What is the difference between login controls and Forms authentication?
§ Forms authentication can be easily implemented using login controls without writing any code.
§ Login control performs functions like prompting for user credentials, validating them and issuing authentication just as the FormsAuthentication class.
§ However, all that’s needs to be dne is to drag and drop the use control from the tool box to have these checks performed implicitly.
§ The FormsAuthentication class is used in the background for the authentication ticket and ASP.NET membership is used to validate the user credentials.
ANS 2 : Login control provides form authentication. If we implement for authentication through form authentication then we do it through code. On the other hand, login control allows the easy implementation on the basis of form authentication without writing much of code. Underneath the control, the class used for login control is also FormAuthentication class. So instead of creating your own set of user credential validations and issuing of authentication ticket, it is simpler to use a normal login control.
What is Fragment Caching in ASP.NET?
§ Fragment caching refers to the caching of individual user controls within a Web Form.
§ Each user control can have independent cache durations and implementations of how the caching behavior is to be applied.
§ Fragment caching is useful when you need to cache only a subset of a page.
§ Navigation bars, header, and footers are good candidates for fragment caching.
ASP.NET - What is Fragment Caching in ASP.NET? - June 04, 2009 at 15:00 PM by Shuchi Gauri
Fragment caching allows to cache specific portions of the page rather than the whole page. It is done by implementing the page in different parts by creating everything in form of user controls and caching each user control individually.
What is ViewState? Explain its benefits and limitations.
Viewstate is used to maintain or retain values on postback. It helps in preserving a page. Viewstate is internally maintained as a hidden field in encrypted form along with a key.
Advantages:
i) No server resources.
ii) Viewstate ensures security because it stores the data in encrypted format.
iii) Viewstates are simple. They are used by enabling or disabling the viewstate properties.
iv) It is based on the wish of developer that they want to implement it at the page level or at control level.
Disadvantages:
i) If large amount of data is stored on the page, then page load might cause a problem.
ii) Does not track across pages. Viewstate information does not automatically transfer from page to page.
What is the Pre-Compilation feature of ASP.NET 2.0?
Previously, in ASP.NET, the pages and the code used to be compiled dynamically and then cached so as to make the requests to access the page extremely efficient. In ASP.NET 2.0, the pre-compilation feature is used with which an entire site is precompiled before it is made available to users.
There is a pre-defined folder structure for enabling the pre-compilation feature:
§ App_Code: stores classes
§ App_Themes: stores CSS files, Images, etc.
§ App_Data: stores XML files, Text Files, etc.
§ App_GlobalResources: stores all the resources at global level E.g. resx files, etc
§ App_LocalResources: stores all the resources at local/Page level
How can we create custom controls in ASP.NET?
Custom controls are user defined controls. They can be created by grouping existing controls, by deriving the control from System.Web.UI.WebControls.WebControl or by enhancing the functionality of any other custom control. Custom controls are complied into DLL’s and thus can be referenced by as any other web server control.
Basic steps to create a Custom control:
1. Create Control Library
2. Write the appropriate code
3. Compile the control library
4. Copy to the DLL of the control library to the project where this control needs to be used
5. The custom control can then be registered on the webpage as any user control through the @Register tag.
What is an application domain?
It's a way in CLR to maintain a boundary between various applications to ensure that they do not interfere in working of any other application. CLR acts as a mini operating system where a single process may have various application domains.
Explain the two different types of remote object creation mode in .NET.
Ways in which object can be created using Remoting: -
SAO Server Activated Object (call mode): lasts the lifetime of the server. They are activated as SingleCall/Singleton objects. It makes objects stateless. A SingleCall object gets created for each request by client and A Singleton object is created once on the server and is shared by all the clients.
CAO (Client Activated Objects): CAO creates stateful objects. The object creation request is based on the request by client side. Therefore, the lifetime is based on client and not server. Single instance of object is created for every call.
Describe SAO architecture of Remoting.
