Wednesday, February 13, 2013

Transparent Data Encryption

        Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database content. TDE offers encryption at a column, table, and tablespace level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media. Enterprises typically employ TDE to solve compliance issues such as
PCI DSS.

WHAT IS Payment Card Industry Data Security Standard (PCI DSS) ?

       The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is done annually — by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
Microsoft SQL Server 2008 provides real time encryption of data and log files.  Data is encrypted before it is written to disk; data is decrypted when it is read from disk.  
      The "transparent" aspect of TDE is that the encryption is performed by the database engine and SQL Server clients are completely unaware of it.  There is absolutely no code that needs to be written to perform the encryption and decryption. 
    There are a couple of steps to be performed to prepare the database for TDE, and then the encryption is turned on at the database level via an ALTER DATBASE command.
    To avoid incidents where backup tapes containing sensitive information have been lost or stolen and sensitive information goes into wrong hand, Using TDE feature the backup files can be also encrypted.  We just need to turn on encryption for database no more additional efforts  are needed to generated encrypted backup, the regular BACKUP command itself generate encrypted backup.
The data in the encrypted backup files is completely useless without having access to the key that was used to encrypt the data.


What is mean by term encryption?

It is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key
The security provided by encryption is based on the strength of the algorithm and protection of the key. 
Types of keys:
      1) Symmetric: With a symmetric key, the same value is used to encrypt and decrypt the data.
        2)   Asymmetric:   An asymmetric key has two components - a private key and a public key.  The private key is used to encrypt data and public key must be used to decrypt the data. 


Implementing TDE?
To implement TDE the following four steps need to be followed:
                1)       Create a master key
2)       Create or obtain a certificate protected by the master key
3)       Create a database encryption key and protect it by the certificate
4)       Set the database to use encryption

HOW TO Create a Master Key?
 A master key is a symmetric key that is used to create
     1) Certificates
     2) Asymmetric keys

  Execute the following script to create a master key:
USE master;
CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'Pass@word1';
GO
          Note that the password should be a strong one (i.e. use alpha, numeric, upper, lower, and special characters)
          and you have to backup (use BACKUP MASTER KEY) and store it in a secure location.

HOW TO Create a Certificate?
Certificates can be used to create symmetric keys for data encryption or to encrypt the data directly.  Execute the following script to create a certificate:
USE master;
CREATE CERTIFICATE TDECert
WITH SUBJECT = 'TDE Certificate'
GO

HOW TO Create a Database Encryption Key?
A database encryption key is required for TDE.  Execute the following script to create a new database and a database encryption key for it:
CREATE DATABASE mssqltips_tde
GO
USE mssqltips_tde;
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDECert
GO
In order to work with TDE the encryption key must be encrypted by a certificate (but not by a password) and the certificate must be located in the master database. 

How TO Enable TDE?
The final step required to implement TDE is to execute the following script:
ALTER DATABASE mssqltips_tde
SET ENCRYPTION ON
GO
SELECT [name], is_encrypted FROM sys.databases
GO

You can query the is_encrypted column in sys.databases to determine whether TDE is enabled for a particular database.
It is important to emphasize that TDE only encrypts the content of data and log files.  It does not encrypt the data as it is being passed between the client and the database server. 

Sunday, February 10, 2013

ASP.NET Interview Questions



What is the difference between web.config and machine.config?
The configuration settings defined in web.config are applied to that web application and the configuration settings defined in the machine.config are applied for the entire ASP.NET application.

What is the difference between build and rebuild?
When we build the project, only the changes done in the project are considered.But when we rebuild the project, the entire project is build irrespective of any changes.

How to call garbage collector manually?
Garbage collector can be called manually by using the function GC.Collect().

What is the difference between server side code and client side code?
Server side code is executed at the server side on IIS in ASP.NET framework, while client side code is executed on the browser.

What does GAC stands for?
GAC stands for Global Assembly Cache.GAC (Global Assembly Cache) is where all shared .NET assembly resides. GAC is used in the following situations -

1. If the application has to be shared among several application.

2. If the assembly has some special security, requirements like only administrators can remove the assembly. If the assembly is private then a simple delete of assembly the assembly file will remove the assembly.

How to kill session?
Session can be killed using session.abandon().

How to call all validation controls manually?
All validation controls can be called manually using Page.Validate.

Where is the viewstate information stored?
Viewstate information is stored in hidden HTML field.

In which event the controls are fully loaded?
Controls are fully loaded in the Page_Load event.

Which namespace is used for WCF?
The namespace System.Servicemodel is used for WCF.





What is WSDL?

WSDL stands for Web Services Description Language. The Web Services Description Language is an XML-based language used for describing network services.WSDL provides machine readable language that can be used for calling a service, passing parameters to the service and what data structures it returns.WSDL is combination of SOAP and XML schema. A client program connecting to a Web service can read the WSDL file to determine what operations are available on the server. Any special datatypes used are embedded in the WSDL file in the form of XML Schema. The client can then use SOAP to actually call one of the operations listed in the WSDL file using XML or HTTP.

What is session and application object?
Session object stores information between HTTP requests for a particular user while application object are global across users.

What is the function of GLOBAL.ASAX file?
It allows to execute ASP.NET application level events and settings application -level variables.

How to disable client side script in validators?
Client side script validators can be disabled by setting EnableClientScript to false.

How to sign out from the forms authentication?
You can sign out from the forms authentication using the method Forms.Authentication.Signout()

Which namespace is required to implement debug and trace?
System.Diagnostic namespace is required to implement debug and trace

Which is the best place to store the connection string?
Config files are the best places to store the connection string.In web application use web.config to store the connection string and in windows application use App.config to store the connection string.

How many validation controls are there in ASP.NET?
There are five validation controls in ASP.NET i.e.RequiredFieldValidator, RegularExpression, ValidationSummary,CustomValidator and CompareValidator.


