MCSD 70-310 Advanced XML Web Services Programming Exam Question

>Now can someone help me answer this question?

yes, don't post in html.

Kline Sphere (Chalk) MCNGP #3

"Greg" <gr****@msn.com> wrote:

Now can someone help me answer this question?
<SNIP>I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?

Set your posting preferences to plain-text!!!

Northwind Traders is a chain of department stores located
around the country. It is setting up a new sales system
cashiers will use to accept payments from customers. As a
pilot project, you are creating a Windows application to
implement a new sales system in one of the stores. You want
to use an existing Web Service in this Windows application.
You have implemented security and ensured that only the
users in the cashiers group and the store manager can access
the sales system. Because of certain financial requirements,
the sales application also needs to be accessed by Nancy,
and accountant at that store. However, the XML Web service
is not configured to ensure access control. Which of the
following tasks ensure that only authorized users can access
XML Web services? (Choose one correct option.)

A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

C. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

D. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="?">
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
</authorization>

start digging into the MSDN:

<authorization> Element
http://msdn.microsoft.com/library/de...ionsection.asp

<deny> Element
http://msdn.microsoft.com/library/de.../gngrfdeny.asp

<allow> Element
http://msdn.microsoft.com/library/de...gngrfallow.asp

<allow role="Cashiers, Managers"/> - Grant the Cashiers and
Manager roles access
<allow users="Nancy"/> - Allow user Nancy access
<deny users="*"> - Deny all users access
<deny users="?"> - Deny unauthenticated users access
<allow users="?"> - Allow unauthenticated users access

also:

"At run time, the authorization module iterates through the
<allow> and <deny> tags until it finds the FIRST access rule
that fits a particular user. It then grants or denies access
to a URL resource depending on whether the first access rule
found is an <allow> or a <deny> rule."

So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.

(C) allows all users right at the beginning; we never get to
the remaining rules; this is not restrictive enough

(D) allows unauthenticated users, while denying all other
users; we certainly do not want this

Note (doesn't pertain to this question as such): to allow
only authenticated users you would need a sequence of two
rules:

<deny users="?">
<allow users="*">

Also keep in mind:

"The default authorization rule in the Machine.config file
is <allow users="*"/> so, by default, access is allowed
unless configured otherwise."

Get a updated news reader.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message news:gr********************************@4ax.com...

Now can someone help me answer this question?

yes, don't post in html.

Kline Sphere (Chalk) MCNGP #3

Don't post stupid replies.

"UAError" <nu**@null.null> wrote in message news:tu********************************@4ax.com...

"Greg" <gr****@msn.com> wrote:

Now can someone help me answer this question?

<SNIP>

I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?

Set your posting preferences to plain-text!!!

Northwind Traders is a chain of department stores located
around the country. It is setting up a new sales system
cashiers will use to accept payments from customers. As a
pilot project, you are creating a Windows application to
implement a new sales system in one of the stores. You want
to use an existing Web Service in this Windows application.
You have implemented security and ensured that only the
users in the cashiers group and the store manager can access
the sales system. Because of certain financial requirements,
the sales application also needs to be accessed by Nancy,
and accountant at that store. However, the XML Web service
is not configured to ensure access control. Which of the
following tasks ensure that only authorized users can access
XML Web services? (Choose one correct option.)

A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

C. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

D. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="?">
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
</authorization>

start digging into the MSDN:

<authorization> Element
http://msdn.microsoft.com/library/de...ionsection.asp

<deny> Element
http://msdn.microsoft.com/library/de.../gngrfdeny.asp

<allow> Element
http://msdn.microsoft.com/library/de...gngrfallow.asp

<allow role="Cashiers, Managers"/> - Grant the Cashiers and
Manager roles access
<allow users="Nancy"/> - Allow user Nancy access
<deny users="*"> - Deny all users access
<deny users="?"> - Deny unauthenticated users access
<allow users="?"> - Allow unauthenticated users access

also:

"At run time, the authorization module iterates through the
<allow> and <deny> tags until it finds the FIRST access rule
that fits a particular user. It then grants or denies access
to a URL resource depending on whether the first access rule
found is an <allow> or a <deny> rule."

So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.

(C) allows all users right at the beginning; we never get to
the remaining rules; this is not restrictive enough

(D) allows unauthenticated users, while denying all other
users; we certainly do not want this

Note (doesn't pertain to this question as such): to allow
only authenticated users you would need a sequence of two
rules:

<deny users="?">
<allow users="*">

Also keep in mind:

"The default authorization rule in the Machine.config file
is <allow users="*"/> so, by default, access is allowed
unless configured otherwise."

In article <uV**************@TK2MSFTNGP12.phx.gbl>, gr****@msn.com
says...

Don't post stupid replies.

Shouldn't you be in bed already?

greg you are an stupid idiot.

Kline Sphere (Chalk) MCNGP #3

greg, you are an idiot.

Kline Sphere (Chalk) MCNGP #3

>> Don't post stupid replies.