Remoting has at least three sections:-
1. Server
2. Client: This connects to the hosted remoting object
3. Common Interface between client and the server .i.e. the channel
Remoting takes an indirect approach to application domain communication by creating proxy objects. Communication is performed as below:
a. When a client object wants to create an instance of the server object, the remoting system at the client creates a proxy of the server object. The proxy object is at the client but behaves exactly like the remote object i.e. the server object.
b. The proxy passes the call information to the remoting system on the client. Client remoting system then sends the information to the remoting system on the server which then invokes the actual method on the server object. The remoting system on the server then passes the result information back to the client remoting system.
c. The client remoting system returns the results to the client object through the proxy.
Explain Singleton architecture of Remoting.
Singleton architecture is to be used when all the applications have to use or share same data.
Define LeaseTime, SponsorshipTime, RenewOnCallTime, LeaseManagePollTime.
Terms related to lifecycle of a remoting object.
The LeaseTime property protects the object so that the garbage collector does not destroy it as remoting objects are beyond the scope of the garbage collector. Every object created has a default leasetime for which it will be activated. Once the leasetime expires, the object is eligible again for garbage collector and is eventually destroyed. Default value is 5 minutes.
Even though the leasetime of an object has expired, there still may be clients who would still need the remoting object on the server. In such cases the leasemanager keeps a track of such clients and asks them if they need the object and are ready to extend or sponsor the object to extend its existence. This is done through SponsorshipTime property, which is then based on the sponsor.
The RenewOnCallTime property defines the duration for which a remoting object's lease is extended if a sponsor is found. The default value is 2 minutes.
The LeaseManager class has a property PollTime, which defines the frequency at which the LeaseManager polls the leases. Default is 10 seconds.
Briefly explain how to specify remoting parameters using config files.
The remoting parameters can be specified through both programming and in config files. All the settings defined in config files are placed under <system.runtime.remoting>
<application> is placed under system.runtime.remoting but the name attribute of application tag specifies if the parameter is for server or client. RemotingConfiguration.Configure is used to access the configuration keys for remoting properties.
What is marshalling? Explain types of marshalling.
Marshaling is a process of transforming or serializing data from one application domain and exporting it to another application domain.
Two types of marshalling
§ Marshal by value: a copy of an object is created by the server and is passed and used by the client.
§ Marshal by reference: the client creates a proxy to access the object.
What is ObjRef object in remoting?
ObjRef is a searializable object returned by Marshal() that knows about location of the remote object, host name, port number, and object name.
Explain the steps of acquiring a proxy object in web services.
§ Client communicates to UDI node to retrieve a list of available web services that the client has access to.
§ Every service listed has a URI pointing to the service's DISCO or WSDL document, which is needed to access the webservice and its 'webmethod" methods.
§ After interpreting the DISCO document, follow the URI for the WSDL document related to the chosen webservice.
§ Client then adds and parses the WSDL document and creates a proxy object which can then communicate with Webservice and access its "webmethod" methods.
Explain the steps to create a web services and consume it.
Steps to create and consume a webservice
Creation:
§ a. Create a new website by selecting "ASP.NET Web Site" and giving it a suitable name.
§ b. service.cs file appears inside the solution with a default webmethod named as "HelloWorld()"
§ c. Right click on the webservice project and add a web reference instead of adding a normal reference.
§ d. A window appears that displays a list of webservices knows to the solution.
§ e. Click on "Webservices in this solution"
§ f. a search progress bar appears and
§ g. Select the service that appears in the list
§ h. progress bar appears once again.
§ i. web method appears on the screen
§ j. Click on "Add reference" button. This would add localhost
§ k. solution would have App_WebReference folder
Consumption or Usage:
§ a. Add a UI (.aspx) to the webservice project
§ b. Add a button and a label to the form
§ c. Double click the button to see the click event of the button
§ d. Create an object of type service localhost.serviceName
§ e. Write code to display the value returned by the webmethod on the label
§ f. Execute the solution by setting the added aspx as the startpage.
§ g. click on the button and the message "Hello World" would be displayed on the label
Explain the difference between cache object and application object.