What is the threading model used for ASP.NET?
ASP.NET uses MTA threading model.

How to customize columns in data grid?
In data grid, columns can be customized using template column.


How to format data inside data grid?
Inside data grid,data can be formatted using the DataFormatString property.

How to show entire validation error in message box at the client side?
Entire validation error can be shown in message box using validation summary.Set the property ShowMessageBox to true.

What is the extension of user control file?

The extension of user control file is ascx.

Which event fires when we click on button inside grid view?
RowCommand event fires when we click on button inside gridview.

What is event bubbling?
Server controls like datagrid, Datalist and repeater can have other child controls inside them. For example,datagrid can have combo box inside it.These child controls do not raise there events by themselves,rather they pass the event to the container parent (which can be datagrid,datalist or repeater),which passes it to the page as ItemCommand event.As the child control sends the event to parent it is termed as event bubbling.

What is the difference between Server.Transfer and Response.Redirect?
Response.Redirect send message to the browser saying it to move to some different page ,while Server.Transfer does not send any message to the browser but rather redirects the user directly from the server itself. So in Server.Transfer there is no round trip while Response.Redirect has a round trip and hence puts a load on the server.

Using Server.Transfer you cannot redirect to different from the server itself. For example, if your server is www.yahoo.com you cannot use Server.Transfer to move to www.rediff.com, but you can move to www.yahoo.com/tranvels i.e. within the website. Cross server redirection is only possible using Response.Redirect.

With Server.Transfer you can preserve information. It has parameter called as preserveForm.Therefore; the existing query string etc. will be able in the calling page.

If you are navigating within the website then user Server.Transfer else use Response.Redirect.

What is the difference between Authentication and Authorization?
Authentication is verifying the identity of the user and authorization is the process where we check this identity has access rights to the system. Authorization is the process of allowing an authenticated user access to resource. Authentication always proceed to Authorization, event if your application lets anonymous users connect and use the application, it still authenticates them as anonymous.

What is impersonation in ASP.NET?
By default, ASP.NET executes in the security context of a restricted user account on the local machine. Sometimes you need to access network resources such as file on a shared drive, which requires additional permissions. One way to overcome this restriction is to use impersonation. With impersonation, ASP.NET can execute the request using the identity of the client who is making the request, or ASP.NET can impersonate a specific account you can specify the account in web.config.

Which control in ASP.NET does not have any visible interface?
In ASP.NET, repeater control does not have any visible interface.

What is the difference between server. Transfer and server. Execute method?
Server.transfer executes at the server side and the client is not aware about the change.So the URL does not change when server.transfer executes.

Server.Execute executes the specified page and then returns back to original page. This can be used in situation where you want to go to a specific page, execute that page and then come back to the original page.

What will happen if you change the web.config file at run time?
If you change the web.config at the runtime, then the application will start automatically.

What is the difference between Response.Output.Write () and Response.Write ()?
Both the methods are used to write the output. But Response.Output.Write () is used to write formatted output.

Where is client side script located?
Client side script is located at server side.A copy of this code is send to client side when any request is received.

How do we assign page specific attributes?
Page specific attributes are assigned using @Page directive.




How do we ensure viewstate is not tampered?
Using the @Page directive and setting EnableViewState property to True.

What is the use of @Register directives?
@Register directive informs the compiler of any custom server control added to the page.

What is the use of Smart Navigation property?
It's a feature provided by ASP.NET to prevent flickering and redrawing when the page is posted back.

What is Autopostback?
If we want the control to automatically post back in case any event, we will need to check this attribute as true. Example on a combo box change we need to send the event immediately to the server side then set the AutoPostBack attribute to true.

How can you enable automatic paging in data grid?
Automatic paging in data grid can be done as follows -

1. Set the Allow Paging to true.

2. In PageIndexChanged event set the current page index clicked.

Explain in brief how the ASP.NET authentication process works?
ASP.NET does not run by itself, it runs inside the process of IIS.Therefore, there are two authentication layers, which exists in ASP.NET system. First authentication happens at the IIS level and then at the ASP.NET level depending on the Web.config file. The whole process is as follows -

1. IIS first checks to make sure the incoming request comes from an IP address that is allowed to access the domain. If not it denies the request.

2. Next IIS performs its own user authentication if it is configured to do so.By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per-application basis within IIS.

3. If the request is passed to ASP.NET with an authenticated user, ASP.NET checks to see whether impersonation is enabled. If impersonation is enabled, ASP.NET acts as though it were the authenticated user. If not ASP.NET acts with its own configured account.

4. Finally, the identity from step 3 is used to request resources from the operating system. If ASP.NET authentication can obtain all the necessary resources it grants the users request otherwise it is denied. Resources can include much more than just the ASP.NET page itself you can also use, NET’s code access security features to extend this authorization step to disk files, Registry keys and other resources.

What are the different sections of ASPX page?
Following are the different sections of ASPX page -

1. Page directive - This section is used to set up the environment and specifies how the page should be processed. You can also associate the code file, development language, transaction etc.

2. Code - This section contains code to handle events that execute on the server based on the ASP.NET page processing model.

3. Page Layout - The page layout is written in HTML that includes the HTML body, markup and style information. The HTML body might contain HTML tags, Visual Studio controls, user controls, code and simple text.





What is caching in ASP.NET?
ASP.NET caching stores frequently accessed data or whole webpages in the memory, where they can be retrieved faster than they could be from a file or database. This helps to improve the performance of the web application. There are two different types of caching in ASP.NET -

1. Application caching - This represents the collection of data that can be store an object in memory and automatically remove the object based on the memory limitations, time limits or other dependencies.

