Question 1 of 24

Design and implement MVC controllers and actions

You have a set of requirements that expects a particular action to be accessed only through HTTPS by an authenticated user. What is the best way to meet these requirements?

Use Authorize alone; you do not need to use RequireHttps separately if you already have Authorize, because using Authorize implies the use of HTTPS.
Use the Authorize attribute before the RequireHttps filter.
Use a custom action filter that combines the check for HTTPS and the check for authentication into a single filter.
Use the RequireHttps attribute before the Authorize filter.