Authentication is the process that determines the identity of a user. After a user
has been authenticated, a developer can determine if the identified user has authorization to proceed. It is
impossible to give an entity authorization if no authentication process has been applied.
Authorization is the process of determining whether an authenticated user is permitted access to any part
of an application, access to specific points of an application, or access only to specified datasets that the
application provides. Authenticating and authorizing users and groups enable you to customize a site
based on user types or preferences.
From 《Professional Asp.Net 2.0》 Wrox publish.