Application Object: Application variable/object stores an Object with a scope of availability of the entire Application unless explicitly destroyed.
Caching Object: The lifetime of cache is throughout the lifetime of an application or is based upon timeouts
What is Cache Callback in Cache?
The cache object has dependencies e.g. relationships to the file it stores. Cache items remove the object when these dependencies change. As a work around we would need to simply execute a callback method whenever items are removed from the cache to add the items back in cache.
e.g.: We have a string variable string var="hello" and store it in cache. This item would be removed from the cache if value is changed from "hello" to "bye". In such a case we need to simply right a callback function which would add updated var back in cache as it’s been removed as a result of its dependencies changing.
What is Scavenging?
A process where items are removed from cache in order to free the memory based on their priority. A property called "CacheItemPriority" is used to figure out the priority of each item inside the cache. This priority property is set when an item is added to the cache.
Explain the types of Caching using Cache object of ASP.NET.
§ Page output: Is used to fetch information or data at page level. It is best used when the site is mainly static. Used by declaring the output page directive
§ Page fragment: Is used to cache the structure level information. It is used when parts of pages change. For example: user control
§ Programmatic or data: Is used to fetch the information of an application quickly based on the requirements.
Show with an example how to Cache different version of same page using ASP.NET Cache object.
The ways to cache different versions on the same page using ASP.NET cache object is using OutputCache object.
Three parameters of OutputCache, has 3 parameters:
§ VarByParam: based on input parameters passed through HTTP POST/GET.
§ VarByHeader: based on the page header content.
§ VayByCustom: based on declaration of an attribute and overriding GetVaryByCustomString handler.
§ VarByControl: varies with the value of properties of ASP objects.
Explain how to implement Fragment Cache
Fragment cache is to store user controls individually within a web form in cache instead of the whole webform as such. The idea is to simply have different cache parameters for different user controls.
control1: <%@ OutputCache Duration="40" VaryByParam="none"%>
control2: <%@ OutputCache Duration="60" VaryByParam="none"%>
If control1 and control2 exist on a single webform together, the values of control1 and control2 would be cached for different durations based on @OutputCache directive.
Explain the various modes of storing ASP.NET session.
Types of sessions:
§ InProc: The default way to use sessions. InProc is the fastest way to store and access sessions.
§ OutProc:
i. State server: 15% slower than InProc. Session is serialized and stored in aspnet_state.exe process. Stateserver sessions can be stored on a separate machine too.
ii. SQL Server: 25% slower than InProc. Used when data is to be serialized and stored in SQL Server database.
What are the different types of Session state management options available with ASP.NET?
In-Process state management:
§ The In-Process type of Session state management stores the session in memory on the web server.
§ In order to have a user always reconnect to the same web-server, a sticky server is needed.
Out-of-Process state management:
§ Out-of-Process Session state management stores data in an external data source.
§ The external data source may be a SQL Server or a State Server service.
§ Out-of-Process state management requires the objects in a session to be serializable..
What are the benefits and limitations of using hidden fields?
Advantages:
a. Easy to implement
b. Hidden fields are supported by all browsers
c. Enables faster access of information because data is stored on client side
Disadvantages:
a. Not secure because the data is stored on Client side.
b. Decreases page performance if too many hidden fields
c. Only support single value.
What are benefits and limitations of using Cookies?
Advantages:
a. They are simple to use.
b. Light in size, thus occupy less memory.
c. Stores server information on client side
d. Data need not to be sent back to server.
e. Cookies persist for much longer period of time than a session.
Disadvantages:
a. Since they are stored on the client side in plain text, they are not secure.
b. Number of cookies that can be stored and their size is limited.
c. They don't work if security level is set too high in browser.
d. Some people might just disable cookies on their browsers.
What is Absolute and Sliding expiration in .NET?
Absolute and sliding expiration are two Time based expiration strategies.
Absolute Expiration: Cache in this case expires at a fixed specified date or time.
