Understanding the Requirement for Authorization

While we have added a lot of functionality to our application, there are some obvious drawbacks that we highlighted in the previous sections. For instance, the Create Article, Register, Login and Logout links and functionalities are available to all users, regardless of their authentication status. Implementing authentication and authorization allows us to deal with these issues.

As mentioned earlier, we will use the authentication status for authorization. In more complex applications, you can define roles and permissions and base the authorization rules on that.