What is Role-based Authorization in ASP.NET?
a. A method to control access based on user roles
b. A method to control access based on user claims
c. A method to authenticate users
d. A method to configure session state
Answer: a. A method to control access based on user roles
Which attribute is used to enforce role-based authorization on a controller action?
a.
[Authorize(Roles = "Admin")]
b.
[RequireRole("Admin")]
c.
[Role("Admin")]
d.
[AuthorizeUser(Roles = "Admin")]
Answer: a.
[Authorize(Roles = "Admin")]
What is Claims-based Authorization in ASP.NET?
a. A method to control access based on user claims
b. A method to control access based on user roles
c. A method to authenticate users
d. A method to configure application settings
Answer: a. A method to control access based on user claims
Which attribute is used to enforce claims-based authorization on a controller action?
a.
[Authorize(ClaimType = "role", ClaimValue = "Admin")]
b.
[RequireClaim("role", "Admin")]
c.
[Claim("role", "Admin")]
d.
[Authorize(Claims = "role:Admin")]
Answer: b.
[RequireClaim("role", "Admin")]
How do you configure role-based authorization in ASP.NET Core?
a. By using the
AddAuthorization method in
Startup.cs
b. By configuring roles in the
web.config file
c. By setting up claims in the
Startup.cs
d. By using the
RoleManager class
Answer: a. By using the
AddAuthorization method in
Startup.cs
What method allows you to configure policies for claims-based authorization in ASP.NET Core?
a.
AddAuthorization
b.
AddPolicies
c.
ConfigureAuthorization
d.
AddClaims
Answer: a.
AddAuthorization
How do you specify required roles in a policy for role-based authorization?
a. By using the
RequireRole method in policy configuration
b. By specifying roles in the
[Authorize] attribute
c. By adding roles directly to the
web.config
d. By configuring roles in the
appsettings.json file
Answer: a. By using the
RequireRole method in policy configuration
What is the purpose of the
RequireClaim method in claims-based authorization?
a. To specify that a user must have a certain claim to access a resource
b. To define the roles required for accessing a resource
c. To configure the authentication scheme
d. To add claims to a user’s profile
Answer: a. To specify that a user must have a certain claim to access a resource
Which method is used to check if a user has a specific claim in ASP.NET Core?
a.
User.HasClaim
b.
User.Identity.HasClaim
c.
User.Claims.Contains
d.
User.Identity.FindClaim
Answer: a.
User.HasClaim
What is the primary difference between role-based and claims-based authorization?
a. Role-based authorization uses user roles, while claims-based authorization uses user claims
b. Claims-based authorization is simpler to implement than role-based
c. Role-based authorization is used for anonymous users, while claims-based is for authenticated users
d. Claims-based authorization is supported only in ASP.NET Core
Answer: a. Role-based authorization uses user roles, while claims-based authorization uses user claims
How do you define a custom authorization policy in ASP.NET Core?
a. By using the
AddAuthorization method and configuring policies in
Startup.cs
b. By defining policies in the
web.config file
c. By creating a custom
AuthorizationHandler
d. By configuring policies in
appsettings.json
Answer: a. By using the
AddAuthorization method and configuring policies in
Startup.cs
Which of the following is a typical claim type used in claims-based authorization?
a.
role
b.
email
c.
name
d.
id
Answer: a.
role
How can you apply multiple policies to a single controller or action method?
a. By specifying multiple policies in the
[Authorize] attribute
b. By using multiple
[Authorize] attributes
c. By configuring multiple policies in the
AddAuthorization method
d. By combining policies in the
web.config file
Answer: a. By specifying multiple policies in the
[Authorize] attribute
What does the
AddAuthorization method in
Startup.cs do?
a. It configures authorization services and policies
b. It adds authentication middleware
c. It sets up user roles
d. It configures session state
Answer: a. It configures authorization services and policies
Which attribute allows for specifying that a user must have a specific claim to access a resource?
a.
[RequireClaim]
b.
[Authorize(ClaimType = "claim", ClaimValue = "value")]
c.
[Claim]
d.
[HasClaim]
Answer: a.
[RequireClaim]
What is the
IAuthorizationService interface used for in ASP.NET Core?
a. To evaluate authorization policies and claims
b. To manage user roles
c. To configure authentication schemes
d. To handle user sessions
Answer: a. To evaluate authorization policies and claims
How can you retrieve a user’s claims in an ASP.NET Core application?
a. By accessing
User.Claims
b. By using
User.Identity.Claims
c. By calling
HttpContext.GetClaims
d. By using
User.GetClaims()
Answer: a. By accessing
User.Claims
What is the role of the
AuthorizationHandler class in ASP.NET Core?
a. To evaluate policies and handle authorization requirements
b. To manage user sessions
c. To configure authentication schemes
d. To handle user role management
Answer: a. To evaluate policies and handle authorization requirements
How can you create a custom claim in ASP.NET Core?
a. By adding claims to the user’s identity during authentication
b. By configuring claims in the
web.config file
c. By specifying claims in the
appsettings.json
d. By using the
AuthorizationHandler
Answer: a. By adding claims to the user’s identity during authentication
Which method is used to check if a user is in a specific role in role-based authorization?
a.
User.IsInRole
b.
User.HasRole
c.
User.GetRoles
d.
User.Role
Answer: a.
User.IsInRole
How do you enforce that a user must have a specific role in a claims-based authorization policy?
a. By using the
RequireRole method in the policy configuration
b. By adding role claims to the user’s identity
c. By specifying roles in the
Authorize attribute
d. By configuring roles in the
web.config
Answer: a. By using the
RequireRole method in the policy configuration
Which attribute is used to specify that a user must have certain claims to access a resource?
a.