Example: Cache. Insert("ABC", ds, null, DateTime.Now.AddMinutes(1), Cache.NoSlidingExpiration);
The cache is set to expire exactly two minutes after the user has retrieved the data.
Sliding Expiration: the cache duration increases in this case by the specified sliding expiration value every time the page is requested. More a page is requested it will remain in cache, whereas a less requested page will not remain in cache.
Example: Cache.Insert("ABC", ds, null, Cache.NoAbsoluteExpiration, TimeSpan.FromMinutes(1));
Explain the concepts and capabilities of cross page posting.
Cross Page Posting: It refers to the scenario where on event of some controls posts from one page to another instead of a normal postback. Normal postback is when for e.g. a button (or any control that postbacks) is clicked and web page is submits the page back to itself which means a return trip. In Cross page posting, on click of a button there would be no return trip.
Cross-page posting is done at the control level. It is possible to create a page that posts to different pages depending on what button the user clicks on. It is handled by done by changing the postbackurl property of the controls.
Explain how to access ViewState value of this page in the next page.
PreviousPage property is set to the page property of the nest page to access the viewstate value of the page in the next page. Page poster = this.PreviousPage;
Once that is done, a control can be found from the previous page and its state can be read.
Label posterLabel = poster.findControl("myLabel");
string lbl = posterLabel.Text;
What is SQL Cache Dependency in ASP.NET?
SQL Cache Dependency in ASP.NET: It is the mechanism where the cache object gets invalidated when the related data or the related resource is modified. It is a feature in SQL Server 2005 and SQL Server 2000.
3 types of SQL-cache dependencies exist:
a. Other cache items.
b. Files/folders.
c. Dependencies on a database query.
Explain the concepts of Post Cache Substitution in .NET
Post Cache Substitution: It works opposite to fragment caching. The entire page is cached, except what is to be kept dynamic. When [OutputCache] attribute is used, the page is cached on both the server and the client. Whereas, you use in case of post cache substitution the page is cached on the server only. HttpResponse.WriteSubstitution method is a way to implement it.
Explain the use of localization and Globalization.
Users of different countries, use different languages and others settings like currency, and dates. Therefore, applications are needed to be configurable as per the required settings based on cultures, regions, countries.
Globalization: Is a way of writing the executables in a way that they are culture or language neutral.
The culture and language details specific details should be kept configurable. The main part of Globalization is to find out the locale-sensitive resources that are needed to be kept configurable and to segregate these resources from the executable code.
Localization: Is the task to customize the application. The main part of localization is the translation of resources found in globalization.
Explain the concepts of CODE Page approach. What are the disadvantages of this approach?
Code Page was used before Unicode came into existence. It was a technique to represent characters in different languages. It was a different interpretation of ASCII set which means it kept 128 characters for English and rest 128 were specifically tailored for other languages.
Disadvantages:
a. Languages like Japanese and Chinese having more than 5000 characters were difficult to represent n 128 character set.
b. Clients also need to have a support for code page.
c. It‘s representation is done on the basis of operating system.
What are resource files and explain how do we generate resource files?
Resource files are files in XML format. They contain all the resources needed by an application. These files can be used to store string, bitmaps, icons, fonts.
Steps to generate a resource file:
a. Open the web page in the design view.
b. Click Tools
c. Select generate local resource
d. .resx file generated in the solution explorer
e. Type in the resources. The file contains the key and value pairs.
f. Save the file.
What are Satellite assemblies and how to generate Satellite assemblies?
To support the feature of multiple languages, we need to create different modules that are customized on the basis of localization. These assemblies created on the basis of different modules are knows as satellite assemblies.
Steps to generate satellite assemblies:
a. Set the paths for resgen and al.exe:
b. Create a .resources file.
c. Create the satellite assembly.
d. The assembly should have the naming convention for .NET to be able to search for it.
e. Specify the settings for culture.
f. Put the satellite assembly in the appropriate folder.
g. Once the satellite assembly is created, physically copy it to the appropriate directory.
h. Repeat the process for each language in which you are creating an assembly.
