You are creating a Windows Communication Foundation (WCF) service by using Microsoft .NET Framework 3.5.
The service will authenticate the client applications by using Personal Information Cards.
You write the following code segment. (Line numbers are included for reference only.)

01 public class CustomServiceAuthorizationManager:
02 ServiceAuthorizationManager{
03 protected override bool CheckAccessCore(OperationContext operationContext)
04 {
05 string action = operationContext.RequestContext.RequestMessage.Headers.Action;
06 if (action == "http://tempuri.org/lEnginefUpdate")
07 {
06 foreach (ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
09 {
10
11
12 return false;
13 }
14 return true;
15 }
16 } …
17 bool IsEmailValid(string email)
18 {
19 //e-mail validation is performed here;
20 return true;
21 }

You need to ensure that only those client applications that provide a valid email
address can execute the Update method.
Which code segment should you insert at line 10?

A.
foreach (Claim c in cs.FindClaims("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "PossessProperty"))
return IsEmailValid(c.Resource.ToString());

B.
foreach (Claim c in cs.FindClaims("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", String.Empty))
return IsEmailValid(c.Resource.ToString());

C.
foreach (Claim c in cs.FindClaims("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Rights.PossessProperty))
return IsEmailValid(c.Resource.ToString());

D.
foreach (Claim c in cs.FindClaims("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Rights.Identity))
return IsEmailValid(c.Resource.ToString());