2. Page output caching - This is ASP.NET's ability to store the rendered page,portion of a page in the memory to reduce the time required to render the page in future requests.

Why is Global.asax used in ASP.NET?
Global.asax is used for managing the session and application events. In Global.asax, you can find five sub-routines i.e. Application_Start, Application_End, Application_Error, Session_Start and Session_End. These events can be used for creating log of the site. For eg,when the user opens the site Session_Start event fires. In the same way, other events are fired.

By default how ASP.NET does stores session ID’s?
By default, ASP.NET stores the session ID’s in the cookies.

What is Response Object in ASP.NET?
Response object represents the information going out from the server to the browser. So the response object is also called as output object. Response object represents the valid HTTP response that is received from the server.The properties of the response objects are read-only. The different properties of the Response objects are -

1. Body - Gets the body of the HTTP response. Only the portion of the body stored in the response buffer is returned.

2. Path - Gets the path that was requested.

3. Port - Gets the server port used for the request.

4. Server - Server name is received that sends the response

What is Request Object in ASP.NET?
Request object represents the information going towards the server from the browser. So the request object is also called as input object. Request object represents an HTTP request before it has been sent to the server.The different properties of the Request objects are -

1. Body - Gets or sets the HTTP request body

2. Path - Gets or sets the path that was requested.

3. Headers - Gets the HTTP Headers collection object

4. HTTPVersion - Gets/Sets the HTTP version

What is the difference between grid layout and flow layout?
Grid layout provides absolute positioning for controls placed on the page. Developers that gave their roots in rich client development environments like visual basic will find it easier to develop their pages using absolute positioning, because they can place items exactly where they want them. On the other hand, flow layout positions items down the page like traditional HTML.Experienced web developers favor this approach because it results pages that are compatible with the wider range of browsers.

If you look in to the HTML code created by absolute positioning you can notice lot of DIV tags. While in flow layout, you can see more of using HTML table to position elements, which is compatible with the wide range of browsers.

What is the difference between trace and debug in ASP.NET?
Debug and trace enables you to monitor the application for errors and exception without VS.NET IDE. In Debug mode, compiler inserts some debugging code inside the executable. As the debugging code is part of the executable they run on the same thread where the code runs and they do not give the exact efficiency of the code (as they run on the same thread). So for every full executable DLL you will see a debug file also as shown in Debug mode.

Trace works in both debug as well release mode. The main advantage of using trace over debug is to do performance analysis which cannot be done by debug. Trace runs on a different thread thus it does not impact the main code thread.

There is also a fundamental difference in thinking when we want to use trace and when we want to use debug. Tracing is a process about getting information regarding programs execution. While debugging is about finding errors in the code.

How can tracing be enabled in ASP.NET page?
To enable tracing on an ASP.NET page, put trace attribute to true on the page attribute. In the code behind, we can use the trace object to put tracing i.e.

Trace.Write("Tracing has been started")

if you make the trace as false you will only see the actual display i.e. Tracing has been started. So you can enable and disable tracing without actually compiling and uploading new dll's on production environment.

Which namespace is needed to implement debug and trace?
System.Diagnostic namespace is needed to implement debug and trace in an ASP.NET page.

What is XHTML?
XHTML stands for Extensible Hypertext Markup Language.XHTML is cleaner version of HTML and it is recommended by W3C standard. Web pages developed in ASP.NET 2.0 are XHTML compliant.

Can a application be developed using different programming languages?
Yes, application can be developed using different programming languages. You can create some pages in c# and some pages in vb.net.

Is data reader supported by WebService?
No, data reader is not supported by the webservice.But WebService supports dataset.

What is the use of machine key in ASP.NET?
Following are the uses of machine key in ASP.NET -

1. Encrypt forms authentication tickets.

2. Encryption of viewstate.

What are Ajax extensions?
Following are the Ajax extensions -

1. Update Panel

2. Update Progress

3. Script Manager

What is Ajax control toolkit?
Ajax control toolkit is set of common reusable controls such as modelpopupextender, hovemenurcontrol etc. This is useful to extend our functionality easily. You can download Ajax control toolkit from www.asp.net/ajax

What is meant by raw Ajax?
Raw ajax means implementing ajax features with the help of xmlhttprequest object. We need to take care of xmlhttprequest compatibility with different browsers.

What is the use of Ajax?
Ajax is mainly used to partially update part of the page asynchronously, so that complete page is not posted back to server and complete round trip is avoided. For implementing Ajax manual progress bar is used since the progress bar of the browser does not shows loading when Ajax response or request is send or received.

What is the default file upload size for ASP.NET?
Default file upload size for ASP.NET is 4 Mb, if you want to extend this limit then you can configure the maxrequestlength attribute of the httpruntime tag in the web.config file.For eg ,httpruntime maxRequestLength="102400"

What is viewstate in ASP.NET?
1. Viewstate is the facility by which ASP.NET maintains the controls state across postback at the client side. We can use the EnableViewState property of the control to configure viewstate.

2. By default the EnableViewState property is true.

3. Viewstate is stored in hidden html control i.e. __VIEWSTATE.In __VIEWSTATE,the information of controls is stored in the encrypted format.

4. You can use viewsource to view the content of the __VIEWSTATE.

5. Viewstate are page specific.

6. We cannot access viewstate from one page to another.

7. For enhancing the performance of an ASP.NET page, the content of the __VIEWSTATE should be less. Viewstate can be disabled by setting EnableViewState of the control to false.

Why is the web applications developed in ASP.NET platform independent?
Browsers understand only html.This factor makes any web technology platform independent. For web applications that are developed using .NET, the application server should have windows operating system,.NET framework and IIS.Once these basic necessities are fulfilled, the web application developed in .NET can execute on Linux also.

