Configuring and Securing a Web Application
70-305 – Developing and Implementing Web Applications with Microsoft Visual Basic .NET and Microsoft Visual Studio .NET
Objective: Configuring and Securing a Web Application
SubObjective: Configure authorization. Authorization methods include file-based methods and URL-based methods.
Item Number: 70-305.7.3.3
Single Answer, Multiple Choice
You are writing an ASP.NET application for your corporate intranet that will use Windows authentication. Users will be able to select from a list of common functions including timesheet
updates, vacation requests and performance reviews. Only certain users are allowed access to
the performance reviews section. You can determine whether an employee is authorized by
examining the Active Directory groups to which the user belongs. You need to add code to the
pages in that section that will display an “access denied” message to users who are not
authorized to access those pages.
Which member should you use to determine if a user is granted or denied access?
- User.IsInRole() method
- User.Identity.IsInRole() method
- DirectoryServices.DirectorySearcher.FindOne().Groups collection
A. User.IsInRole() method
A WindowsPrincipal object represents the identity and roles of a user. The Page.User object is a principal that is created automatically. When Windows authentication is used, Page.User is an instance of the WindowsPrincipal class. The WindowsPrincipal class implements the IPrincipal interface. The IPrincipal interface defines the IsInRole() method. The IsInRole() method accepts the name of a role as a string and returns a Boolean value that indicates whether the user is in the role specified. (Note that the WindowsPrincipal class also offers two additional overloaded versions of IsInRole not required by the IPrincipal interface).
The Identity property of Page.User is an instance of a class that implements IIdentity. The IIdentity interface does not require an IsInRole method (in fact, the IIdentity interface does not include any methods whatsoever).
The WindowsPrincipal class does not have a Shared method GetRoles().
The FindOne() method of the DirectorySearcher class is not Shared. Furthermore, the SearchResult object that is returned by FindOne() does not have a Groups collection.
1. MSDN Library Visual Studio .NET – Search
– .NET Framework Developer’s Guide – Role-Based Security
2. MSDN Library Visual Studio .NET – Search
– .NET Framework Class Library – WindowsPrincipal.IsInRole Method
3. MSDN Library Visual Studio .NET – Search
– .NET Framework Developer’s Guide – Principal and Identity Objects