You are developing an ASP.NET MVC application that uses forms authentication. The user database contains a user named LibraryAdmin. You have the following requirements:
You must allow all users to access the GetBook method.
You must restrict access to the EditBook method to the user named LibraryAdmin.
You need to implement the controller to meet the requirements. Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)
A. [Authorize]
public class LibraryController : Controller
{
[AllowAnonymous]
public ActionResult GetBook()
{
...
return View();
}
[Authorize(Users = "LibraryAdmin")]
public ActionResult EditBook()
{
...
return View()
}
}
B. [Authorize(Roles = "Anonymous")]
public class LibraryController : Controller
{
public ActionResult GetBook()
{
...
return View();
}
[Authorize(Users = "LibraryAdmin")]
public ActionResult EditBook()
{
...
return View()
}
}
C. [Authorize]
public class LibraryController : Controller
{
public ActionResult GetBook()
{
...
return View();
}
public ActionResult EditBook()
{
if (this.HttpContext.User.Identity.Name !="LibraryAdmin")
return RedirectToAction("Login","Account", new { ReturnUrl = "/Library/EditBook" });
else
{
...
return View();
}
}
}
D. [Authorize]
public class LibraryController : Controller
{
[Authorize(Roles="Anonymous")]
public ActionResult GetBook()
{
...
return View();
}
}
[Authorize(Users = "LibraryAdmin")]
public ActionResult EditBook()
{