Exam 70-487 topic 1 question 37 discussion

The correct answer would be Target 1: AuthorizationFilterAttribute Target 2: HttpActionContext

Answer is Correct. 1. AuthorizeAttribute 2. HttpActionContext Source: https://gist.github.com/rdingwall/2028849

For Web API :AuthorizationFilterAttribute Class has a method OnAuthorization(HttpActionContext)" - Calls when a process requests authorization. "https://docs.microsoft.com/en-us/previous-versions/aspnet/hh834134(v=vs.118)

Target 1: AuthorizationFilterAttribute Target 2: HttpActionContext

Just scroll to the bottom of the page... https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api IAuthorizationFilter <- AuthorizationFilterAtrbute <- AuthorizeAtribute It looks like you can get the job done with both of them BUT... 1. It is nowhere mentionen that the user is logged in.... it can also be an anonymous user 2. You dont need the current user or its roles...you just need the UserHostAddress from Request 3. If you read about the AuthorizationAttribute you will find this: "Authorization is denied in the following cases: The request is not associated with any user || The user is not authenticated." Source: https://docs.microsoft.com/en-us/previous-versions/aspnet/hh834985(v=vs.108) I think the right answear is AuthorizationFilterAtribute and HttpActionContext

For WebApi https://docs.microsoft.com/en-us/previous-versions/aspnet/mt134843(v=vs.118)

I still think it is 1. AuthorizeAttribute 2. AuthorizationContext https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api All other links I am seeing are based on content from 2013... 7 years ago. I think Microsoft has moved on now and things have changed.

That's the most weird question, both AuthorizeAttribute and AuthorizeFilterAttribute are correct. //https://www.oreilly.com/library/view/aspnet-web-api/9781785882210/ch01s07.html

I think correct answer is AuthorizationFilterAttribute HttpActionContext From docs: "AuthorizeAttribute. Extend this class to perform authorization logic based on the current user and the user's roles. AuthorizationFilterAttribute. Extend this class to perform synchronous authorization logic that is not necessarily based on the current user or role." USAIp does not based on current role. https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api#custom-authorization-filters And example https://docs.microsoft.com/en-us/odata/webapi/basic-auth

Target 1: AuthorizationFilterAttribute Target 2: HttpActionContext https://weblog.west-wind.com/posts/2013/apr/18/a-webapi-basic-authentication-authorization-filter

AuthorizeAttribute AuthorizationContext

I Think Target2 is AuthorizationContext https://docs.microsoft.com/en-us/dotnet/api/system.web.mvc.authorizeattribute.onauthorization?view=aspnet-mvc-5.2#System_Web_Mvc_AuthorizeAttribute_OnAuthorization_System_Web_Mvc_AuthorizationContext_