Saturday, March 21, 2009

1. What’ is the sequence in which ASP.NET events are processed ?
Following is the sequence in which the events occur :-
1-Page_Init.
2-Page_Load.
3-Control events
4-Page_Unload event.
Page_init event only occurs when first time the page is started, but Page_Load occurs in subsequent request of the page.

2. In which event are the controls fully loaded ?
Page_load event guarantees that all controls are fully loaded. Controls are also accessed in Page_Init events but you will see that viewstate is not fully loaded during this event.

3. How can we identify that the Page is PostBack ?
Page object has a “IsPostBack” property which can be checked to know that is the page posted back.

4. How does ASP.NET maintain state in between subsequent request ?
The sate is matain in between subsequent request through caching the detail information in explain about .net in caching section

5. What is event bubbling ?
Server controls like Datagrid, DataList, Repeater can have other child controls inside them. Example DataGrid can have combo box inside datagrid. These child control do not raise there events by themselves, rather they pass the event to the container parent (whichcan be a datagrid, datalist, repeater), which passed to the page as “ItemCommand” event.As the child control send there events to parent this is termed as event bubbling.

6. How do we assign page specific attributes ?
Page attributes are specified using the @Page directive.

7. Administrator wants to make a security check that no one has tampered with ViewState, how can he ensure this ?
Using the @Page directive EnableViewStateMac to True.

2.8 What is the use of @ Register directives ?
@Register directive informs the compiler of any custom server control added to the page.

9. Where is ViewState information stored ?

In HTML Hidden Fields.

10. What is the use of @ OutputCache directive in ASP.NET?
It is basically used for caching. See more for Caching section

11. How can we create custom controls in ASP.NET ?
User controls are created using .ASCX in ASP.NET. After .ASCX file is created you need to two things in order that the ASCX can be used in project:.
Register the ASCX control in page using the
Now to use the above accounting footer in page you can use the below directive.

12. How many types of validation controls are provided by ASP.NET ?
There are six main types of validation controls :-
RequiredFieldValidator
It checks whether the control have any value. It's used when you want the control should not be empty. RangeValidator
It checks if the value in validated control is in that specific range.
Example TxtCustomerCode should not be more than eight length.
CompareValidator
It checks that the value in controls should match the value in other control.
Example Textbox TxtPie should be equal to 3.14.
RegularExpressionValidator
When we want the control value should match with a specific regular expression.
CustomValidator
It is used to define UserDefined validation.
ValidationSummary
It displays summary of all current validation errors.

13. Can you explain what is “AutoPostBack” feature in ASP.NET ?
If we want the control to automatically postback in case of any event, we will need to check this attribute as true. Example on a ComboBox change we need to send the event immediately to the server side then set the “AutoPostBack” attribute to true.

14. How can you enable automatic paging in DataGrid ?
Following are the points to be done in order to enable paging in Datagrid :-
1-Set the “AllowPaging” to true. 2-In PageIndexChanged event set the current pageindex clicked.

15. What’s the use of “GLOBAL.ASAX” file ?
It allows to executing ASP.NET application level events and setting application-level variables.

16. What is the difference between “Web.config” and “Machine.Config” ?
“Web.config” files apply settings to each web application, while “Machine.config” file apply settings to all ASP.NET applications.

17. What is a SESSION and APPLICATION object ?
Session object store information between HTTP requests for a particular user, while application object are global across users.

18. What is the difference between Server.Transfer and response.Redirect ?
Following are the major differences between them:-
1-Response.Redirect sends message to the browser saying it to move to some different page, while server.transfer does not send any message to the browser but rather redirects the user directly from the server itself. So in server.transfer there is no round trip while response.redirect has a round trip and hence puts a load on server.

2-Using Server.Transfer you can not redirect to a different from the server itself.
Example if your server is www.yahoo.com you can use server.transfer to move to www.microsoft.com but yes you can move to www.yahoo.com/travels, i.e.within websites. This cross server redirect is possible only using Response.redirect.
3-With server.transfer you can preserve your information. It has a parameter called as “preserveForm”. So the existing query string etc. will be able in the calling page. In response.redirect you can maintain the state, but has lot of drawbacks.

19. What is the difference between Authentication and authorization?
This can be a tricky question. These two concepts seem altogether similar but there is wide range of difference. Authentication is verifying the identity of a user and authorization is process where we check does this identity have access rights to the system. In short we can say the following authentication is the process of obtaining some sort of credentials from the users and using those credentials to verify the user’s identity. Authorization is the process of allowing an authenticated user access to resources. Authentication always proceed to Authorization; even if your application lets anonymous users connect and use the application, it still authenticates them as being anonymous.

20. What is impersonation in ASP.NET ?
By default, ASP.NET executes in the security context of a restricted user account on the local machine. Sometimes you need to access network resources such as a file on a shared drive, which requires additional permissions. One way to overcome this restriction is to use impersonation. With impersonation, ASP.NET can execute the request using the identity of the client who is making the request, or ASP.NET can impersonate a specific account you specify in web.config.

21. Can you explain in brief how the ASP.NET authentication process works?
ASP.NET does not run by itself, it runs inside the process of IIS. So there are two authentication layers which exist in ASP.NET system. First authentication happens atthe IIS level and then at the ASP.NET level depending on the WEB.CONFIG file.Below is how the whole process works:-
1-IIS first checks to make sure the incoming request comes from an IP address that is allowed access to the domain. If not it denies the request.
2-Next IIS performs its own user authentication if it is configured to do so. By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per – application basis with in IIS.
3-If the request is passed to ASP.net with an authenticated user, ASP.net checks to see whether impersonation is enabled. If impersonation is enabled, ASP.net acts as though it were the authenticated user. If not ASP.net acts with its own configured account.
4-Finally the identity from step 3 is used to request resources from the operating system. If ASP.net authentication can obtain all the necessary resources it grants the users request otherwise it is denied. Resources can include much more than just the ASP.net page itself you can also use .Net’s code access security features to extend this authorization step to disk files, Registry keys and other resources.

