What default attributes or inline checks would you use to create an accepted-list scenario in ASP.NET MVC 4? (Choose all that apply.)
A. Authorize attribute
B. RequireHttps attribute
C. WebSecurity.IsAuthenticated
D. AllowAnonymous attribute
Answer:
AD
Explanation
A. Correct: AuthorizeAttribute can be put on controllers and actions to require authorization.
B. Incorrect: RequireHttps will ensure that the communication between client and server is encrypted, but it does not do anything to help ensure an accepted-list scenario.
C. Incorrect: WebSecurity.IsAuthenticated verifies that a user is authenticated, but it does not do it in a way that supports an accepted-list scenario.
D. Correct: AllowAnonymous can be put on controllers and actions to enable unauthorized users access.