What is ASP.NET membership?
ASP.NET membership is a set of standard pre-defined constructs to implement functionality of role creation, user creation, role to user mapping and many other details. The advantage of using ASP.NET membership is we do not need to design separate database tables, write separate methods for user and role management.

How to configure ASP.NET membership?
To configure ASP.NET membership, open command prompt of visual studio i.e. Start -> Programs ->Microsoft Visual Studio 2008 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. Type the command aspnet_regsql.After executing this command you will be prompted by a wizard. Select the option, Configure SQL Server for application services.In this wizard we need to specify SQL database and authentication. Now open the table selection from the database. You can view some new tables which are automatically created such as aspnet_users,aspnet_membership etc. This can save the efforts to design user and role management database tables from the scratch.

How to add confirmation prompt while deleting a record from the grid view?
Confirmation prompt can be added onclientclick return confirm ('Do you want to delete this record?');

What is the difference between hyperlink and link button?
Following are the difference between hyperlink and link button -

1. Link button has server side click event handler while hyperlink does not have any server side click event.

2. Instead, hyperlink has navigateURL property.

Which control in ASP.NET is used to display hierarchical data?
In ASP.NET, TreeView control is used to display data in hierarchy. In treeview, datatable cannot binded directly.Instead,we need to add data in nodes.







How many types of directives are available in ASP.NET?
There are 11 directives available in ASP.NET.These are as follows -
1. @assembly - This directive is used for linking the assembly with the current page or user control directory.
2. @Control - This directive is used to define control specific attributes that are used in user controls i.e. ascx page.
3. @Implements- This directive indicates that the page or user control implements .NET Framework interface.
4. @Import - This directive is used for importing namespace in page or user control. The Import directive cannot have more than one namespace attribute. To import multiple namespaces use multiple @Import directives.
5. @Master - This directive is same as @Page directive except that it should be used in master pages.
6. @MasterType - This directive is used for providing a way to create a strongly typed reference to the ASP.NET master page when the master page is accessed from the Master property.
7. @OutputCache - This directive is used for controlling the output caching policies of an Asp.Net page or a user control contained in a page.
8. @Page - This directive defines page specific attributes that can be used in asp.net page.
9. @PreviousPageType - This directive is used for providing a way to get strong typing against the previous page, as accessed through the PreviousPage property.
10 @Reference -This directive is used for indicating that another user control or page source file should be dynamically compiled and linked against the page in which this directive is declared.
11 @Register-This directive is used for associating aliases with namespaces and class names for concise notation in custom server control.

Which dll is used to convert xml to sql in IIS?
SQLISAPI.dll is used to convert xml to sql in IIS.

In which session state mode does Session_End fires?
Session_End fires in InProc session state mode.

Which state management technique depends on buffering?
QueryString depend on buffering.

Which validation control does not have control to validate property?

ValidationSummary control does not have control to validate property.

Which are the intrinsic objects in ASP.NET?
Intrinsic objects are built-in objects of ASP.NET that run on a Web server. Following are the intrinsic objects in ASP.NET -



1. Application - Application object provides a reference to an object of the HttpApplicationState class.Application object is used for accessing the information of the entire web application.



2. Request - Request object provides a reference to an object of the HttpRequest class. Request object is used by ASP.NET application for receiving the information send by the client during a Web request.



3. Response - Response object provides a reference to an object of the HttpResponse class.Response object is used by ASP.NET application for sending the information to the client.



4. Server - Server object provides a reference to an object of the HttpServerUtility class. Server object is used for communicating with web server. It provides methods that ca be used to access the methods and properties of the Web server.



5. Session - Session object provides a reference to an object of the HttpSessionState class.Session object is used for accessing the session and storing information pertaining to the client.Session starts when client connects to the web site and session ends when the client disconnects.Also,the session terminates if the client is inactive for specific period. The default timeout period is 20 minutes.

What is the difference between DateTime.Now () and DateTime.Today ()?
Both the functions DateTime.Now () and DateTime.Today () returns the system date. But DateTime.Now () contains time along with the date and DateTime.Today () contains only date.

How to call the client side code after executing server side code?
To call the client side code after executing server side code,the method ClientScript.RegisterStartupScript can be used.For eg,

ClientScript.RegisterStartupScript(this.getType(),"Script","alert('Record Saved Successfully');",true);

What is LINQ?
LINQ (Language Integrated Query) -LINQ defines a set of method names (called standard query operators, or standard sequence operators), along with translation rules from so-called query expressions to expressions using these method names, lambda expressions and anonymous types. These can, for example, be used to project and filter data into arrays, enumerable classes, XML (LINQ to XML), relational databases, and third party data sources.The following are different types of LINQ -

1.Linq To Object - It is mainly used to filter ,sort in memory objects such as datatable,array etc.For eg,

var test=from dr in dt AsEnumerable();

where dr["Empid"]==1;

select dr;

Here var is anonymous type.

Above linq expression will search record from the datatable dt whose empid is 1.Linq to object is an alternate way to datatable methods like filter,sort etc.

2.Linq To SQL - It is used to manipulate data in database.

3. Linq To XML - It is used to filter data from XML in an effective manner.

How to change Regional language setting date format using .net?
Date format can be changed using the following code -

Microsoft.Win32.Registry.SetValue("HKEY_CURRENT_USER\Control Panel\International", "sShortDate", "M/d/yyyy")



Here I have considered the date format as "M/d/yyyy".You can change it as per your requirement. After executing this code, the changes can be seen Regional and Language Options i.e. Control Panel -> Regional and Language Options.

What are the various ways of authentication techniques in ASP.NET?
Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider-

1. authentication mode=”windows”

2. authentication mode=”passport”

3. authentication mode=”forms”

4. Custom authentication where you might install an ISAPI filter in IIS that compares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptable address. In that case, you would set the authentication mode to none to prevent any of the .net authentication providers from being triggered.