ASP.NET - What are Satellite assemblies? - May 20, 2009 at 10:10 AM
What is Satellite Assembly?
Satellite Assemblies are language-specific assemblies and are used for language-specific resources for an application. Each assembly of this kind has a separate language specific ID and is installed in a language-specific subdirectory for each language.
Explain the concepts of resource manager class.
ResourceManager class: It provides convenient access to resources that are culture-correct. The access is provided at run time.
This class provides resource withdrawal when a localized resource does not exist. It helps in resource serialization, and provides access to resources that are not packaged in your assembly. It is very much possible to derive classes from ResourceManager class and create our own custom resource solutions.
What is Windows communication foundation, WCF?
WCF is a framework that builds applications that can inter-communicate based on service oriented architecture consuming secure and reliable web services. This also helps in Distributed computing. The WCF also brings together the various communication models into a single model.
Explain the important principle of SOA.
A service-oriented architecture is collection of services which communicate with one another other. The communication can range from simple data passing to two or more services organizing some activity.
Explain the components of WCF - Service class, Hosting environment, END point.
WCF Service is composed of three components:
§ Service class: It implements the service needed.
§ Host environment: is an environment that hosts the developed service.
§ Endpoints: are the connection points for the clients to connect to the service. Clients find the end points through three components like service contract, binding, and address.
Difference between WCF and Web Services
WCF can create services similar in concept to ASMX, but has much more capabilities. WCF is much more efficient than ASP.Net coz it is implemented on pipeline. WCF is more secure, reliable. As WCF is implemented on a different pipeline it does not have all Http capabilities (Http session, cache etc).
What are different bindings supported by WCF?
a. BasicHttpBinding
b. WSHttpBinding
c. WSDualHttpBinding
d. WSFederationHttpBinding
e. NetTcpBinding
f. NetNamedPipeBinding
g. NetMsmqBinding
h. NetPeerTcpBinding
i. MsmqIntegrationBinding
What is duplex contract in WCF?
Duplex contract: It enables clients and servers to communicate with each other. The calls can be initiated independently of the other one. The duplex contract is one the message patterns available to Windows Communication Foundation (WCF) services. It comprises of two one-way contracts.
Different transaction isolation levels in WCF
§ Read Uncommitted: - Also known as Dirty isolation level. It makes sure that corrupt Data cannot be read. This is the lowest isolation level
§ Read Committed: - It ensures not to read the data that has been changed by any other application and is not yet committed. It is the default level.
§ Repeatable Read: - It stops the usage of dirt read and non-repeatable read. It states that data fetched through a query will be locked and will not be updated by any other transaction.
§ Serializable: - It does not allow any modification and addition of new data till the transaction is completed. This is considered to be a very restrictive level.
§ Snapshot: - It raises error on modifying a data that has already been changed by any transaction.
What are Volatile and Dead letter queues?
Volatile Queues: There are scenarios in the project when you want the message to deliver in proper time. The timely delivery of message is very more important and to ensure they are not lost is important too. Volatile queues are used for such purposes.
Dead-Letter Queues: Queues are needed so that client and server are not required to run at the same time when the message is sent. When a message lies inside a queue for a long time on the server and becomes invalid after some time period, then such messages are not to be sent to the client. All these messages are sent to dead-letter queue. Therefore, dead-letter queues are responsible for storing messages that fail timely delivery.
What is Windows workflow foundation?
Windows Workflow Foundation (WF): It is a platform for building, managing and executing workflow-enabled applications, for designing and implementing a programming model for controlling and communicating with workflows, a workflow execution engine and more.
Explain the types of Workflow in Windows Workflow Foundation.
There are 3 types of workflows in WWF:
Sequential Workflow: The sequential workflow style executes a set of contained activities in order, one by one and does not provide an option to go back to any step.
State Machine Workflow: It represents the workflow in the form of a state machine containing set of states, each of them receiving events. These events lead to transition from one state to another one.
Rules-driven Workflow: It is based on Sequential/StateMachine workflow.
