You are implementing an ASP.NET MVC 2 Web application that allows users to view and edit data.
You need to ensure that only logged-in users can access the Edit action of the controller. What are
two possible attributes that you can add to the Edit action to achieve this goal? (Each correct answer
presents a complete solution. Choose two.)
A.
[Authorize(Users = “”)]
B.
[Authorize(Roles = “”)]
C.
[Authorize(Users = “*”)]
D.
[Authorize(Roles = “*”)]
Explanation:
[Authorize(…)] represents an attribute that is used to restrict access by callers to an action method.
Possible arguments: Order, Roles, Users, TypeId. When you mark an action method withAuthorizeAttribute, access to that action method is restricted to users who are both authenticated
and authorized. If you mark a controller with the attribute, all action methods in the controller are
restricted. The Authorize attribute lets you indicate that authorization is restricted to predefined
roles or to individual users. This gives you a high degree of control over who is authorized to view
any page on the site. If an unauthorized user tries to access a method that is marked with the
Authorize attribute, the MVC framework returns a 401 HTTP status code. If the site is configured to
use ASP.NET forms authentication, the 401 status code causes the browser to redirect the user to
the login page.
AuthorizeAttribute Class
(http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx)
The following example shows several ways to use AuthorizeAttribute. The HomeController class has
three action methods that are marked with the Authorize attribute, and two that are not marked.
On the AuthenticatedUsers method, the attribute limits access to users who are logged in. On the
AdministratorsOnly method, the attribute limits access to users who have been assigned to either
the Admin role or the Super User role. On the SpecificUserOnly method, the attribute limits access
to the users whose names are Betty or Johnny. The Index and About methods can be accessed by
anyone, even anonymous users.
[HandleError]
public class HomeController : Controller
{
public ActionResult Index() {
ViewData[“Message”] = “Welcome to ASP.NET MVC!”;
return View();
}
public ActionResult About() {
return View();
}
[Authorize]
public ActionResult AuthenticatedUsers() {
return View();
}
[Authorize(Roles = “Admin, Super User”)]
public ActionResult AdministratorsOnly() {
return View();
}
[Authorize(Users = “Betty, Johnny”)]
public ActionResult SpecificUserOnly() {
return View();
}}