Jack is Here

asp.net Home .NET Framework Software Programming MS Windows Database Related Website-asp.net Others Office Development WCF Topic Testing Topic

Scenarios and Goals of the Security Application Block

10/18/2009
The Security Application Block is designed to address the most common tasks developers face when they are writing applications that require security functionality. These tasks have been arranged according to scenarios. Each scenario gives an example of a real-world situation, such as authenticating a user; discusses the security functions the situation requires; and shows the code that accomplishes the task. The goal of arranging these tasks according to scenarios is to give the code some context. Instead of showing an isolated group of methods, with no sense of where they can best be used, scenarios provide a setting for the code, putting it in situations familiar to many developers whose applications must use security features. The scenarios are the following:
  • Obtaining a temporary token for an authenticated user
  • Authenticating a user using a token
  • Ending a user session (expire a token)
  • Determining if a user is authorized to perform a task
  For more information about each of these scenarios, see Key Scenarios When to Use the Security Application Block The Security Application Block includes implementations of the following functions:
  • Authorization
  • Security-related caching and session management
  If your applications require the provided implementations, you can use the application block to provide this functionality. However, the application block is also designed to be extensible and includes generic providers for each function. You can adapt the providers to meet your own security requirements.
Note:
If you use the Security Application Block to cache security-related information, the default caching store provider for the security cache is the Caching Application Block. Although the Caching Application Block can be configured to encrypt cache data in backing stores, the application block does not support encryption of cache data stored in memory. If an attacker compromises the computer and accesses the memory of your process, he or she can access information stored in the cache. If this threat is significant for your application, you should avoid storing sensitive information such as credit card numbers or passwords in the cache or use an alternate caching store provider that supports in-memory encryption.
Posted in: .NET Framework MS Windows Software Programming| Tags: Best Practice .NET asp.net Enterprise Library Application Validation Application Block C# Benefit

.NET Windows Forms Interview Questions and Answers

07/11/2009
  1. Write a simple Windows Forms MessageBox statement.
    System.Windows.Forms.MessageBox.Show
    ("Hello, Windows Forms");
  2. Can you write a class without specifying namespace? Which namespace does it belong to by default??
    Yes, you can, then the class belongs to global namespace which has no name. For commercial products, naturally, you wouldn’t want global namespace.
  3. You are designing a GUI application with a window and several widgets on it. The user then resizes the app window and sees a lot of grey space, while the widgets stay in place. What’s the problem? One should use anchoring for correct resizing. Otherwise the default property of a widget on a form is top-left, so it stays at the same location when resized.
  4. How can you save the desired properties of Windows Forms application? .config files in .NET are supported through the API to allow storing and retrieving information. They are nothing more than simple XML files, sort of like what .ini files were before for Win32 apps.
  5. So how do you retrieve the customized properties of a .NET application from XML .config file? Initialize an instance of AppSettingsReader class. Call the GetValue method of AppSettingsReader class, passing in the name of the property and the type expected. Assign the result to the appropriate variable.
  6. Can you automate this process? In Visual Studio yes, use Dynamic Properties for automatic .config creation, storage and retrieval.
  7. My progress bar freezes up and dialog window shows blank, when an intensive background process takes over. Yes, you should’ve multi-threaded your GUI, with taskbar and main form being one thread, and the background process being the other.
  8. What’s the safest way to deploy a Windows Forms app? Web deployment: the user always downloads the latest version of the code; the program runs within security sandbox, properly written app will not require additional security privileges.
  9. Why is it not a good idea to insert code into InitializeComponent method when working with Visual Studio? The designer will likely throw it away; most of the code inside InitializeComponent is auto-generated.
  10. What’s the difference between WindowsDefaultLocation and WindowsDefaultBounds? WindowsDefaultLocation tells the form to start up at a location selected by OS, but with internally specified size. WindowsDefaultBounds delegates both size and starting position choices to the OS.
  11. What’s the difference between Move and LocationChanged? Resize and SizeChanged? Both methods do the same, Move and Resize are the names adopted from VB to ease migration to C#.
  12. How would you create a non-rectangular window, let’s say an ellipse? Create a rectangular form, set the TransparencyKey property to the same value as BackColor, which will effectively make the background of the form transparent. Then set the FormBorderStyle to FormBorderStyle.None, which will remove the contour and contents of the form.
  13. How do you create a separator in the Menu Designer? A hyphen ‘-’ would do it. Also, an ampersand ‘&\’ would underline the next letter.
  14. How’s anchoring different from docking? Anchoring treats the component as having the absolute size and adjusts its location relative to the parent form. Docking treats the component location as absolute and disregards the component size. So if a status bar must always be at the bottom no matter what, use docking. If a button should be on the top right, but change its position with the form being resized, use anchoring.
Posted in: .NET Framework| Tags: .NET Questions Answers Windows Form WinForm MessageBox ProgressBar TextBox

