mvc authorize or authenticate

Instead of using windows/forms authentication can I just use authorize attributes on the control actions that I want to restrict?

It seems to me that authorizat开发者_如何学Cion is strictly better then authentication and is a replacement in most situations. I understand that authentication is at the web.config level and thus lets you switch pages in and out without a recompile, but if we didn't need that functionality then authorization is the way to go?

To protect a system you need both authentication and authorization.

http://www.duke.edu/~rob/kerberos/authvauth.html

Authentication is how you determine who a user is a.k.a. Logging In.

Authorize is a Annotation for ASP .NET that says to use this part of the site you need to be authenticated.