Why authentication filter is included in mvc 5? What is the major difference between authentication filter and authorization filter in mvc 5?
To answer this you must understand the difference between authentication and authorization. Simply put,
Given the above definitions, authorization must come after authentication since you must be able to identify the user before determining what actions are legal for that particular user.
For ASP.NET MVC, authentication filters run before authorization filters as explained above. They both allow you the specify custom authentication (via
IAuthenticationFilter.OnAuthenticationChallenge) and authorization logic (via