Many web applications allow users to perform certain operations only if they are registered, and some applications will only allow paid users to view certain content that is not available to non-paying users. Also, as a user, you expect that your personal profile will be editable only by you, and not by other users, unless they are the site administrators. All the scenarios I have detailed here are examples of authentication and authorization. 

Authentication is the act of knowing who the user is and verifying their identity, while authorization is the act of allowing or preventing users from performing actions based on their privileges. 

The security technique for authentication that we will use in this book is called token-based authentication. This technique involves generating a security token (a hashed string) when the user logs in, and carrying this token with each request the client makes to the server. This technique is highly used in Web APIs and is both secure and simple to use. 

For authorization, we are using claim-based authorization, where each user is assigned with claims (key-value pairs) based on their role and/or security policy, and the actions are then checked if they are authorized for the user, based on their assigned claims.

The infrastructure for user identities and authentication in ASP.NET Core is contained in the Microsoft.Extensions.Identity.Core NuGet package and all the related classes reside in the Microsoft.Extensions.Identity namespace.