Shouldn't you be in bed already?

.... and a good time was had by all....

Kline Sphere (Chalk) MCNGP #3

That MCNGP designation really shows your intelligence, too. Since your
newsreader can't support HTML, I'm sure you can understand this now.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:hn********************************@4ax.com...

greg you are an stupid idiot.

Kline Sphere (Chalk) MCNGP #3

I should have known better, "The Poster Formerly Known as Kline Sphere".

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:km********************************@4ax.com...

greg, you are an idiot.

Kline Sphere (Chalk) MCNGP #3

>That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.

Since your
newsreader can't support HTML, I'm sure you can understand this now.

Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

>I should have known better, "The Poster Formerly Known as Kline Sphere".

yes indeed.

Kline Sphere (Chalk) MCNGP #3

In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...

That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.

Since your
newsreader can't support HTML, I'm sure you can understand this now.

Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.

Because with a stupid name like that, we know you are a really intelligent
boy. lol

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:ra********************************@4ax.com...

I should have known better, "The Poster Formerly Known as Kline Sphere".

yes indeed.

Kline Sphere (Chalk) MCNGP #3

Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

"Pollux" <po****@nospam.spam> wrote in message
news:MP************************@beta.usenet.plus.n et...

In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...

That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.

Since your
newsreader can't support HTML, I'm sure you can understand this now.

Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.

In article <#4**************@TK2MSFTNGP09.phx.gbl>, gr****@msn.com
says...

Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

"Pollux" <po****@nospam.spam> wrote in message
news:MP************************@beta.usenet.plus.n et...

In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...

>That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.

>Since your
>newsreader can't support HTML, I'm sure you can understand this now.

Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.

An idiot and a bigot. Very nice.

I am neither confirming nor denying that I work for Microsoft. Not sure
where you got the idea though?

>Because with a stupid name like that, we know you are a really intelligent

boy. lol

you mean you know what a 'kline sphere' is? boy I'm impressed!

Kline Sphere (Chalk) MCNGP #3

>That and the fact that he had the cheek to criticise UAError who

actually answered his question and quoted the relevant MSDN sections.

I'm still waiting to know where the question came from....

Kline Sphere (Chalk) MCNGP #3

>Since you work for Microsoft, you probably write those questions in your

Chinaman or Paki Enwish.

wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3

Nah, I'm tired of the stupid banter. I'll give you the last word because I
know it's really important for you.

It looks like this newsgroup is all you have in your shallow life. Bye bye
loser.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:3p********************************@4ax.com...

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.

I'm still waiting to know where the question came from....

Kline Sphere (Chalk) MCNGP #3

UAError wrote:

A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>
So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.

Well, I can see his confusion; however. Logically, the wildcard '*'
should /erase/ the permissions of the preceding permissions. What you are
saying is, based on position, the '*' acts as a blanket, wiping out
permissions for all future requests, OR, it acts as a filter, that takes
into account all the permissions already granted.

That's crazy.

(B) is a more logical format and makes far more sense. I think either this
question is wrong; or else microsoft designed permissions wrong.

--
incognito @ http://kentpsychedelic.blogspot.com/

Man is the best computer we can put aboard a spacecraft ... and the only one
that can be mass produced with unskilled labor. -- Werner von Braun

>It looks like this newsgroup is all you have in your shallow life. Bye bye

loser.

I'm loser? Who's the person with zero initiative when attempting to
solve simple problems?

BTW, when you are preparing my next burger, please don't spit into it.

Kline Sphere (Chalk) MCNGP #3

The Poster Formerly Known as Kline Sphere wrote:

BTW, when you are preparing my next burger, please don't spit into it.

Do you have a MCNGP lapel pin? It might be wise not to wear that into
McDonalds!

Eric

>Do you have a MCNGP lapel pin? It might be wise not to wear that into

McDonalds!

umm, time to change my name again I think!

Kline Sphere (Chalk) MCNGP #3

The Poster Formerly Known as Kline Sphere wrote:

Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3

Don't worry. You still are. :-P

In article <uf*************@TK2MSFTNGP10.phx.gbl>, MN*****@Addus.com
says...

The Poster Formerly Known as Kline Sphere wrote:

Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3

Don't worry. You still are. :-P

I came across a thread called "People I Hate" and his name wasn't on the
list. Surely that cannot be good for his reputation.

>I came across a thread called "People I Hate" and his name wasn't on the

list. Surely that cannot be good for his reputation.

I was *very* upset my name was not on that list (it must have been an
over site!), especially seeing that JaR was on it!

Kline Sphere (Chalk) MCNGP #3

>Don't worry. You still are. :-P

Phew! had me worried for a minute.

Kline Sphere (Chalk) MCNGP #3

The Poster Formerly Known as Kline Sphere wrote:

I came across a thread called "People I Hate" and his name wasn't on the
list. Surely that cannot be good for his reputation.

I was *very* upset my name was not on that list (it must have been an
over site!), especially seeing that JaR was on it!

Hey! Wait a minnit...

JaR