<
Exam Ref
Previous Question

Question 105

Next Question

3.5.1 Question

Multiple Choice

Your application manages the sale of expensive well-drilling equipment. Your IT director wants you to add functionality that sends an email to a customer’s sales account manager whenever someone from your client company logs in to the system. What is an appropriate solution?

  • A. Override the AuthorizeAttribute and apply it to the login action. Run the base method first to handle the authentication and then evaluate the status of the request. If the user is a customer, send the email.
  • B. Create a custom action filter that is globally defined and overrides the OnActionExecuting method. This action filter evaluates the status of the user and sends the email if it is a customer.
  • C. Override the AuthorizeAttribute that is applied to the login action, check for the user’s authentication status, and determine whether it is a customer prior to sending it to the base authentication method.
  • D. Create an action filter that overrides the OnActionExecuted method and apply it to the login action. This action filter evaluates the status of the user and sends the email if it is a customer.

Answer:

D
Explanation
A. Incorrect: You should not have an AuthorizeAttribute on your login action, be­cause it ensures that users have to be authenticated before they log in. Users can never log in to the site.
B. Incorrect: Because this filter is applied globally, it sends the email every time the user takes an action, rather than just once per visit.
C. Incorrect: You should not have an AuthorizeAttribute on your login action because it ensures that users have to be authenticated before they log in. Users can never log in to the site.
D. Correct: This is be applied only because the user is leaving the login section of the application, at which point you also know whether they have been authenticated.