[Authorize(ClaimType = "type", ClaimValue = "value")]
b.
[RequireClaim]
c.
[Claim]
d.
[HasClaim]
Answer: b.
[RequireClaim]
What is the main advantage of claims-based authorization over role-based authorization?
a. Claims-based authorization allows more granular control of access
b. Role-based authorization is more secure
c. Claims-based authorization is simpler to implement
d. Role-based authorization supports more complex policies
Answer: a. Claims-based authorization allows more granular control of access
How do you specify that a policy requires a user to have a certain claim?
a. By using the
RequireClaim method when defining the policy
b. By setting the claim requirements in the
web.config
c. By configuring claims in the
Startup.cs
d. By adding claims directly to the user’s profile
Answer: a. By using the
RequireClaim method when defining the policy
Which of the following methods is used to create a custom authorization handler?
a. Implementing
IAuthorizationHandler
b. Configuring custom policies in
web.config
c. Using
AddCustomAuthorization in
Startup.cs
d. Defining a custom attribute
Answer: a. Implementing
IAuthorizationHandler
How can you configure a custom policy to require multiple claims in ASP.NET Core?
a. By chaining multiple
RequireClaim methods when defining the policy
b. By specifying multiple claims in the
web.config
c. By adding multiple claims to the user’s profile
d. By using multiple
[Authorize] attributes
Answer: a. By chaining multiple
RequireClaim methods when defining the policy
What does the
AuthorizationRequirement class represent in custom authorization?
a. A requirement that must be fulfilled for access to be granted
b. A specific claim type
c. A user role
d. An authentication scheme
Answer: a. A requirement that must be fulfilled for access to be granted
How can you apply multiple roles to a single policy in role-based authorization?
a. By using the
RequireRole method with multiple roles in policy configuration
b. By specifying multiple roles in the
[Authorize] attribute
c. By adding roles to the
web.config
d. By configuring roles in the
Startup.cs
Answer: a. By using the
RequireRole method with multiple roles in policy configuration
What is the purpose of the
AddAuthorization method in ASP.NET Core’s
Startup.cs?
a. To add and configure authorization services and policies
b. To configure authentication schemes
c. To set up user roles and claims
d. To handle session state
Answer: a. To add and configure authorization services and policies
How do you retrieve a claim value from a user’s claims collection?
a. By using
User.Claims.FirstOrDefault(c => c.Type == "claimType")?.Value
b. By calling
User.GetClaim("claimType")
c. By querying
HttpContext.GetClaims("claimType")
d. By accessing
User.Identity.Claims["claimType"]
Answer: a. By using
User.Claims.FirstOrDefault(c => c.Type == "claimType")?.Value
What is the use of the
AuthorizationHandlerContext class?
a. It provides context for evaluating authorization requirements
b. It manages user sessions
c. It configures authentication schemes
d. It handles role management
Answer: a. It provides context for evaluating authorization requirements
How can you enforce that a user must meet multiple conditions to access a resource?
a. By using multiple
Require methods in policy configuration
b. By setting multiple conditions in the
web.config
c. By adding conditions to the user’s profile
d. By configuring multiple
[Authorize] attributes
Answer: a. By using multiple
Require methods in policy configuration
What does the
AuthorizationPolicyBuilder class allow you to do?
a. Build and configure authorization policies
b. Set up authentication schemes
c. Manage user roles and claims
d. Configure session state
Answer: a. Build and configure authorization policies
How can you use claims-based authorization to restrict access based on user permissions?
a. By defining policies that require specific claims
b. By setting roles in the
web.config
c. By configuring permissions in the
appsettings.json
d. By adding user permissions directly to the
Startup.cs
Answer: a. By defining policies that require specific claims
What is the role of the
ClaimsPrincipal class in ASP.NET Core?
a. To represent the authenticated user’s claims
b. To manage user sessions
c. To configure authentication schemes
d. To handle authorization policies
Answer: a. To represent the authenticated user’s claims
How do you set up role-based authorization in ASP.NET Core?
a. By configuring roles and policies in
Startup.cs
b. By defining roles in the
web.config
c. By using the
RoleManager class
d. By setting up roles in
appsettings.json
Answer: a. By configuring roles and policies in
Startup.cs
What method allows you to check if the current user has a specific claim?
a.
User.HasClaim
b.
User.Identity.HasClaim
c.
User.Claims.Contains
d.
User.GetClaim
Answer: a.
User.HasClaim
How do you define a policy that requires a specific claim type and value in ASP.NET Core?
a. By using the
RequireClaim method when adding policies in
Startup.cs
b. By specifying the claim type and value in the
web.config
c. By adding claims to the user’s profile
d. By using the
[Authorize] attribute with claims
Answer: a. By using the
RequireClaim method when adding policies in
Startup.cs
What is the purpose of the
IAuthorizationPolicyProvider interface?
a. To provide authorization policies
b. To manage user roles
c. To configure authentication schemes
d. To handle session state
Answer: a. To provide authorization policies
How do you enforce that a user must belong to multiple roles in role-based authorization?
a. By using the
RequireRole method with a list of roles
b. By specifying multiple roles in the
[Authorize] attribute
c. By adding roles to the
web.config
d. By configuring roles in
appsettings.json
Answer: a. By using the
RequireRole method with a list of roles
What does the
AddPolicy method do in the
AddAuthorization configuration?
a. It defines a custom authorization policy
b. It configures authentication schemes
c. It sets up user roles
d. It manages claims
Answer: a. It defines a custom authorization policy
