You are currently creating a sales report application that requires Windows authentication on Domain.com’s domain.
To achieve this, you are required to implement role-based security within the sales report application.
You establish that the method shown below should only be invoked by members of the Managers group:
public void UpdateEmpSalesBonus (int empID, double amount) { //Update employee’s salary
}
You need to ensure that invocation of the UpdateEmpSalesBonus method is restricted to only managers.
What should you do? (Choose two)
A.
Apply the following attribute to the UpdateEmpSalesBonus method:
[WindowsPrincipalPermission (SecurityAction.Demand, Role = “Managers”)]
B.
Apply the following code to the UpdateEmpSalesBonus method:
WindowsIdentity user = WindowsIdentity.GetCurrent ();
if (user.IsInRole (“Managers”)){
//Update employee’s salary
}
C.
Apply the following attribute to the UpdateEmpSalesBonus method:
[PrincipalPermission (SecurityAction.Demand, Role = “Managers”)]
D.
Apply the following code to the UpdateEmpSalesBonus method:
if (Thread.CurrentPrincipal.IsInRole(“Managers”)){
//Update employee’s salary
}
Explanation:
Imperative role-based security can use the PrincipalPermission class or the IPrincipal object directly.
The PricipalPermission class takes a user name and role as string arguments representing the required membership.
The Demand method indicates that all callers must belong to the user or group membership specified in the constructor to access the resource.
The IPrincipal object can be retrieved using the Thread.CurrentPricipal property. The IsInRole method takes a role argument as a string and returns a Boolean value indicating whether the current caller belongs to that group or not.
Incorrect Answers:
A: You should not use the attribute that applies the WindowsPrincipalPermission attribute because no such attribute exists in the .NET Framework 2.0 class library.
B: You should not use the code that invokes the IsInRole method on the WindowsIdentity class because no such method exists.