Windows authentication and IIS

If you select windows authentication for your ASP.NET application, you also have to configure authentication within IIS. This is because IIS provides Windows authentication. IIS gives you a choice for four different authentication methods

Anonymous, basic, digest and windows integrated

If you select anonymous authentication, IIS does not perform any authentication, any one is allowed to access the ASP.NET application.

If you select basic authentication, users must provide a windows username and password to connect. However, this information is sent over the network in clear text, which makes basic authentication very much insecure over the internet.

If you select digest authentication, users must still provide a windows user name and password to connect. However, the password is hashed before it is sent across the network. Digest authentication requires that all users be running Internet Explorer 5 or later and that windows accounts to store in active directory.

If you select windows integrated authentication, passwords never cross the network. Users must still have a username and password, but the application uses the Kerberos or challenge/response protocols authenticate the user. Windows-integrated authentication requires that all users be running internet explorer 3.01 or later Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is a solution to network security problems. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise

Passport authentication

Passport authentication lets you to use Microsoft’s passport service to authenticate users of your application. If your users have signed up with passport, and you configure the authentication mode of the application to the passport authentication, all authentication duties are off-loaded to the passport servers.

Passport uses an encrypted cookie mechanism to indicate authenticated users. If users have already signed into passport when they visit your site, they will be considered authenticated by ASP.NET. Otherwise, they will be redirected to the passport servers to log in. When they are successfully log in, they will be redirected back to your site

to use passport authentication you have to download the Passport Software Development Kit (SDK) and install it on your server. The SDK can be found at

http://msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.

It includes full details of implementing passport authentication in your own applications.

Forms authentication

Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application. The following applies if you choose forms authentication.

1. When a user requests a page for the application, ASP.NET checks for the presence of a special session cookie. If the cookie is present, ASP.NET assumes the user is authenticate

How does authorization work in ASP.NET?
ASP.NET impersonation is controlled by entries in the applications web.config file. The default setting is “no impersonation”. You can explicitly specify that ASP.NET should not use impersonation by including the following code in the file

identity impersonate=”false”

It means that ASP.NET will not perform any authentication and runs with its own privileges. By default, ASP.NET runs as an unprivileged account named ASPNET. You can change this by making a setting in the process Model section of the machine.config file. When you make this setting, it automatically applies to every site on the server. To user a high-privileged system account instead of a low-privileged set the username attribute of the process Model element to SYSTEM. Using this setting is a definite security risk, as it elevates the privileges of the ASP.NET process to a point where it can do bad things to the operating system.

When you disable impersonation, all the request will run in the context of the account running ASP.NET: either the ASPNET account or the system account. This is true when you are using anonymous access or authenticating users in some fashion. After the user has been authenticated, ASP.NET uses its own identity to request access to resources.

The second possible setting is to turn on impersonation.

identity impersonate =”true”

In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account that IIS itself uses. If you are not allowing anonymous access, ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were that user. Thus by turning impersonation on and using a non-anonymous method of authentication in IIS, you can let users log on and use their identities within your ASP.NET application.

Finally, you can specify a particular identity to use for all authenticated requests

identity impersonate=”true” username=”DOMAIN\username” password=”password”

With this setting, all the requests are made as the specified user (Assuming the password it correct in the configuration file). Therefore, for example you could designate a user for a single application, and use that user’s identity every time someone authenticates to the application. The drawback to this technique is that you must embed the user’s password in the web.config file in plain text. Although ASP.NET will not allow anyone to download this file, this is still a security risk if anyone can get the file by other means.

What is difference between Data grid, Datalist, and repeater?
A Data grid, Datalist and Repeater are all ASP.NET data Web controls.

They have many things in common like Data Source Property, Data Bind Method ItemDataBound, and Item Created.

When you assign the Data Source Property of a Data grid to a Dataset then each Data Row present in the Data Row Collection of Data Table is assigned to a corresponding DataGridItem and this is same for the rest of the two controls. However, The HTML code generated for a Data grid has an HTML TABLE ROW element created for the particular Data Row and it is a Table form representation with Columns and Rows.

For a Datalist it is an Array of Rows and based on the Template Selected and the Repeat Column Property value we can specify how many Data Source records should appear per HTML table row. In short, in data grid, we have one record per row, but in data list, we can have five or six rows per row.

For a Repeater Control, the Data records to be displayed depend upon the Templates specified and the only HTML generated is the due to the Templates.

In addition to these, Data grid has a in-built support for Sort, Filter and paging the Data, which is not possible when using a Data List and for a Repeater Control we would require to write an explicit code to do paging.

How to decide on the design consideration to take a Data grid, Datalist, or repeater?
Many make a blind choice of choosing data grid directly, but that is not the right way.

Data grid provides ability to allow the end-user to sort, page, and edit its data. However, it comes at a cost of speed. Second, the display format is simple that is in row and columns. Real life scenarios can be more demanding that

with its templates, the Data List provides more control over the look and feel of the displayed data than the Data Grid. It offers better performance than data grid

Repeater control allows for complete and total control. With the Repeater, the only HTML emitted are the values of the data binding statements in the templates along with the HTML markup specified in the templates—no "extra" HTML is emitted, as with the Data Grid and Data List. By requiring the developer to specify the complete generated HTML markup, the Repeater often requires the longest development time. However, repeater does not provide editing features like data grid so everything has to be coded by programmer. However, the Repeater does boast the best performance of the three data Web controls. Repeater is fastest followed by Datalist and finally data grid.

Difference between ASP and ASP.NET?
ASP.NET new feature supports are as follows: -

Better Language Support

• New ADO.NET Concepts have been implemented.

• ASP.NET supports full language (C#, VB.NET, C++) and not simple scripting like VBSCRIPT...

