You are developing a Web application for Domain.com’s existing Web site. The Web application implements role-based security to allow for the administration and maintenance of the Domain.com Web site. It allows members of the Admins role to administer the Web site, including the databases used by the Web site, while allowing members of the Support role to a maintain the Web site by adding and editing product information. Only members of the Admins role should have access to confidential user information.
What code segment should you use?
A.
if (User.Identity.Name != "Support")
Return;
//Show user info
B.
if (User.IsInRole("Support"))
Return;
//Show user info
C.
if (User.Identity.Name == "Admins")
Return;
//Show user info
D.
if (User.IsInRole("Admins"))
Return;
//Show user info
Explanation:
You must determine if the user is a member of the Admins role by calling the IsInRole method and then return the requested information only if the user is a member of the Admins role.Incorrect Answers:
A, C: This code returns name of the identity that is attached to the current HTTP context. It does not determine whether data should be retuned or not.
B: This code determines if the user is a member of the Support role by calling the IsInRole method and then return the requested information if the user is a member of the Support role. Members of support must not have access to user information.