22. What are the various ways of authentication techniques in ASP.NET?
Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider:
Custom authentication where you might install an ISAPI filter in IIS thatcompares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptableaddress. In that case, you would set the authentication mode to none to prevent any of the .net authentication providers from being triggered.
Windows authentication and IIS
If you select windows authentication for your ASP.NET application, you also have to configure authentication within IIS. This is because IIS provides Windows authentication.IIS gives you a choice for four different authentication methods:
Anonymous, basic digest and windows integrated
If you select anonymous authentication, IIS doesn’t perform any authentication, Any one is allowed to access the ASP.NET application. If you select basic authentication, users must provide a windows username and password to connect. How ever this information is sent over the network in clear text, which makesbasic authentication very much insecure over the internet.If you select digest authentication, users must still provide a windows user name and password to connect. However the password is hashed before it is sent across the network.
Digest authentication requires that all users be running Internet Explorer 5 or later and that windows accounts to stored in active directory.If you select windows integrated authentication, passwords never cross the network.
Users must still have a username and password, but the application uses either the Kerberos or challenge/response protocols authenticate the user. Windows-integrated authenticationrequires that all users be running internet explorer 3.01 or later Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is a solution to network security problems. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise
Passport authentication
Passport authentication lets you to use Microsoft’s passport service to authenticate users of your application. If your users have signed up with passport, and you configure the authentication mode of the application to the passport authentication, all authentication duties are off-loaded to the passport servers.
Passport uses an encrypted cookie mechanism to indicate authenticated users. If users have already signed into passport when they visit your site, they’ll be considered authenticated by ASP.NET. Otherwise they’ll be redirected to the passport servers to login. When they are successfully log in, they’ll be redirected back to your site
To use passport authentication you have to download the Passport Software DevelopmentKit (SDK) and install it on your server. The SDK can be found at http://msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps. It includes full details of implementing passport authentication in your own applications.
Forms authentication
Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application. The following applies if you choose forms authentication.
1-When a user requests a page for the application, ASP.NET checks for thepresence of a special session cookie. If the cookie is present, ASP.NET assumes the user is authenticated and processes the request.
2-If the cookie isn’t present, ASP.NET redirects the user to a web form you provide You can carry out whatever authentication, it check’s you like it checks your form. When the user is authenticated, you indicate this to ASP.NET by setting a property, which creates the special cookie to handle subsequent requests.
How does authorization work in ASP.NET?
ASP.NET impersonation is controlled by entries in the applications web.config file. The default setting is “no impersonation”. You can explicitly specify that ASP.NET shouldn’t use impersonation by including the following code in the file
It means that ASP.NET will not perform any authentication and runs with its own privileges. By default ASP.NET runs as an unprivileged account named ASPNET. You can change this by making a setting in the processModel section of the machine.config file. When you make this setting, it automatically applies to every site on the server. To user a high-privileged system account instead of a low-privileged set the userName attribute of the processModel element to SYSTEM. Using this setting is a definite security risk, as it elevates the privileges of the ASP.NET process to a point where it can do bad things to the operating system.
When you disable impersonation, all the request will run in the context of the account running ASP.NET: either the ASPNET account or the system account. This is true when you are using anonymous access or authenticating users in some fashion. After the user has been authenticated, ASP.NET uses its own identity to request access to resources.
The second possible setting is to turn on impersonation.
In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account that IIS itself uses. If you aren’t allowing anonymous access,ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were that user. Thus by turning impersonation on and using a non-anonymous method of authentication in IIS, you can let users log on and use their identities within your ASP.NET application.
Finally, you can specify a particular identity to use for all authenticated requests
With this setting, all the requests are made as the specified user (Assuming the password it correct in the configuration file). So, for example you could designate a user for a single application, and use that user’s identity every time someone authenticates to the application. The drawback to this technique is that you must embed the user’s password in the web.config file in plain text. Although ASP.NET won’t allow anyone to download this file, this is still a security risk if anyone can get the file by other means
23. What’s difference between Datagrid, Datalist and repeater?
A Datagrid, Datalist and Repeater are all ASP.NET data Web controls.
They have many things in common like DataSource Property, DataBind Method ItemDataBound and ItemCreated.
When you assign the DataSource Property of a Datagrid to a DataSet then each DataRow present in the DataRow Collection of DataTable is assigned to a corresponding DataGridItem and this is same for the rest of the two controls also. But The HTML code generated for a Datagrid has an HTML TABLE element created for the particular DataRow and its a Table form representation with Columns and Rows.
For a Datalist its an Array of Rows and based on the Template Selected and the RepeatColumn Property value We can specifsy how many DataSource records shouldappear per HTML table row. In short in datagrid we have one record per row, but indatalist we can have five or six rows per row.
For a Repeater Control, the Datarecords to be displayed depends upon the Templates specified and the only HTML generated is the due to the Templates.
In addition to these, Datagrid has a in-built support for Sort, Filter and paging the Data,which is not possible when using a DataList and for a Repeater Control we would requireto write an explicit code to do paging.

24. From performance point of view how do they rate ?
Repeater is fastest followed by Datalist and finally datagrid.

No comments:

Post a Comment