What are XOML files?
XOML is an acronym for Extensible Object Markup Language. XOML files are the markup files. They are used to declare the workflow and are then compiled with the file containing the implementation logic. XOML file is used separately to ensure code-separation workflow authoring
How to make an application offline in ASP.NET 2.0 - June 04, 2009 at 15:00 PM by Shuchi Gauri
Ways to take an asp.net application offline:
§ Stop IIS server.
§ Redirect your website to an ErrorPage.htm file which displays appropriate information/feedback to users requesting the website.
§ In the web.config look for and set it to false. This will return a default ASP.Net 4040 status page to the requesting end users.
<httpRuntime enable="false" />
§ Add to App_Offline.htm page to the root of the website. To bring the application back up, simply delete this file.
What are script injection attacks?
Script injection attacks called Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting client-side script code.
This code executes on the user’s browser after the browser downloads the script code from a trusted site and then the browser has no way of determining the legitimacy code.
ASP.NET - What are script injection attacks? - June 04, 2009 at 15:00 PM by Shuchi Gauri
Script injection attacks occur when an end user tries to fill in malicious code in the form or input fields of a form to access database or change it or destroy it. The malicious code tries to fool the application, that it was just another end user. The technique involves submitting contents wrapped in <script>, <object>, <applet>, <embed>, <frame>, <link> etc tags.
Request validation and validating the input provided by the end user are a solution to such attacks. One can use the following in the web.config for validating requests for all pages in the application.
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<pages validateRequest="false"/>
</system.web>
</configuration>
What is Authentication in ASP.NET?
Authentication is the process of verifying user’s details and find if the user is a valid user to the system or not. This process of authentication is needed to provide authority to the user. ASP.NET implements authentication through authentication providers. Each provider has OnAuthenticate event. It allows building a custom authorization scheme.
What is Authorization in ASP.NET?
Authorization is a process that takes place based on the authentication of the user. Once authenticated, based on user’s credentials, it is determined what rights des a user have. In ASP.NET, there are two ways to authorize access to a given resource:
a. File authorization
b. URL authorization
Define access modifiers.
Access modifiers are used to control the scope of type members.
There arefive access modifiers that p rovide varying levels of access.
Public (public), Friend (internal), Private (private), Protected (protected), and Protected Friend (protected internal).
Write difference between overloading and overriding.
Overriding - Methods have the same signature as the parent class method.
Overloading - Methods have different parameters list or type or the return type.
Explain different IIS isolation levels in ASP.NET- Low (IIS process A), Medium (Pooled), High (Isolated)
Low (IIS Process):
This is the fastest and the default IIS4 setting. ASP pages run in INetInfo.exe and so they are executed in-process. If ASP crashes, IIS too does and must be restarted.
Medium (Pooled):
This IIS setting is more reliable. In this if ASP crashes, IIS does not. In this, the ASP applications share the same process, so a web site can run with just IIS and ASP process. IIS5 supports this setting and is the default setting.
High (Isolated):
This setting runs in MTS.EXE in IIS4 and in DLLHOST.EXE in IIS5. If one ASP application crashes, IIS or other ASP applications don’t crash. Each ASP application runs out-process in its own space.
What is Shared (static) member?
It belongs to the type but not to any instance of a type.
It can be accessed without creating an instance of the type.
It can be accessed using the type name instead of the instance name.
It can't refer to any instance data.
Advantages and disadvantages of using multithreading
Advantages:
Simultaneous access to multiple applications
Reduced number of required servers
Improved performance and concurrency
Simplified coding of remote procedure calls and conversations
Disadvantages:
Code writing, debugging, managing concurrency, testing, porting existing code is difficult in multithreading and multicontexting.
Programmers need to remove static variables and replace any code that is not thread-safe to introduce threading into a previously non threaded application.
Define Unit testing, Integration testing, Regression testing.
Unit testing ensures that each piece of code works correctly.
Integration testing ensures each module work together without errors.
Regression test ensures new code did not break previously working code.
0 comments:
Post a Comment