Question 128

5.2.1 Question

Multiple Choice

What attribute or code snippet within a controller enables a role named Admin to access actions or code blocks after the check-in code?

  • A. RoleProvider.GetRolesForUser("Admin")
  • B. [Authorize(Roles="Admin")]
  • C. RoleProvider.IsUserInRole(User.Name)
  • D. [AuthorizeAttribute(Roles="Admin")]


A. Incorrect: RoleProvider.GetRolesForUser(“Admin”) gets the list of roles for the user that is passed in as a parameter. In this case, it uses a hard-coded value of “Admin.”
B. Correct: The Authorize attribute handles authorization on a controller and/or action basis by using the Roles= qualifier.
C. Incorrect: RoleProvider.IsUserInRole(User.Name) does a check to see whether the currently logged in user is within a role that is passed in as a parameter to the function. In this case, the code will be looking for a role that matches the user’s name.
D. Incorrect: Although AuthorizeAttribute is the correct class, the proper way to use it in attribution is through the Authorize keyword.