Note: Every set is having 20 questions each. Please naviagate to the other set of questions by clicking the links in the "Other Questions" section on the right hand side
Can a user browsing my Web site read my Web.config or Global.asax files?
No. The
Is it necessary to lock application state before accessing it?
Only if you're performing a multistep update and want the update to be treated as an atomic operation.
Here's an example:
Application.Lock ();
Application["ItemsSold"] = (int) Application["ItemsSold"] + 1;
Application["ItemsLeft"] = (int) Application["ItemsLeft"] - 1;
Application.UnLock ();
By locking application state before updating it and unlocking it afterwards, you ensure that another request being processed on another thread doesn't read application state at exactly the wrong time and see an inconsistent view of it.
If I update session state, should I lock it, too? Are concurrent accesses by multiple requests executing on multiple threads a concern with session state?
Concurrent accesses aren't an issue with session state, for two reasons. One, it's unlikely that two requests from the same user will overlap. Two, if they do overlap, ASP.NET locks down session state during request processing so that two threads can't touch it at once. Session state is locked down when the HttpApplication instance that's processing the request fires an AcquireRequestState event and unlocked when it fires a ReleaseRequestState event.
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the
Is it possible to prevent a browser from caching an ASPX page?
Just call SetNoStore on the HttpCachePolicy object exposed through the Response object's Cache property, as demonstrated here:
<%@ Page Language="C#" %>
<%
Response.Cache.SetNoStore ();
Response.Write (DateTime.Now.ToLongTimeString ());
%>
SetNoStore works by returning a Cache-Control: private, no-store header in the HTTP response. In this example, it prevents caching of a Web page that shows the current time.
What does AspCompat="true" mean and when should I use it?
AspCompat is an aid in migrating ASP pages to ASPX pages. It defaults to false but should be set to true in any ASPX file that creates apartment-threaded COM objects--that is, COM objects registered ThreadingModel=Apartment. That includes all COM objects written with Visual Basic 6.0. AspCompat should also be set to true (regardless of threading model) if the page creates COM objects that access intrinsic ASP objects such as Request and Response. The following directive sets AspCompat to true:
<%@ Page AspCompat="true" %>
Setting AspCompat to true does two things. First, it makes intrinsic ASP objects available to the COM components by placing unmanaged wrappers around the equivalent ASP.NET objects. Second, it improves the performance of calls that the page places to apartment- threaded COM objects by ensuring that the page (actually, the thread that processes the request for the page) and the COM objects it creates share an apartment. AspCompat="true" forces ASP.NET request threads into single-threaded apartments (STAs). If those threads create COM objects marked ThreadingModel=Apartment, then the objects are created in the same STAs as the threads that created them. Without AspCompat="true," request threads run in a multithreaded apartment (MTA) and each call to an STA-based COM object incurs a performance hit when it's marshaled across apartment boundaries.
Do not set AspCompat to true if your page uses no COM objects or if it uses COM objects that don't access ASP intrinsic objects and that are registered ThreadingModel=Free or ThreadingModel=Both.
Which two properties are on every validation control?
We have two common properties for every validation controls 1. Control to Validate,2. Error Message.
What property do you have to set to tell the grid which page to go to when using the Pager object?
CurrentPageIndex
What tag do you use to add a hyperlink column to the DataGrid?
Which method do you use to redirect the user to another page without performing a round trip to the client?
Server.transfer
Explain role based security ?
Role Based Security lets you identify groups of users to allow or deny based on their role in the organization. For example In Windows NT and Windows XP, roles map to names used to identify user groups. Windows defines several built-in groups, including Administrators, Users, and Guests. To allow or deny access to certain groups of users, add the
<>
< roles="Domain Name\Administrators">
< !-- Allow Administrators in domain. -- >
< users="*">
< !-- Deny anyone else. -- >
< /authorization >
How do you register JavaScript for webcontrols ?
You can register javascript for controls using
What is web.config file ?
Web.config file is the configuration file for the Asp.net web application. There is one web.config file for one asp.net application which configuresthe particular application. Web.config file is written in XML with specific tags having specific meanings.It includes databa which includesconnections,Session States,Error Handling,Security etc.For example :
<>
<>
< key="ConnectionString" value="server=localhost;uid=sa;pwd=;database=MyDB">
< /appSettings >
< /configuration >
Which property on a Combo Box do you set with a column name, prior to setting the DataSource, to display data in the combo box?
DataTextField and DataValueField
Which control would you use if you needed to make sure the values in two different controls matched?
CompareValidator is used to ensure that two fields are identical.
What is validationsummary server control?where it is used?.
The ValidationSummary control allows you to summarize the error messages from all validation controls on a Web page in a single location. The summary can be displayed as a list, a bulleted list, or a single paragraph, based on the value of the DisplayMode property. The error message displayed in the ValidationSummary control for each validation control on the page is specified by the ErrorMessage property of each validation control. If the ErrorMessage property of the validation control is not set, no error message is displayed in the ValidationSummary control for that validation control. You can also specify a custom title in the heading section of the ValidationSummary control by setting the HeaderText property.You can control whether the ValidationSummary control is displayed or hidden by setting the ShowSummary property. The summary can also be displayed in a message box by setting the ShowMessageBox property to true.
Difference between asp and asp.net?."
ASP (Active Server Pages) and ASP.NET are both server side technologies for building web sites and web applications, ASP.NET is Managed compiled code - asp is interpreted. and ASP.net is fully Object oriented. ASP.NET has been entirely re-architected to provide a highly productive programming experience based on the .NET Framework, and a robust infrastructure for building reliable and scalable webapplications."
What are the various ways of securing a web site that could prevent from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,
What is the difference between in-proc and out-of-proc?
An inproc is one which runs in the same process area as that of the client giving tha advantage of speed but the disadvantage of stability becoz if it crashes it takes the client application also with it.Outproc is one which works outside the clients memory thus giving stability to the client, but we have to compromise a bit on speed.
When you’re running a component within ASP.NET, what process is it running within on Windows XP? Windows 2000? Windows 2003?
On Windows 2003 (IIS 6.0) running in native mode, the component is running within the w3wp.exe process associated with the application pool which has been configured for the web application containing the component.
On Windows 2003 in IIS 5.0 emulation mode, 2000, or XP, it's running within the IIS helper process whose name I do not remember, it being quite a while since I last used IIS 5.0.
Other ASP.Net related interview questions are available at
Set 1 of ASP.Net Interview questions or Asp.Net FAQs
Set 3 of ASP.Net Interview questions or ASP.Net FAQs
New features of C# 4.0 is available at C# 4.0 FAQs or C# 4.0
Basic .Net questions are available at .Net Frame works FAQ or .Net interview question
No comments:
Post a Comment