ASP.NET MVC application that uses forms authentication

StackOverflow https://stackoverflow.com/questions/23426766

Question

I am going to take Microsoft 70-486 (MVC) exam. So i am preparing for it. Came across one most important question asking in 70-486 exam but does not satisfied with the answer they given.

The Question

You are developing an ASP.NET MVC application that uses forms authentication. The user database contains a user named LibraryAdmin.

You have the following requirements:

  • You must allow all users to access the GetBook method.
  • You must restrict access to the EditBook method to the user named LibraryAdmin.

You need to implement the controller to meet the requirements.

Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)

enter image description here

enter image description here

enter image description here

But According to question i must restrict restrict access to the EditBook method to the user named LibraryAdmin Both Option A and C will allow acces to Edit Book. So i feel the answer is wrong. Then what is correct answer?

ref: From DOCUMENT

Was it helpful?

Solution

I THNK you got the meaning of the sentence wrong. This i conclude after reading your comment on DarthVaders answer.

Eg: restrict access of editing this question to Ryder means only Ryder should be able to edit this question. and not the other way round.

OTHER TIPS

Yes A and C are correct.

in A GetBookis open to any user with AllowAnon attribute. Then [Authorize(Users="..")]. This is correct.

Likewise in C code is checking user by accessing User Identity directly and checking username with LibraryAdmin. This is fine too.

Book's answers are correct. See : What does [Authorize(Users = "*")] mean in asp.net mvc

If you read the question carefully you must allow

  1. Access all users to access the method "Getbook"

2.And "LibraryAdmin" for the method 'Editbook' and restrict other user by all means.

Looking the option A and C these options satisfies the above conditions so answer would be option 'A' and 'C'

Both will work but If you have to chose only one option then "A" is appropriate answer, Because we can neglect option "C" why there is [Authorize] Data Annotation over both class and function. if we are using it over class name then no need to write on function.

You have the following requirements:

  1. You must allow all users to access the GetBook method.
  2. You must restrict access to the EditBook method to the user named LibraryAdmin.

Answer should be A

C is incorrect because the user named LibraryAdmin is given access to EditBook action when the requirement is to restrict access.

Either the question is wrong or the answers provided in the book are wrong.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top