Better controls than ASP

• ASP.NET covers large sets of HTML controls..

• Better Display grid like Data grid, Repeater and datalist.Many of the display grid has paging support.

Controls have events support

• All ASP.NET controls support events.

• Load, Click, and Change events handled by code makes coding much simpler and much better organized.

Compiled Code

The first request for an ASP.NET page on the server will compile the ASP.NET code and keep a cached copy in memory. The result of this is greatly increased performance.

Better Authentication Support

ASP.NET supports forms-based user authentication, including cookie management and automatic redirecting of unauthorized logins. (You can still do your custom login page and custom user checking).

User Accounts and Roles

ASP.NET allows for user accounts and roles, to give each user (with a given role) access to different server code and executable.

High Scalability

• Much has been done with ASP.NET to provide greater scalability.

• Server to server communication has been greatly enhanced, making it possible to scale an application over several servers. One example of this is the ability to run XML parsers, XSL transformations, and even resource hungry session objects on other servers.

Easy Configuration

• Configuration of ASP.NET is done with plain text files.

• Configuration files can be uploaded or changed while the application is running. No need to restart the server. No more metabase or registry puzzle.

Easy Deployment

No more server restarts to deploy or replace compiled code. ASP.NET simply redirects all new requests to the new code.

What are major events in GLOBAL.ASAX file?
The Global. Sax file, which is derived from the Http Application class, maintains a pool of Http Application objects, and assigns them to applications as needed. The Global. Sax file contains the following events:

Application_Init: Fired when an application initializes or is first called. It is invoked for all Http Application object instances.

Application Disposed: Fired just before an application is destroyed. This is the ideal location for cleaning up previously used resources.

Application Error: Fired when an unhandled exception is encountered within the application.

Application Start: Fired when the first instance of the Http Application class is created. It allows you to create objects that are accessible by all Http Application instances.

Application End: Fired when the last instance of an Http Application class is destroyed. It is fired only once during an application's lifetime.

Application_BeginRequest: Fired when an application request is received. It is the first event fired for a request, which is often a page request (URL) that a user enters.

Application_EndRequest: The last event fired for an application request.

Application_PreRequestHandlerExecute: Fired before the ASP.NET page framework begins executing an event handler like a page or Web service.

Application_PostRequestHandlerExecute: Fired when the ASP.NET page framework has finished executing an event handler.

Applcation_PreSendRequestHeaders: Fired before the ASP.NET page framework sends HTTP headers to a requesting client (browser).

Application_PreSendContent: Fired before the ASP.NET page framework send content to a requesting client (browser). Application_AcquireRequestState: Fired when the ASP.NET page framework gets the current state (Session state) related to the current request.

Application_ReleaseRequestState: Fired when the ASP.NET page framework completes execution of all event handlers. This results in all state modules to save their current state data.

Application_ResolveRequestCache: Fired when the ASP.NET page framework completes an authorization request. It allows caching modules to serve the request from the cache, thus bypassing handler execution.

Application_UpdateRequestCache: Fired when the ASP.NET page framework completes handler execution to allow caching modules to store responses to be used to handle subsequent requests.

Application_AuthenticateRequest: Fired when the security module has established the current user's identity as valid. At this point, the user's credentials have been validated.

Application_AuthorizeRequest: Fired when the security module has verified that a user can access resources.

Session Start: Fired when a new user visits the application Web site.

Session End: Fired when a user's session times out, ends, or they leave the application Web site.

What is the order events triggering in GLOBAL.ASAX file ?
They are triggered in the following order:

Application_BeginRequest

Application_AuthenticateRequest

Application_AuthorizeRequest

Application_ResolveRequestCache

Application_AcquireRequestState

Application_PreRequestHandlerExecute

Application_PreSendRequestHeaders

Application_PreSendRequestContent

Code is executed

Application_PostRequestHandlerExecute

Application_ReleaseRequestState

Application_UpdateRequestCache

Application_EndRequest.



If client side validation is enabled in your Web page, does that mean server side code is not run.
When client side validation is enabled server emits JavaScript code for the custom validators. However, note that does not mean that server side checks on custom validators do not execute. It does this redundant check two times, as some of the validators do not support client side scripting.

Which JavaScript file is referenced for validating the validators at the client side?
WebUIValidation.js JavaScript file installed at “aspnet_client” root IIS directory is used to validate the validation controls at the client side

Which is the common property of all validation controls?
ControlToValidate is the common property of all validation controls.

What data type is returned by the IsPostback property?
Boolean data type is returned by the IsPostback property.

How to create FileSystemObject in ASP.NET?
FileSystemObject can be created using the method
Server.CreateObject ("Scripting.FileSystemObject").

Give the name of state management technique that rely on buffering?
Querystrings is the state management technique that relies on buffering.

In ASP.NET, what is used for validating the complex string patterns?
In ASP.NET, regular expression is used for validating the complex string patterns.

How can we prevent a browser from caching web page?
In ASP.NET, browser can be prevented from caching a web page using the method Response.Cache.SetNoStore ().

Give the name of datasource control that does not implement caching?
In ASP.NET, LinqDataSource does not implement caching.

LINQ is included in which .NET Framework?
LINQ is included in .NET Framework 3.5.

How to evaluate the page execution time, request time and response time?
Bugzilla is used to evaluate the page execution time, request time and response time.

Do html controls perform rendering?
Html controls does not perform rendering since all the browsers understand the html tags.

What does XBAP stands for?
XBAP stands for XAML Browser Application .It is a new Windows technology used for creating Rich Internet Applications. The extension of the executable file is .xabp and it can be executed in internet browser.

How to restrict a class from being inherited by another class?
The keywod sealed can be used for restricting a class from being inherited by another class.

Which type of authentication is not used by IIS?
Forms type of authentication is not used by IIS.

