You are developing an ASP.NET MVC application in Visual Studio 2012 that will be used by Olympic marathon runners to log data about training runs.
The application stores date, distance, and duration information about a user's training runs.
The user can view, insert, edit, and delete records.
The application must be optimized for accessibility.
All times must be displayed in the user's local time.
Data Access:
Database access is handled by a public class named RunnerLog.DataAccess.RunnerLogDb.
All data retrieval must be done by HTTP GET and all data updates must be done by HTTP POST.
Layout:
All pages in the application use a master layout file named \Views\Shared\_Layout.cshtml.
Models:
The application uses the \Models\LogModel.cs model.
Views:
All views in the application use the Razor view engine.
Four views located in \Views\RunLog are named:
_CalculatePace.cshtml
EditLog.cshtml
GetLog.cshtml
InsertLog.cshtml
The application also contains a \Views\Home\Index.cshtml view.
Controllers:
The application contains a \Controllers\RunLogController.cs controller.
Images:
A stopwatch.png image is located in the \Images folder.
Videos:
A map of a runner's path is available when a user views a run log. The map is implemented as an Adobe Flash application and video. The browser should display the video natively if possible, using H264, Ogg, or WebM formats, in that order. If the video cannot be displayed, then the Flash application should be used.
Security:
You have the following security requirements:
The application is configured to use forms authentication.
Users must be logged on to insert runner data.
Users must be members of the Admin role to edit or delete runner data.
There are no security requirements for viewing runner data.
You need to protect the application against cross-site request forgery.
Passwords are hashed by using the SHA1 algorithm.
RunnerLog.Providers.RunLogRoleProvider.cs contains a custom role provider.
Relevant portions of the application files follow. (Line numbers are included for reference only.)
Background
You are developing an ASP.NET MVC application in Visual Studio 2012 that will be used by Olympic marathon runners to log data about training runs.
Business Requirements
The application stores date, distance, and duration information about a user's training runs.
The user can view, insert, edit, and delete records.
The application must be optimized for accessibility.
All times must be displayed in the user's local time.
Technical Requirements
Data Access:
Database access is handled by a public class named RunnerLog.DataAccess.RunnerLogDb.
All data retrieval must be done by HTTP GET and all data updates must be done by HTTP POST.
Layout:
All pages in the application use a master layout file named \Views\Shared\_Layout.cshtml.
Models:
The application uses the \Models\LogModel.cs model.
Views:
All views in the application use the Razor view engine.
Four views located in \Views\RunLog are named:
_CalculatePace.cshtml
EditLog.cshtml
GetLog.cshtml
InsertLog.cshtml
The application also contains a \Views\Home\Index.cshtml view.
Controllers:
The application contains a \Controllers\RunLogController.cs controller.
Images:
A stopwatch.png image is located in the \Images folder.
Videos:
A map of a runner's path is available when a user views a run log. The map is implemented as an Adobe Flash application and video. The browser should display the video natively if possible, using H264, Ogg, or WebM formats, in that order. If the video cannot be displayed, then the Flash application should be used.
Security:
You have the following security requirements:
The application is configured to use forms authentication.
Users must be logged on to insert runner data.
Users must be members of the Admin role to edit or delete runner data.
There are no security requirements for viewing runner data.
You need to protect the application against cross-site request forgery.
Passwords are hashed by using the SHA1 algorithm.
RunnerLog.Providers.RunLogRoleProvider.cs contains a custom role provider.
Relevant portions of the application files follow. (Line numbers are included for reference only.)
Question
Drag and Drop
You need to implement security according to the business requirements. How should you modify RunLogController? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
[Authorize(Roles="Admin")]
[Authorize]
[Authorize(User="Admin")]
[AllowAnonymous]
[Authorize(User="*")]
[Authorize(User="Admin")]
[Authorize(Roles="Admin")]
public class RunLogController : Controller
{
public ActionResult GetLog()
...
public ActionResult InsertLog()
...
public ActionResult DeleteLog()
...
public ActionResult EditLog()
...
}
Answer:
[Authorize(User="Admin")]
[Authorize]
[Authorize(User="*")]
[Authorize]
public class RunLogController : Controller
{
[AllowAnonymous]
public ActionResult GetLog()
...
public ActionResult InsertLog()
...