<
Exam Ref
Previous Question

Question 106

Next Question

You are developing an ASP.NET MVC application in Visual Studio 2012 that will be used by Olympic marathon runners to log data about training runs.
  • The application stores date, distance, and duration information about a user's training runs.
  • The user can view, insert, edit, and delete records.
  • The application must be optimized for accessibility.
  • All times must be displayed in the user's local time.
Data Access:
Database access is handled by a public class named RunnerLog.DataAccess.RunnerLogDb.
All data retrieval must be done by HTTP GET and all data updates must be done by HTTP POST.
Layout:
All pages in the application use a master layout file named \Views\Shared\_Layout.cshtml.
Models:
The application uses the \Models\LogModel.cs model.
Views:
All views in the application use the Razor view engine.
Four views located in \Views\RunLog are named:
  • _CalculatePace.cshtml
  • EditLog.cshtml
  • GetLog.cshtml
  • InsertLog.cshtml
The application also contains a \Views\Home\Index.cshtml view.
Controllers:
The application contains a \Controllers\RunLogController.cs controller.
Images:
A stopwatch.png image is located in the \Images folder.
Videos:
A map of a runner's path is available when a user views a run log. The map is implemented as an Adobe Flash application and video. The browser should display the video natively if possible, using H264, Ogg, or WebM formats, in that order. If the video cannot be displayed, then the Flash application should be used.
Security:
You have the following security requirements:
  • The application is configured to use forms authentication.
  • Users must be logged on to insert runner data.
  • Users must be members of the Admin role to edit or delete runner data.
  • There are no security requirements for viewing runner data.
  • You need to protect the application against cross-site request forgery.
  • Passwords are hashed by using the SHA1 algorithm.
RunnerLog.Providers.RunLogRoleProvider.cs contains a custom role provider.
Relevant portions of the application files follow. (Line numbers are included for reference only.)

Background

You are developing an ASP.NET MVC application in Visual Studio 2012 that will be used by Olympic marathon runners to log data about training runs.

Business Requirements

  • The application stores date, distance, and duration information about a user's training runs.
  • The user can view, insert, edit, and delete records.
  • The application must be optimized for accessibility.
  • All times must be displayed in the user's local time.

Technical Requirements

Data Access:
Database access is handled by a public class named RunnerLog.DataAccess.RunnerLogDb.
All data retrieval must be done by HTTP GET and all data updates must be done by HTTP POST.
Layout:
All pages in the application use a master layout file named \Views\Shared\_Layout.cshtml.
Models:
The application uses the \Models\LogModel.cs model.
Views:
All views in the application use the Razor view engine.
Four views located in \Views\RunLog are named:
  • _CalculatePace.cshtml
  • EditLog.cshtml
  • GetLog.cshtml
  • InsertLog.cshtml
The application also contains a \Views\Home\Index.cshtml view.
Controllers:
The application contains a \Controllers\RunLogController.cs controller.
Images:
A stopwatch.png image is located in the \Images folder.
Videos:
A map of a runner's path is available when a user views a run log. The map is implemented as an Adobe Flash application and video. The browser should display the video natively if possible, using H264, Ogg, or WebM formats, in that order. If the video cannot be displayed, then the Flash application should be used.
Security:
You have the following security requirements:
  • The application is configured to use forms authentication.
  • Users must be logged on to insert runner data.
  • Users must be members of the Admin role to edit or delete runner data.
  • There are no security requirements for viewing runner data.
  • You need to protect the application against cross-site request forgery.
  • Passwords are hashed by using the SHA1 algorithm.
RunnerLog.Providers.RunLogRoleProvider.cs contains a custom role provider.
Relevant portions of the application files follow. (Line numbers are included for reference only.)

Application Structure

3.5.2 Question

Multiple Choices

You work for a financial services company that deals with many small brokers. Your executives want to be able to run a report that details all the actions taken by the brokers on the site as a form of auditing and protection. Neither the application nor system currently stores this kind of information.

Which of the following are viable solutions? (Choose all that apply.)

  • A. Create a globally applied custom action filter that implements the OnActionExecuting method. Have it store the user, the URL, and the forms collection.
  • B. Set the AllowMultiple parameter to false in the filter. Have it store the user, the URL, and the forms collection.
  • C. Create a globally applied custom action filter that implements the OnActionExecuted method. Have it store the user, the URL, and the forms collection.
  • D. Override the AuthorizeAttribute and have it store the user, the URL, and the forms collection.

Answer:

AC
Explanation
A. Correct: Creating a globally applied action filter enables you to save the state of every action taken by the user while logged in to your site.
B. Incorrect: By setting the AllowMultiple to false, you have configured the filter to be run only once during the lifetime of the application.
C. Correct: By creating a globally applied action filter you have ensured that every action taken by the user will be logged.
D. Incorrect: Because this is applied only to the AuthorizeAttribute, it logs only those actions where the user has to be logged in. That enables them to take actions that might not be logged.