|
Home > Archive > microsoft.public.cert.exam.mcsd > August 2003 > @#$**!!! MeasureUp Q
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
@#$**!!! MeasureUp Q
|
|
|
| IMO the question should have given more information to
allow you to choose between Forms and None. If the only
thing you have to go on is the 'millions' of users, I
would aassume that this is an app aimed at the general
public. Using Forms authentication means that the user
(1)must have cookies enabled - you cannot assume this
(2)must log in before being allowed to do *anything* else -
this is very unfriendly. How would you feel if Amazon
asked you to log in before even looking at a book?
So 'none' would seem to be a sensible answer.
Another reason not to use Forms authentication is that it
means an additional redirection, wasting time and
bandwidth.
>-----Original Message-----
>This is a MeasureUp question on authentication-
>
>"A company is extending their web site to accommodate a
new ASP.NET
>application for their customers.
>They are a worldwide company with expected application
use in the millions.
>They have decided to use a high performance SQL server to
maintain user
>names and passwords.
>Which of the following configurations should they deploy?"
>
>Correct answer:
>Configure IIS for Anonymous authentication and in the
web.config file
><system.web>
> <authentication mode="none" />
></system.web>
>
>I chose the answer with <authentication mode="Forms" />
(otherwise the
>same), mainly because of the mention of passwords stored
in SQL server.
>
>Excerpt of MeasureUp's explanation:
>
>"When a SQL server database is used to store usernames
and passwords in the
>ASP.NET application, which is recommended in high volume
applications, the
>ASP.NET authentication mode is set to "none" as it will
not be using the
>services of Active Directory, Microsoft Passport
Services, or Forms to
>provide the user names and passwords. The IIS setting is
set to Anonymous in
>order to work with this ASP.NET configuration. When IIS
is configured to use
>this anonymous access, it does not rely on user accounts
and does not prompt
>the user for a log on. Forms authentication obtains user
names and passwords
>from the Web Forms page."
>
>Could someone direct me here, this is confusing ...
>
>Tks
>
>Justin D
>
>
>.
>
| |
| Justin Dutoit 2003-08-25, 6:24 am |
| Thanks for replying. Surely, though, this:
> >They have decided to use a high performance SQL server to
> maintain user
> >names and passwords.
implies that they want people to log on?
Tks
Justin
"Maria" <maria.rutgers@getronics.com> wrote in message
news:07d101c36ae9$eba13240$a10
1280a@phx.gbl...
> IMO the question should have given more information to
> allow you to choose between Forms and None. If the only
> thing you have to go on is the 'millions' of users, I
> would aassume that this is an app aimed at the general
> public. Using Forms authentication means that the user
> (1)must have cookies enabled - you cannot assume this
> (2)must log in before being allowed to do *anything* else -
> this is very unfriendly. How would you feel if Amazon
> asked you to log in before even looking at a book?
>
> So 'none' would seem to be a sensible answer.
>
> Another reason not to use Forms authentication is that it
> means an additional redirection, wasting time and
> bandwidth.
>
>
> >-----Original Message-----
> >This is a MeasureUp question on authentication-
> >
> >"A company is extending their web site to accommodate a
> new ASP.NET
> >application for their customers.
> >They are a worldwide company with expected application
> use in the millions.
> >They have decided to use a high performance SQL server to
> maintain user
> >names and passwords.
> >Which of the following configurations should they deploy?"
> >
> >Correct answer:
> >Configure IIS for Anonymous authentication and in the
> web.config file
> ><system.web>
> > <authentication mode="none" />
> ></system.web>
> >
> >I chose the answer with <authentication mode="Forms" />
> (otherwise the
> >same), mainly because of the mention of passwords stored
> in SQL server.
> >
> >Excerpt of MeasureUp's explanation:
> >
> >"When a SQL server database is used to store usernames
> and passwords in the
> >ASP.NET application, which is recommended in high volume
> applications, the
> >ASP.NET authentication mode is set to "none" as it will
> not be using the
> >services of Active Directory, Microsoft Passport
> Services, or Forms to
> >provide the user names and passwords. The IIS setting is
> set to Anonymous in
> >order to work with this ASP.NET configuration. When IIS
> is configured to use
> >this anonymous access, it does not rely on user accounts
> and does not prompt
> >the user for a log on. Forms authentication obtains user
> names and passwords
> >from the Web Forms page."
> >
> >Could someone direct me here, this is confusing ...
> >
> >Tks
> >
> >Justin D
> >
> >
> >.
> >
| |
|
| >-----Original Message-----
>Thanks for replying. Surely, though, this:
>> >They have decided to use a high performance SQL server
to
>> maintain user
>> >names and passwords.
>implies that they want people to log on?
>
>Tks
>Justin
Justin, sometimes the practice tests leave a lot to be
desired. I believe that the real tests are somewhat less
prone to ambiguities.
Those that develop tests need to keep stats on the number
of times applicants fail a particular question and
correlate these with the overall candidate scores. If a
particular question often gets wrongly answered even by
high scoring candidates then there is something wrong with
the question.
You can find more information that would support your view
that forms authentication + SQL server is the way to go in
an article in MSDN:
How To: Use Forms Authentication with SQL Server 2000
J.D. Meier, Alex Mackman, Michael Dunner, and Srinath
Vasireddy
Microsoft Corporation
November 2002
With forms authentication you need to provide a login.aspx
and fix up the config file. When ASP.NET detects access to
a protected area it looks for an authentication cookie and
if it does not find one then it redirects to the
login.aspx.
This is not to say that Maria's comments are not relevant
also. I would note however that you could build a site
that only checked for authentication at some critical
stage, e.g. when someone tries to check-out a basket.
bi-ker (百克
| |
| Justin Dutoit 2003-08-25, 8:24 am |
| Thanks for the reply
Justin
"biker" <burke10@attglobal.net> wrote in message
news:06f301c36af7$86f0f2f0$a50
1280a@phx.gbl...
> >-----Original Message-----
> >Thanks for replying. Surely, though, this:
> >> >They have decided to use a high performance SQL server
> to
> >> maintain user
> >> >names and passwords.
> >implies that they want people to log on?
> >
> >Tks
> >Justin
>
> Justin, sometimes the practice tests leave a lot to be
> desired. I believe that the real tests are somewhat less
> prone to ambiguities.
>
> Those that develop tests need to keep stats on the number
> of times applicants fail a particular question and
> correlate these with the overall candidate scores. If a
> particular question often gets wrongly answered even by
> high scoring candidates then there is something wrong with
> the question.
>
> You can find more information that would support your view
> that forms authentication + SQL server is the way to go in
> an article in MSDN:
>
> How To: Use Forms Authentication with SQL Server 2000
> J.D. Meier, Alex Mackman, Michael Dunner, and Srinath
> Vasireddy
> Microsoft Corporation
>
> November 2002
>
> With forms authentication you need to provide a login.aspx
> and fix up the config file. When ASP.NET detects access to
> a protected area it looks for an authentication cookie and
> if it does not find one then it redirects to the
> login.aspx.
>
> This is not to say that Maria's comments are not relevant
> also. I would note however that you could build a site
> that only checked for authentication at some critical
> stage, e.g. when someone tries to check-out a basket.
>
> bi-ker (百克
|
|
|
|
|