentication method is executed first and can be used to perform any needed authentication. The OnAuthenticationChallenge method is used to restrict access based upon the authenticated user's principal.

Authentication filters are applied prior to any Authorization filters.

For authenticating a user you can use one of the following two ways:

Thread.CurrentPrincipal.Identity.IsAuthenticated

HttpContext.Current.User.Identity.IsAuthenticated