Remarks At run time the authorization module iterates through the allow and

Remarks at run time the authorization module iterates

This preview shows page 5 - 7 out of 129 pages.

Remarks At run time, the authorization module iterates through the <allow> and <deny> tags until it finds the first access rule that fits a particular user. It then grants or denies access to a URL resource depending on whether the first access rule found is an <allow> or a <deny> rule. The default authorization rule in the Machine.config file is <allow users="*"/> so, by default, access is allowed unless configured otherwise. Example The following example allows access to all members of the Admins role and denies access to all users. <configuration> <system.web> <authorization> <allow roles="Admins"/> <deny users="*"/> </authorization> </system.web> </configuration> Question: 6 You are an application developer for Company.com. Your team is developing a Windows Forms application. Users will have access to different functionality depending on their roles in Company. The application includes the following method. Private Shared Function AuthenticateUser (ByVal user As String, _ ByVal password As String. ByRef roles As String()) As Boolean This method authenticates the user against a third-party data store. When authentication is successfully, this method returns a value of True, and the string array named roles is updated to contain the user’s roles. You need to write the code that associates an authenticated user and the user’s roles with the current security context.
Image of page 5
Exam Name: Implementing Security for Applications with Microsoft Visual Basic .NET Exam Type: Microsoft Exam Code: 70-330 Total Questions: 85 Page 6 of 129 Which code segment should you use? A. ‘ p is initialized above as a PrincipalPermission If AuthenticateUser (name, password, roles) = True Then Dim r As String For Each r In Roles Dim ppTemp As PrincipalPermission = New PrincipalPermission(name, r p.Union(ppTemp) Next End If p.IsUnrestricted() B. ‘ p is initialized above as a PrincipalPermission If AuthenticateUser (name, password, roles) = True Then Dim r As String For Each r In roles Dim ppTemp As PrincipalPermission = New PrincipalPermission(name, r) Next End If p.IsUnrestricted() C. If AuthenticateUser(name, password, roles) = True Then Dim r As String For Each r In roles Thread.CurrentPrincipal.IsInRole(r) Next End If D. If AuthenticateUser(name, password, roles) = True Then Thread.CurrentPrincipal = New GenericPrincipal(New GenericIdentity(name), roles) End If Answer: D Explanation Difference Between Declarative and Imperative Security There are two main differences between the use of declarative security and imperative security. In declarative security, the roles are essentially hard coded at design time, while in imperative security, these can be read from an external source such as a database or a config file. While config files can be used for prototypes or very simple applications, databases should be the repository of choice for roles. Further, with declarative security, the granularity of the access check is a method, while with imperative security, the granularity is controlled by the developer.
Image of page 6
Image of page 7

You've reached the end of your free preview.

Want to read all 129 pages?

  • Spring '16
  • Microsoft Corporation,