Which approach should you recommend?

You need to ensure that unauthorized users do not have access to the administration pages.
Which approach should you recommend?

You need to ensure that unauthorized users do not have access to the administration pages.
Which approach should you recommend?

A.
Check whether the user has access in the Page_Load method of every administration page by using the
User.IsInRole(“Admin”) method.

B.
Override the OnInit event of the CustomPage class, and then check whether the user has access.

C.
Override the OnLoad event of the CustomPage class, and then check whether the user has access.
D. Decorate the CustomManagementPage class with the PrincipalPermissionAttribute, demanding access for
the Admin role.

Explanation:
PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a
specified role or have been authenticated. Use of Unrestricted creates a PrincipalPermission with Authenticated
set to true and Name and Role set to null.
The scope of the declaration that is allowed depends on the SecurityAction that is used.
PrincipalPermissionAttribute cannot be applied at the assembly level.
The security information declared by a security attribute is stored in the metadata of the attribute target and is
accessed by the system at run time. Security attributes are used only for declarative security. For imperative
security, use the corresponding permission class.
http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermissionattribute.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *