ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 176 discussion

Actual exam question from Microsoft's 70-486
Question #: 176
Topic #: 1
[All 70-486 Questions]

DRAG DROP -
You are developing an ASP.NET Core MVC web application for AdventureWorks Cycles.
You need to ensure that users can authenticate with Contoso Ltd., an OpenID Connect authentication provider.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://blogs.msdn.microsoft.com/webdev/2017/04/06/jwt-validation-and-authorization-in-asp-net-core/
by zimzimzimma at May 30, 2020, 4:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Paku_123
Highly Voted 4 years, 11 months ago
provided solution is correct https://docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-3.1
upvoted 7 times
...
Mayflower
Highly Voted 4 years, 11 months ago
public void ConfigureServices(IServiceCollection services) { // Code omitted for brevity services.AddAuthentication() .AddCookie(options => { options.LoginPath = "/Account/Unauthorized/"; options.AccessDeniedPath = "/Account/Forbidden/"; }) .AddJwtBearer(options => { options.Audience = "http://localhost:5001/"; options.Authority = "http://localhost:5000/"; });
upvoted 6 times
...
Kuna_Lambo
Most Recent 4 years, 5 months ago
"It uses JWTs (JSON Web Tokens) as identity token format and extends OAuth 2.0 flows that work for the web, mobile apps and mobile browsers." https://curity.io/resources/architect/openid-connect/openid-connect-overview/
upvoted 1 times
...
mr_
5 years ago
Looking on answers only I have a feeling that provided solution is correct. Neither AddOAuth nor AddCookie do not match other boxes that are present here, regardless of other things that may not match either.
upvoted 2 times
...
zimzimzimma
5 years ago
AddJwtBearer doesn't make sense. It should be OpenIdConnect but that option is not there. Writer probably got confused with OpenIddict referenced in the provided document at https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/ but that is something else. The rest of the answer (authority/audience) is correct.
upvoted 2 times
zimzimzimma
5 years ago
Correction: 'Audience' does not exist with OpenIdConnect, only with JwtBearer. But the question is explicitly mentioning OpenIdConnect. This whole question is botched, and there is no answer.
upvoted 1 times
zimzimzimma
5 years ago
It's not OAuth either since that always requires an authentication scheme in string form, and this code does not provide any.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel