You are developing an application that runs by using the credentials of the end user. Only users who are members of the Administrator group get permission to run the application. You write the following security code to protect sensitive data within the application.
bool isAdmin = false;
WindowsBuiltInRole role = WindowsBuiltInRole.Administrator; …
if (!isAdmin)
throw new Exception(“User not permitted”);
You need to add a code segment to this security code to ensure that the application throws an exception if a user is not a member of the Administrator group.
Which code segment should you use?
A.
WindowsPrincipal currentUser = (WindowsPrincipal)Thread.CurrentPrincipal;
isAdmin = currentUser.IsInRole(role);
B.
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
foreach (IdentityReference grp in currentUser.Groups) {
NTAccount grpAccount = ((NTAccount)grp.Translate(typeof(NTAccount)));
isAdmin = grp.Value.Equals(role);
if (isAdmin) break;
}
C.
GenericPrincipal currentUser = (GenericPrincipal) Thread.CurrentPrincipal;
isAdmin = currentUser.IsInRole(role.ToString());
D.
WindowsIdentity currentUser = (WindowsIdentity)Thread.CurrentPrincipal.Identity;
isAdmin = currentUser.Name.EndsWith(“Administrator”);