You are writing code for user authentication and authorization. The username, password, and roles are stored in your application data store. You need to establish a user security context that will be used for authorization checks such as IsInRole. You write the following code segment to authorize the user.
if (!TestPassword(userName, password))
throw new Exception(“could not authenticate user”);
String[] userRolesArray = LookupUserRoles(userName);
You need to complete this code so that it establishes the user security context.
Which code segment should you use?
A.
GenericIdentity ident = new GenericIdentity(userName);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;
B.
WindowsIdentity ident = new WindowsIdentity(userName);
WindowsPrincipal currentUser = new WindowsPrincipal(ident);
Thread.CurrentPrincipal = currentUser;
C.
NTAccount userNTName = new NTAccount(userName);
GenericIdentity ident = new GenericIdentity(userNTName.Value);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;
D.
IntPtr token = IntPtr.Zero;
token = LogonUserUsingInterop(userName, encryptedPassword);
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(token);