What is the difference of app.UseAuthentication and app.UseAuthorization?

Question

I am trying to write a middleware which executes between authentication and authorization.

I've registered that middleware between these the two authXYZ:

app.UseAuthentication();
app.UseCustomMiddlerware();
app.UseAuthorization();

But I cannot get an authenticated user in my CustomMiddlerware.

When I deleted the app.UseAuthentication() statement then I found out that AuthenticationHandler still runs, and an authenticated user is available only after app.UseAuthorization().

So, here are my questions:

1. Can I only use app.UseAuthorization() instead of using both app.UseAuthentication() and app.UseAuthorization()?
   1.1 What are the differences?
2. Are authentication and authorization triggered together?
   2.1 Is there any way to insert a middlerware between them?

Answer 1

Authentication and Authorization are two different things, but they also go hand in hand. Think of Authentication as letting someone into your home and Authorization as allowing your guests to do specific things once they’re inside (e.g. wear their shoes indoors, eat your food, etc). In other words, Authentication lets your web app’s users identify themselves to get access to your app and Authorization allows them to get access to specific features and functionality.

You can find more in here