Scenarios and Goals of the Security Application Block

The Security Application Block is designed to address the most common tasks developers face when they are writing applications that require security functionality. These tasks have been arranged according to scenarios. Each scenario gives an example of a real-world situation, such as authenticating a user; discusses the security functions the situation requires; and shows the code that accomplishes the task. The goal of arranging these tasks according to scenarios is to give the code some context. Instead of showing an isolated group of methods, with no sense of where they can best be used, scenarios provide a setting for the code, putting it in situations familiar to many developers whose applications must use security features. The scenarios are the following:

• Obtaining a temporary token for an authenticated user
• Authenticating a user using a token
• Ending a user session (expire a token)
• Determining if a user is authorized to perform a task

  For more information about each of these scenarios, see Key Scenarios When to Use the Security Application Block The Security Application Block includes implementations of the following functions:

• Authorization
• Security-related caching and session management

  If your applications require the provided implementations, you can use the application block to provide this functionality. However, the application block is also designed to be extensible and includes generic providers for each function. You can adapt the providers to meet your own security requirements. Posted in: .NET Framework MS Windows Software Programming| Tags: Best Practice .NET asp.net Enterprise Library Application Validation Application Block C# Benefit

---

asp.net Interview Questions and Answers

1. Describe the role of inetinfo.exe, aspnet_isapi.dll andaspnet_wp.exe in the page loading process. inetinfo.exe is theMicrosoft IIS server running, handling ASP.NET requests among other things.When an ASP.NET request is received (usually a file with .aspx extension),the ISAPI filter aspnet_isapi.dll takes care of it by passing the request tothe actual worker process aspnet_wp.exe.

2. What’s the difference between Response.Write() andResponse.Output.Write()? The latter one allows you to write formattedoutput.

3. What methods are fired during the page load? Init() - when the pageis instantiated, Load() - when the page is loaded into server memory,PreRender() - the brief moment before the page is displayed to the user asHTML, Unload() - when page finishes loading.

4. Where does the Web page belong in the .NET Framework class hierarchy?System.Web.UI.Page

5. Where do you store the information about the user’s locale? System.Web.UI.Page.Culture

6. What’s the difference between Codebehind="MyCode.aspx.cs" andSrc="MyCode.aspx.cs"? CodeBehind is relevant to Visual Studio.NET only.

7. What’s a bubbled event? When you have a complex control, like DataGrid, writing an event processing routine for each object (cell, button, row, etc.) is quite tedious. The controls can bubble up their eventhandlers, allowing the main DataGrid event handler to take care of its constituents.

8. Suppose you want a certain ASP.NET function executed on MouseOver overa certain button. Where do you add an event handler? It’s the Attributesproperty, the Add function inside that property. So btnSubmit.Attributes.Add("onMouseOver","someClientCode();")

9. What data type does the RangeValidator control support? Integer,String and Date.

10. Explain the differences between Server-side and Client-side code? Server-side code runs on the server. Client-side code runs in the clients’ browser.

11. What type of code (server or client) is found in a Code-Behind class? Server-side code.

12. Should validation (did the user enter a real date) occur server-side or client-side? Why? Client-side. This reduces an additional request to the server to validate the users input.

13. What does the "EnableViewState" property do? Why would I want it on or off? It enables the viewstate on the page. It allows the page to save the users input on a form.

14. What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other? Server.Transfer is used to post a form to another page. Response.Redirect is used to redirect the user to another page or site.

15. Can you explain the difference between an ADO.NET Dataset and an ADO Recordset?

· A DataSet can represent an entire relational database in memory, complete with tables, relations, and views.

· A DataSet is designed to work without any continuing connection to the original data source.

· Data in a DataSet is bulk-loaded, rather than being loaded on demand.

· There's no concept of cursor types in a DataSet.

· DataSets have no current record pointer You can use For Each loops to move through the data.

· You can store many edits in a DataSet, and write them to the original data source in a single operation.

· Though the DataSet is universal, other objects in ADO.NET come in different versions for different data sources.

