Home » Microsoft » 70-486 v.2 » Which two code segments can you use?
You are developing an ASP.NET MVC application that uses forms authentication. The user database contains a user named OrderAdmin.
You have the following requirements:
You must allow all users to access the GetOrders method.
You must restrict access to the EditOrder method to the user named OrderAdmin.
You need to implement the controller to meet the requirements.
Which two code segments can you use?
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: BD
Explanation/Reference:
With MVC4 a new attribute has been introduced, namely the [AllowAnonymous] attribute. Together with the [Authorize] attribute, you can now take a white-list approach instead. The white-list approach is accomplished by dressing the entire controller with the [Authorize] attribute, to force authorization for all actions within that controller. You can then dress specific actions, that shouldn’t require authorization, with the [AllowAnonymous] attribute, and thereby white-listing only those actions. With this approach, you can be confident that you don’t, by accident, forget to dress an action with the [Authorize], leaving it available to anyone, even though it shouldn’t.
References: http://stackoverflow.com/questions/9727509/how-to-allow-an-anonymous-user-access-to-some-given-page-in-mvc
BD
AB?