Home » Microsoft » 70-486 v.2 » How should you complete the code?
HOTSPOT
You are developing an ASP.NET Core MVC web application that uses custom security middleware. The middleware will add a response header to stop pages form loading when reflected cross-site scripting (XSS) attacks are detected.
The security middleware component must be constructed once per application lifetime.
You need to implement the middleware.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Box 1: return _next(httpContext);
Example:
public Task Invoke(HttpContext httpContext)
{
httpContext.Response.Headers.Add("X-Xss-Protection", "1");
httpContext.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
httpContext.Response.Headers.Add("X-Content-Type-Options", "nosniff");
return _next(httpContext); }
Box 2: UseSecurityMiddleware
Box 3: UseMiddleware<SecurityMiddleware>()
Example:
public static class SecurityMiddlewareExtensions
{
public static IApplicationBuilder UseSecurityMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware();
}
}
Box 4: UseSecurityMiddleware
The Extensions part is optional, but it does allow you to write code like this :
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseMiddleware(); //If I didn’t have the extension method
app.UseSecurityMiddleware(); //Nifty encapsulation with the extension
}
Reference:
https://dotnetcoretutorials.com/2017/03/10/creating-custom-middleware-asp-net-core/
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-2.1&tabs=aspnetcore2x
Whats the difference between _next and _next.Invoke?? These are both valid ways to start delegate execution