You are developing an ASP.NET MVC application that uses forms authentication. The user database contains
a user named OrderAdmin.
You have the following requirements:
You must allow all users to access the GetOrders method.
You must restrict access to the EditOrder method to the user named OrderAdmin.
You need to implement the controller to meet the requirements.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)
A.
Option A
B.
Option B
C.
Option C
D.
Option D
Explanation:
With MVC4 a new attribute has been introduced, namely the [AllowAnonymous] attribute. Together with the
[Authorize] attribute, you can now take a white-list approach instead. The white-list approach is accomplished
by dressing the entire controller with the [Authorize] attribute, to force authorization for all actions within that
controller. You can then dress specific actions, that shouldn’t require authorization, with the [AllowAnonymous]
attribute, and thereby white-listing only those actions. With this approach, you can be confident that you don’t,
by accident, forget to dress an action with the [Authorize], leaving it available to anyone, even though it
shouldn’t.
http://stackoverflow.com/questions/9727509/how-to-allow-an-anonymous-user-access-to-somegiven-page-in-mvc
D is also correct.
11
0
D is wrong. D will let any logged in user execute the action, not only “OrderAdmin”.
2
1
D is correct – it will redirect all “not-OrderAdmin” users to login page
1
0
If there were checkboxes, the correct answer would be B and D
2
0
“Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)”
B and D.
2
0
But doesn’t mean you have to select two.
0
0
If restrict access to EditOrder meant that method should not even execute for users other than OrderAdmin, then answer is B.
1
0
B & D.
1
0
I think D is not a reliable answer, It will make a loop until OrderAdmin logged in.
1
0