What attribute or code snippet within a controller enables a role named Admin to access actions or code blocks after the check-in code?
A. RoleProvider.GetRolesForUser("Admin")
B. [Authorize(Roles="Admin")]
C. RoleProvider.IsUserInRole(User.Name)
D. [AuthorizeAttribute(Roles="Admin")]
Answer:
B
Explanation
A. Incorrect: RoleProvider.GetRolesForUser(“Admin”) gets the list of roles for the user that is passed in as a parameter. In this case, it uses a hard-coded value of “Admin.”
B. Correct: The Authorize attribute handles authorization on a controller and/or action basis by using the Roles= qualifier.
C. Incorrect: RoleProvider.IsUserInRole(User.Name) does a check to see whether the currently logged in user is within a role that is passed in as a parameter to the function. In this case, the code will be looking for a role that matches the user’s name.
D. Incorrect: Although AuthorizeAttribute is the correct class, the proper way to use it in attribution is through the Authorize keyword.