16. Can you give an example of what might be best suited to place in the Application_Start and Session_Start subroutines? This is where you can set the specific variables for the Application and Session objects.

17. If I’m developing an application that must accommodate multiple security levels though secure login and my ASP.NET web application is spanned across three web-servers (using round-robin load balancing) what would be the best approach to maintain login-in state for the users? Maintain the login state security through a database.

18. Can you explain what inheritance is and an example of when you might use it? When you want to inherit (use the functionality of) another class. Base Class Employee. A Manager class could be derived from the Employee base class.

19. Whats an assembly? Assemblies are the building blocks of the .NET framework. Overview of assemblies from MSDN

20. Describe the difference between inline and code behind. Inline code written along side the html in a page. Code-behind is code written in a separate file and referenced by the .aspx page.

21. Explain what a diffgram is, and a good use for one? The DiffGram is one of the two XML formats that you can use to render DataSet object contents to XML. For reading database data to an XML file to be sent to a Web Service.

22. Whats MSIL, and why should my developers need an appreciation of it if at all? MSIL is the Microsoft Intermediate Language. All .NET compatible languages will get converted to MSIL.

23. Which method do you invoke on the DataAdapter control to load your generated dataset with data? The .Fill() method

24. Can you edit data in the Repeater control? No, it just reads the information from its data source

25. Which template must you provide, in order to display data in a Repeater control? ItemTemplate

26. How can you provide an alternating color scheme in a Repeater control? Use the AlternatingItemTemplate

27. What property must you set, and what method must you call in your code, in order to bind the data from some data source to the Repeater control? You must set the DataSource property and call the DataBind method.

28. What base class do all Web Forms inherit from? The Page class.

29. Name two properties common in every validation control? ControlToValidate property and Text property.

30. What tags do you need to add within the asp:datagrid tags to bind columns manually? Set AutoGenerateColumns Property to false on the datagrid tag

31. What tag do you use to add a hyperlink column to the DataGrid? <asp:HyperLinkColumn>

32. What is the transport protocol you use to call a Web service? SOAP is the preferred protocol.

33. True or False: A Web service can only be written in .NET? False

34. What does WSDL stand for? (Web Services Description Language)

35. Which property on a Combo Box do you set with a column name, prior to setting the DataSource, to display data in the combo box? DataTextField property

36. Which control would you use if you needed to make sure the values in two different controls matched? CompareValidator Control

37. True or False: To test a Web service you must create a windows application or Web application to consume this service? False, the webservice comes with a test page and it provides HTTP-GET method to test.

38. How many classes can a single .NET DLL contain? It can contain many classes.

Posted in: .NET Framework| Tags: .NET asp.net ado.net C# Interview Interview Questions and Answers Server-Side code-Behind Application_Start Session_Start