Is session a method to maintain client side state?

No, session is not a method to maintain client side state since session value is stored in server memory.

In the connection string,what do we specify at Initial Catalog ?

In the connection string, Initial Catalog is used for defining the database name.The example of connection string is as,

User ID=sa;Pwd=sa;Initial Catalog=DB;server=192.168.0.42

Which control displays a single record at a time?
Form View control display's a single record at a time.

Is it possible to add multiple skins on a single page?
Yes, it is possible to add multiple skins on a single page.

Does form authentication work if cookies are not enabled in browser?
Yes, form authentication work if cookies are not enabled in browser.

What is the default port number the protocol https is used?
The default port number of https protocol is 443.

When was ASP.NET launched?
The first version of ASP.NET was launched in January 2002 with version 1.0 of the .NET Framework.

Is timer control available in ASP.NET?
There is no build in timer control in ASP.NET.But timer control is provided in AJAX. For using this AJAX timer control you need to incorporate AJAX in your ASP.NET web application.

What do you mean by round trip in ASP.NET?
In ASP.NET, when a button is clicked, the information is send to server. This information is processed at the server end and the result is returned to the browser. This sequence of sending information, processing information and getting the result is known an round trip.

Web pages are stateless. What does this means?
In the client server architecture, the web pages are created from scratch every time round trip occurs. When any information is send to server, it processes it and creates the result. But it does not preserve any information. Everything is developed from scratch and discarded once the result is posted to the client. So the web pages are said to be stateless.

DataGridView control is available in windows application and gridview control is available in web application. Both of these controls support datasource property. Is the databind method available in both the controls i.e. datagridview and gridview.
No, databind method is not available in both the controls.Databind method is available in gridview but in datagridview this method is not available.

What are the characteristics of a website?
The following are the characteristics of a website -

1. Website is nothing but collection of web pages to server a specific purpose.

2. To access a website one should have browser and internet connection.

3. Website are by nature platform independent since the browser only understands HTML.

4. Websites are very seamless to deploy the web pages at the central location.

5. To host a website one should use application server.

6. There are number of application servers such as IIS, apache tomcat etc.

What is the basic sequence of events in ASP.NET?
Suppose the user clicks on server side button and button is configured for the onclientclick (Client side event) and onclick (server side event) event. Then the onclientclick event will fire first followed by the onclick event.

What is the use of connection string in .NET?
Connection string is used for authenticating the database for accessing the information from the database. Connection string contains server name, database name, user id, and password and database provider.

What is the difference between ASP.NET server control and html control?
ASP.NET server controls are advanced controls having its own properties and methods. These controls are event driven. When a specific event is triggered, the attached procedure executes. This procedure executes on the server and the end result is returned to the client.

HTML controls are simple controls. These controls are also event driven but the procedure or function attached to the event executes at the client side. The execution speed of html control is faster than server control since it executes at client side and the round trip is avoided.

For e.g., consider two button controls. One is server control and other is html control. Both these controls have onclick event.Just assume that both the controls display a message "Hello world" when they are clicked.When the server control in clicked, the procedure will be called and executed on the server.The message will be returned. When the html button is clicked, the javascript function will the called and the message will be displayed.For the server control postback will occur.But for html control, postback will not occur.

When the requirement is very simple then html control can be used.When the requirement is complex such as interacting with the database server,then server control should be used.In short, just analyse your requirement. When the processing can be done at the client side,then use html control. When the processing can be done on the server, then use server control.

For eg,you want to find the addition of two numbers. These two numbers are placed in two textboxes. In this case, add a html button and call a JavaScript that gets the values from these two textboxes and adds it.Now assume that you want to find the salary of employee which is saved in database. In this case, add a server button and onclick event write a procedure that executes a query and gets the salary of employee.

What is the difference between session and viewstate?
Following are the differences between session and viewstate-

1.Both session and viewstate are used for saving data. But session saves the data as per user session. The data persist as long as session is alive. Once the session is destroyed or expires, the data from the session object is destroyed. Viewstate saves data pagewise.The data persists as long as page is alive. Once the page is unloaded, the data from viewstate is destroyed.

2. The data of the session object is saved on the web server while the data of viewstate is stored at the client side.

3. Session variables are stored in a SessionStateItemCollection object that is accessed using HttpContext.Session property. Viewstate variables are stored in hidden textbox. Right click on the page and select viewsource.You will find a text box as,

input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value ="/wEPDwUKLTE3NT"

4.Session object has different modes such as InProc,StateServer,SQLServer,Custom and Off. There are no modes in Viewstate.

How is web request handled in ASP.NET?
Following are the steps of handling a web request in ASP.NET -

1. Suppose you enter the following url in the browser.

http://www.dotnetutorial.com/index.aspx

2. This url is spitted into three parts as -

Protocol - http

Server Name - www.dotnetutorial.com

File Name - index.aspx

3. Browser first communicates with the computer called as 'Domain Name Server’. The communication between browser and the 'Domain Name Server' is established with the help of internet. Domain Name Server finds the IP address of the server www.dotnetutorial.com.

4. Then the browser communicates with the web server at that IP address.

5. Server creates a request for the specified url and forwards the request to the web server to which it has established a connection.

6. The web server examines the page requested. If it is asp.net page, then some processing should be done by the asp.net service.So the request is then forwarded to asp.net process. The asp.net service processes the asp.net page and generates the html output.

7. This html output is send back to the browser by the web server.

8. The html code is rendered in the browser to show the web page.

What is the difference between ByVal and ByRef i.e. passing value as parameter and passing reference as parameter?
When you use ByVal i.e. pass value as parameter, you create another variable which holds the value of original variable. This another variable consumes same memory as original variable and then it is used in the called procedure or function.

