Authorization and Authentication

Introduction

In the SmartComponent Library, authentication and authorization are handled as separate, pluggable services within the SmartFramework.

Authentication answers the question “Who is the user or calling system?”.
It is responsible for validating credentials (for example against the SmartUser table, an external realm, or a PASOE security domain) and establishing a session identity that is used by all client types (GUI for .NET, Angular/NG2, REST, etc.). The login screen and backend login logic are configurable so you can plug in custom authentication sources or flows without changing your business logic.

Authorization answers the question “What is this authenticated identity allowed to do?”.
Authorization services evaluate the user’s roles, permissions and tenant/domain context and decide which Business Entities, Business Tasks, and service operations may be invoked. These checks are performed at the Service Interface level, so the same centralized rules apply no matter whether the request originates from a desktop client, web client or REST API.

By separating authentication and authorization into dedicated service interfaces, the SmartComponent Library allows you to reuse a consistent security model across all front ends, integrate with external identity providers, and customize permission logic while keeping your application code clean and maintainable.