---

Interview Questions and Answers, C# Part 1

1. What’s the implicit name of the parameter that gets passed into the class’ set method? Value, and its datatype depends on whatever variable we’re changing.
2. How do you inherit from a class in C#? Place a colon and then the name of the base class. Notice that it’s double colon in C++.
3. Does C# support multiple inheritance? No, use interfaces instead.
4. When you inherit a protected class-level variable, who is it available to? Classes in the same namespace.
5. Are private class-level variables inherited? Yes, but they are not accessible, so looking at it you can honestly say that they are not inherited. But they are.
6. Describe the accessibility modifier protected internal. It’s available to derived classes and classes within the same Assembly (and naturally from the base class it’s declared in).
7. C# provides a default constructor for me. I write a constructor that takes a string as a parameter, but want to keep the no parameter one. How many constructors should I write? Two. Once you write at least one constructor, C# cancels the freebie constructor, and now you have to write one yourself, even if there’s no implementation in it.
8. What’s the top .NET class that everything is derived from? System.Object.
9. How’s method overriding different from overloading? When overriding, you change the method behavior for a derived class. Overloading simply involves having a method with the same name within the class.
10. What does the keyword virtual mean in the method definition? The method can be over-ridden.
11. Can you declare the override method static while the original method is non-static? No, you can’t, the signature of the virtual method must remain the same, only the keyword virtual is changed to keyword override.
12. Can you override private virtual methods? No, moreover, you cannot access private methods in inherited classes, have to be protected in the base class to allow any sort of access.
13. Can you prevent your class from being inherited and becoming a base class for some other classes? Yes, that’s what keyword sealed in the class definition is for. The developer trying to derive from your class will get a message: cannot inherit from Sealed class WhateverBaseClassName. It’s the same concept as final class in Java.
14. Can you allow class to be inherited, but prevent the method from being over-ridden? Yes, just leave the class public and make the method sealed.
15. What’s an abstract class? A class that cannot be instantiated. A concept in C++ known as pure virtual method. A class that must be inherited and have the methods over-ridden. Essentially, it’s a blueprint for a class without any implementation.
16. When do you absolutely have to declare a class as abstract (as opposed to free-willed educated choice or decision based on UML diagram)? When at least one of the methods in the class is abstract. When the class itself is inherited from an abstract class, but not all base abstract methods have been over-ridden.
17. What’s an interface class? It’s an abstract class with public abstract methods all of which must be implemented in the inherited classes.
18. Why can’t you specify the accessibility modifier for methods inside the interface? They all must be public. Therefore, to prevent you from getting the false impression that you have any freedom of choice, you are not allowed to specify any accessibility, it’s public by default.
19. Can you inherit multiple interfaces? Yes, why not.
20. And if they have conflicting method names? It’s up to you to implement the method inside your own class, so implementation is left entirely up to you. This might cause a problem on a higher-level scale if similarly named methods from different interfaces expect different data, but as far as compiler cares you’re okay.
21. What’s the difference between an interface and abstract class? In the interface all methods must be abstract; in the abstract class some methods can be concrete. In the interface no accessibility modifiers are allowed, which is ok in abstract classes.
22. How can you overload a method? Different parameter data types, different number of parameters, different order of parameters.
23. If a base class has a bunch of overloaded constructors, and an inherited class has another bunch of overloaded constructors, can you enforce a call from an inherited constructor to an arbitrary base constructor? Yes, just place a colon, and then keyword base (parameter list to invoke the appropriate constructor) in the overloaded constructor definition inside the inherited class.
24. What’s the difference between System.String and System.StringBuilder classes? System.String is immutable; System.StringBuilder was designed with the purpose of having a mutable string where a variety of operations can be performed.
25. What’s the advantage of using System.Text.StringBuilder over System.String? StringBuilder is more efficient in the cases, where a lot of manipulation is done to the text. Strings are immutable, so each time it’s being operated on, a new instance is created.
26. Can you store multiple data types in System.Array? No.
27. What’s the difference between the System.Array.CopyTo() and System.Array.Clone()? The first one performs a deep copy of the array, the second one is shallow.
28. How can you sort the elements of the array in descending order? By calling Sort() and then Reverse() methods.
29. What’s the .NET datatype that allows the retrieval of data by a unique key? HashTable.
30. What’s class SortedList underneath? A sorted HashTable.

Posted in: .NET Framework| Tags: .NET asp.net C# Interview Questions Answers C# Interview

---

Using Dynamic Languages with ASP.NET

This walkthrough provides you with an introduction to dynamic languages for ASP.NET. It guides you through creating a simple page in Microsoft Visual Studio, adding controls, and adding event handlers using dynamic languages.

Tasks illustrated in this walkthrough include:

• Adding controls to the default page.
• Adding event handlers in a separate code file, using dynamic languages.
• Adding a second page with event-handling code in the page.

Prerequisites

In order to complete this walkthrough, you will need:

• Microsoft Visual Studio 2008 or Visual Web Developer 2008 Express Edition.
• A copy of the website included in the ASP.NET Dynamic Language Support download. There is currently no project template, so it is necessary to copy the website in order to start with a blank ASP.NET Dynamic Language website.