When you use ByRef i.e. pass reference as parameter, the address of the variable is passed. While executing the procedure or function, the value from that particular address is fetched. You don't create another variable. So additional memory is not consumed. This approach is very useful when the value of passed variable remains constant until the called procedure or function terminates.

From code optimization point of view, you should use ByRef instead of ByVal. ByRef consumes low memory since replica of the variable is not created. Address of any variable is numeric and numeric data type consumes less memory.

What is the base class of web forms?
Page is the base class of web forms. This page class is inherited from System.Web.UI namespace.

What is session object in ASP.NET?
When you use any application on your computer, the computer knows what you are doing. It tracks each and every activity while the application is executing.

This type of tracking system is not available on the internet since HTTP address does not maintain state. The web server does not know your identity and what you are doing.ASP.NET has resolved this problem by creating a unique cookie for each user. The cookie is send to user's computer and it contains all the essential information for tracking the user and his activities. This interface is called the Session object.

The information stored in the session object is session specific. When the user connects to the site new session is created and information is saved in cookie. Next time when he reconnects to the site new session is created. The information saved in session can be accessed by all the web pages but this information is lost once the session expires. So you can save information in the session object where the interaction or transaction last for short interval of time i.e. transaction time should be less than session time. If you are interacting with the site for more than hour than it is not advisable to store information in session object.

What is use of InStr function?
InStr function is used for finding the position of the character or string.For eg, consider the following example,

InStr("Test", "t")

In the above example, the input string is Test and we want to find the position of the character t.Since the position of the character t is 4 then output of the above example is 4.Now consider another example.

InStr("Test", "es")

In the above example, the output will be 2.

What is the difference between Response.Cookies and Request. Cookies?
Response.Cookies are the cookies that are send from server to browser.

Request.Cookies are the cookies that are send from browser to server.

What is Request.QueryString in ASP.NET?

Request.QueryString is used for passing a value from one page to another since it can read value from the url.The Query String collection gets the values of the variables in the HTTP query string. The HTTP query string is specified by the values followed by a question mark (?). For eg, consider the following url,

http://www.dotnetutorial.com/interview-questions.aspx?catid=1

In the above example, the variable name is catid and the value passed is 1.

How to access the information about user's locale?
The information about user's locale can be accessed using the System.Web.UI.Page.Culture property.

What is the name of parent class of all server controls in ASP.NET?
In ASP.NET, System.Web.Ul.Control class is the parent class for all server controls.

What are the advantages of the code-behind feature?
Following are the advantages of code-behind feature -

1. It is very easy to manage code since html code and programming code are placed in two separate files.

2. Graphic designer and software engineer can focus on their specific domains since html code and programming code are placed in two separate files. Also, they will in interrupt each other tasks.

3. The problem of browser incompatibility is resolved since the code file is placed in web server and web page is placed on client side. The web page is send to client side after getting the details of the client browser.

Give the name of two new properties that are added in ASP.NET 4.0 Page class?
Following are the two new properties that are added in ASP.NET 4.0 page class -

1. MetaKeyword

2. MetaDescription

How to redirect a page permanently in ASP.NET 4.0?
In ASP.NET 4.0, a page can be redirected permanently using the method RedirectPermanent().

What is the difference between content page and master page?
Content page does not have complete html code where as master page has complete html code.

What is the difference between page-level caching and fragment caching ?
In page-level caching, the entire page is cached while in fragment caching sub-part of the web page is cached. For eg, user controls.

What are the different types of cookies available in ASP.NET?
The different types of cookies available in ASP.NET are as follows -

1. Session Cookie - Session Cookies are present on the client side and exists as long as session is alive. Once the session expires, session cookie is deleted.

2. Persistent Cookie - Persistent Cookie are present on the client side and exists for specific period of time. This period of the existence of cookie is set by user.

What is the difference between ASP session and ASP.NET session?
ASP.NET supports cookie-less session whereas ASP does not support cookie less session.Also, the ASP.NET session can span across multiple servers.

What does neutral culture means?
When you specify a language but do not specify the associated country through that culture, then that culture is called as a neutral culture.

What is the use of navigation controls?
Navigation controls are the controls that are used for navigating through the website. These controls store all the links in a hierarchical or drop-down structure. Different types of navigation controls are as follows -

1. SiteMapPath

2. Menu

3. TreeView

How to get username if you are using windows authentication?
System.Environment.UserName

What is the difference between System.String and System.StringBuilder classes?
What are the different data types supported by rangevalidator ?
Following are the different data types supported by rangevalidator -

What is the maximum size of data that can be stored in a cookie?
In a cookie, the size of maximum data is 4 KB.

How to get the referral page's url?
For getting referral page's url use ,

Request.UrlReferrer.ToString();

Which is the good option for redirecting from one page to another within the same server? Response.Redirect or Server.Transfer

Server.Transfer is the good option for redirecting from one page to another within the same server since round trip ia avoided.

Which is the first event that fires in page life-cycle Event?
PreInit is the first event that fires in page life-cycle Event.

Which validation control is used for displaying the list of error messages?
ValidationSummary control is used for displaying the list of error messages.

Which regular expression is used for validating 10 digit mobile number?
Following are the regular expressions that are used for validating 10 digit mobile number -

1. [0-9]{10}

2. \d

What are the different data types supported by rangevalidator?
Following are the different data types supported by rangevalidator -

1. Integer

2. String

3. Date

Does the finally block executes if there is no exception?
Yes, the finally block executes if there is no exception.

Can a website be executed without web.config?
Yes, website can be executed without web.config.It will inherit cofiguration setting from machine.config file.

 Note:All the collection is shamelessly copied from following link
http://www.dotnetutorial.com/interview-questions.aspx
 Author does not claim any originality of content,all credit goes to original author,I am just compiling this for my own study.
   If anybody want to suggest some additional questions please do so.