Which code segment should you use?

You are developing an ASP.NET MVC application that uses forms authentication. The user database contains
a user named OrderAdmin.
You have the following requirements:
You must allow all users to access the GetOrders method.
You must restrict access to the EditOrder method to the user named OrderAdmin.
You need to implement the controller to meet the requirements.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)

You are developing an ASP.NET MVC application that uses forms authentication. The user database contains
a user named OrderAdmin.
You have the following requirements:
You must allow all users to access the GetOrders method.
You must restrict access to the EditOrder method to the user named OrderAdmin.
You need to implement the controller to meet the requirements.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)

A.
Option A

B.
Option B

C.
Option C

D.
Option D

Explanation:
With MVC4 a new attribute has been introduced, namely the [AllowAnonymous] attribute. Together with the
[Authorize] attribute, you can now take a white-list approach instead. The white-list approach is accomplished
by dressing the entire controller with the [Authorize] attribute, to force authorization for all actions within that
controller. You can then dress specific actions, that shouldn’t require authorization, with the [AllowAnonymous]
attribute, and thereby white-listing only those actions. With this approach, you can be confident that you don’t,
by accident, forget to dress an action with the [Authorize], leaving it available to anyone, even though it
shouldn’t.
http://stackoverflow.com/questions/9727509/how-to-allow-an-anonymous-user-access-to-somegiven-page-in-mvc



Leave a Reply 7

Your email address will not be published. Required fields are marked *


Manu

Manu

D is also correct.

mlkone

mlkone

If there were checkboxes, the correct answer would be B and D

z

z

“Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)”

B and D.

Know Nothing

Know Nothing

But doesn’t mean you have to select two.

PK

PK

If restrict access to EditOrder meant that method should not even execute for users other than OrderAdmin, then answer is B.

Abdo

Abdo

I think D is not a reliable answer, It will make a loop until OrderAdmin logged in.