This walkthrough assumes that you have a general understanding of working in Visual Web Developer. For an introduction, see Walkthrough: Creating a Basic Page in Visual Web Developer.

Creating a Web Site

In this part of the walkthrough, you will create a Web site with a dynamic language as the default language.

To create a Web site with a default ASP.NET Web page

1. Copy the files from the ASP.NET Dynamic Language Support project into an empty directory.
2. In Visual Studio (or Visual Web Developer), in the File menu, click Open Web Site. The Open Web Site dialog box is displayed.
3. Select the directory in which you copied the files in step 1. Make sure that FileSystem is selected in the left panel of the dialog.

   Note: You can use statically compiled languages in the same Web application by creating pages and components in different programming languages.

4. Click Open. Visual Studio opens the folder as a website and displays the files in the Solution Explorer.

Adding Controls to the Default Page

In this part of the walkthrough, you will add server controls to the page.

To add controls to the page

1. Switch to Design view.
2. In the Toolbox, from the Standard group, drag three controls onto the page: a TextBox control, a Button control, and a Label control.
3. Put the insertion point above the TextBox control, and then type Enter your name: to create a caption for the text box.

Programming the Button Control

For this walkthrough, you will write code that reads the name that the user enters into the text box and then displays the name in the Label control.

To add a button event handler

1. Right-click the page and click View Code to show the separate code file. For example, if you are using IronPython, the file is Default.aspx.py.

   The file contains a stub event handler for the Load event of the page.

   Note: In IronPython, pass is a placeholder that does nothing.

2. Replace the stub event handler with the following code to set the label text when the page is initialized:

   IronPython

   		
   def Page_Load(sender, e):
   if not IsPostBack:
   Label1.Text = "...Your name here..."

3. Add the following code to create an event handler for the button's Click event:

   IronPython

   		
   def Button1_Click(sender, e):
   Label1.Text = Textbox1.Text

   In this release, event handlers must be coded and bound manually. You cannot create them by double-clicking a control in Design view or by selecting an event in the Properties window.

   Because dynamic languages do not have typed parameters and variables, you do not need to know the type of the event argument object.

   Note: In this release, IntelliSense support for dynamically typed variables is limited. You can press CTRL+SPACE to get a list of code elements that are currently in scope.

4. Switch to Default.aspx and go to Source view, and then bind the event handler by adding an OnClick attribute to the Button control markup, as shown in the following example:

   <form id="form1" runat="server">
   <div>
   Enter your name:<br />
   <asp:TextBox ID="TextBox1" runat="server">
   </asp:TextBox>
   <asp:Button ID="Button1" runat="server" Text="Button"
   OnClick="Button1_Click"/><br />
   <br />
   <asp:Label ID="Label1" runat="server" Text="Label">
   </asp:Label>
   <br />
   </div>
   </form>

5. Press CTRL+F5 to run the page in the browser using the ASP.NET Development Server.
6. Enter a name into the text box and click the button. The name you entered is displayed in the Label control. If the name does not appear, check the spelling of the event handler in the OnClick attribute.
7. In the browser, optionally view the source of the page you are running.
8. Close the browser.

Programming the Button Control

For this walkthrough, you will add dynamic language code in a script block.

To add a default button event handler

1. Switch to Source view.
2. Add the following code to initialize the label and to create an event handler for the button's Click event.

   IronPython

   		
   <script runat="server">
   def Page_Load(sender, e):
   if not IsPostBack:
   Label1.Text = "...Your name here..."
   
   def Button1_Click(sender, e):
   Label1.Text = Textbox1.Text
   </script>

3. In the Button control, bind the event handler by adding the OnClick attribute, as you did previously in this walkthrough. The following example shows the markup.

   <asp:Button ID="Button1" runat="server" Text="Button"
   OnClick="Button1_Click"/><br />

4. Press CTRL+F5 to run the page in the browser using the ASP.NET Development Server.

Posted in: .NET Framework| Tags: asp.net Dynamic Data Control IronPython Website Dynamic Language Support Page

---