- (Exam Topic 4)
You are developing an application that uses ASP.NET Core Identity for authorization. The application must use an existing Microsoft Azure Table Storage instance to store user information. You create a custom UserStore class.
You need to register the class as a dependency.
Which two interfaces should you implement? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
BD
D: Create a UserStore class that provides the methods for all data operations on the user. This class is equivalent to the UserStore class. In your UserStore class, implement IUserStore<TUser> and the optional interfaces required. You select which optional interfaces to implement based on the functionality provided in your app.
Interfaces to implement when customizing user store References:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-custom-storageQQ-providers?view
- (Exam Topic 4)
You are developing an ASP.NET MVC application that will be deployed to servers on multiple networks. The application must be compatible with multiple browsers. You must track the page number that the user is viewing in search results.
You need to program the location for storing state information. Where should you persist state information?
Correct Answer:
B
- (Exam Topic 4)
HOTSPOT
You develop an ASP.NET MVC application. The application includes a feature that allows users to reset their passwords. The feature is enabled by a ForgotPassword controller method and a corresponding Razor view.
You need to prevent Cross-Site Request Forgery (CSRF) attacks.
How should you complete the relevant code? To answer, select the appropriate code segment from each list in the answer area.
Solution:
Target1: [ValidateAntiForgeryToken] Target2: @Html.AntoForgeryToken() Example:
* At the top of the action that we created to handle the posted form, the one with the [HttpPost] attribute added, we'll add another attribute named [ValidateAntiForgeryToken]. This makes the start of our action now look like the following:
[HttpPost] [ValidateAntiForgeryToken]
public ActionResult ChangeEmail(ChangeEmailModel model)
{
string username = WebSecurity.CurrentUserName;
*rest of function omitted*
* we must add the unique token to the form to change the user's email when we display it. Update the form in the ChangeEmail.aspx view under /Account/ChangeForm:
<% using(Html.BeginForm()) { %>
<%: Html.AntiForgeryToken() %>
<%: Html.TextBoxFor(t=>t.NewEmail) %>
<% } %>
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You are developing an ASP.NET MVC application that will run on Azure.
The application uses Event Tracing for Windows (ETW) for logging operations.
You need to retrieve the ETW data for the application from a deployed Azure instance by using the Azure Diagnostics API.
Which data source should you use?
Correct Answer:
D
Azure Diagnostics 1.2 and 1.3 are Azure extensions that enable you to collect diagnostic telemetry data from a worker role, web role, or virtual machine running in Azure.
Diagnostics 1.2 and 1.3 enable the collection of ETW and .NET EventSource events. Example:
EtwProviders>
References:
DRAG DROP
You need to implement security according to the business requirements. You have the following code:
< ><>>< >
Solution:
Target 1: [Authorize]
Target 2: [AllowAnonymous]
Target 3: [Authorize(Roles = “Admin”)]
Target 4: [Authorize(Roles = “Admin”)]
Does this meet the goal?
Correct Answer:
A
