ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 133 discussion

Actual exam question from Microsoft's 70-486
Question #: 133
Topic #: 1
[All 70-486 Questions]

HOTSPOT -
You are developing an ASP.NET Core MVC web application that uses custom security middleware. The middleware will add a response header to stop pages from loading when reflected cross-site scripting (XSS) attacks are detected.
The security middleware component must be constructed once per application lifetime.
You need to implement the middleware.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: return _next(httpContext);
Example:
public Task Invoke(HttpContext httpContext)
{
httpContext.Response.Headers.Add("X-Xss-Protection", "1");
httpContext.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); httpContext.Response.Headers.Add("X-Content-Type-Options", "nosniff"); return _next(httpContext);
}

Box 2: UseSecurityMiddleware -
Box 3: UseMiddleware<SecurityMiddleware>()
Example:
public static class SecurityMiddlewareExtensions
{
public static IApplicationBuilder UseSecurityMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<SecurityMiddleware>();
}
}

Box 4: UseSecurityMiddleware -
The Extensions part is optional, but it does allow you to write code like this : public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseMiddleware<SecurityMiddleware>(); //If I didn't have the extension method app.UseSecurityMiddleware(); //Nifty encapsulation with the extension
}
Reference:
https://dotnetcoretutorials.com/2017/03/10/creating-custom-middleware-asp-net-core/ https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-2.1&tabs=aspnetcore2x
by tanujgyan at May 9, 2020, 4:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yuri_y
4 years, 11 months ago
what is the difference between _next.Invoke(context) and _next(context)
upvoted 1 times
slobex
4 years, 11 months ago
They are 100% identical
upvoted 1 times
slobex
4 years, 11 months ago
Using Invoke has one advantage. With Invoke you can write objDel?.Invoke("test"); but you can't write objDel?("test");
upvoted 1 times
...
...
...
tanujgyan
5 years ago
Reference: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/write?view=aspnetcore-3.1
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel