Exam Ref
Previous Question

Question 99

Next Question

3.3.1 Question

Multiple Choice

You have a set of requirements that expects a particular action to be accessed only through HTTPS by an authenticated user. What is the best way to meet these requirements?

  • A. Use the Authorize attribute before the RequireHttps filter.
  • B. Use the RequireHttps attribute before the Authorize filter.
  • C. Use a custom action filter that combines the check for HTTPS and the check for authentication into a single filter.
  • D. Use Authorize alone; you do not need to use RequireHttps separately if you already have Authorize, because using Authorize implies the use of HTTPS.

Answer:

B
Explanation
A. Incorrect: Although this would solve the requirements, it is not the best way. It is better to run the RequireHttps filter first because it expends fewer resources than the Authorization filter.
B. Correct: It filters out those users not on an SSL connection before performing the more resource-intensive authentication check.
C. Incorrect: A custom action filter that performs both is more complicated to write than using the standard filters provided with ASP.NET MVC.
D. Incorrect: A user can be authorized and not be connected over HTTPS. The two are independent and need to be treated as such.