.NET Remoting Interview Questions and Answers

07/11/2009
  1. What’s a Windows process? It’s an application that’s running and had been allocated memory.
  2. What’s typical about a Windows process in regards to memory allocation? Each process is allocated its own block of available RAM space, no process can access another process’ code or data. If the process crashes, it dies alone without taking the entire OS or a bunch of other applications down.
  3. Why do you call it a process? What’s different between process and application in .NET, not common computer usage, terminology? A process is an instance of a running application. An application is an executable on the hard drive or network. There can be numerous processes launched of the same application (5 copies of Word running), but 1 process can run just 1 application.
  4. What distributed process frameworks outside .NET do you know? Distributed Computing Environment/Remote Procedure Calls (DEC/RPC), Microsoft Distributed Component Object Model (DCOM), Common Object Request Broker Architecture (CORBA), and Java Remote Method Invocation (RMI).
  5. What are possible implementations of distributed applications in .NET? .NET Remoting and ASP.NET Web Services. If we talk about the Framework Class Library, noteworthy classes are in System.Runtime.Remoting and System.Web.Services.
  6. When would you use .NET Remoting and when Web services? Use remoting for more efficient exchange of information when you control both ends of the application. Use Web services for open-protocol-based information exchange when you are just a client or a server with the other end belonging to someone else.
  7. What’s a proxy of the server object in .NET Remoting? It’s a fake copy of the server object that resides on the client side and behaves as if it was the server. It handles the communication between real server object and the client object. This process is also known as marshaling.
  8. What are remotable objects in .NET Remoting? Remotable objects are the objects that can be marshaled across the application domains. You can marshal by value, where a deep copy of the object is created and then passed to the receiver. You can also marshal by reference, where just a reference to an existing object is passed.
  9. What are channels in .NET Remoting? Channels represent the objects that transfer the other serialized objects from one application domain to another and from one computer to another, as well as one process to another on the same box. A channel must exist before an object can be transferred.
  10. What security measures exist for .NET Remoting in System.Runtime.Remoting? None. Security should be taken care of at the application level. Cryptography and other security techniques can be applied at application or server level.
  11. What is a formatter? A formatter is an object that is responsible for encoding and serializing data into messages on one end, and deserializing and decoding messages into data on the other end.
  12. Choosing between HTTP and TCP for protocols and Binary and SOAP for formatters, what are the trade-offs? Binary over TCP is the most effiecient, SOAP over HTTP is the most interoperable.
  13. What’s SingleCall activation mode used for? If the server object is instantiated for responding to just one single request, the request should be made in SingleCall mode.
  14. What’s Singleton activation mode? A single object is instantiated regardless of the number of clients accessing it. Lifetime of this object is determined by lifetime lease.
  15. How do you define the lease of the object? By implementing ILease interface when writing the class code.
  16. Can you configure a .NET Remoting object via XML file? Yes, via machine.config and application level .config file (or web.config in ASP.NET). Application-level XML settings take precedence over machine.config.
  17. How can you automatically generate interface for the remotable object in .NET with Microsoft tools? Use the Soapsuds tool.
Posted in: .NET Framework| Tags: .NET C# Interview Questions and Answers .NET Remoting Windows Process Remote

asp.net Interview Questions and Answers

07/11/2009

1. Describe the role of inetinfo.exe, aspnet_isapi.dll andaspnet_wp.exe in the page loading process. inetinfo.exe is theMicrosoft IIS server running, handling ASP.NET requests among other things.When an ASP.NET request is received (usually a file with .aspx extension),the ISAPI filter aspnet_isapi.dll takes care of it by passing the request tothe actual worker process aspnet_wp.exe.

2. What’s the difference between Response.Write() andResponse.Output.Write()? The latter one allows you to write formattedoutput.

3. What methods are fired during the page load? Init() - when the pageis instantiated, Load() - when the page is loaded into server memory,PreRender() - the brief moment before the page is displayed to the user asHTML, Unload() - when page finishes loading.

4. Where does the Web page belong in the .NET Framework class hierarchy?System.Web.UI.Page

5. Where do you store the information about the user’s locale? System.Web.UI.Page.Culture

6. What’s the difference between Codebehind="MyCode.aspx.cs" andSrc="MyCode.aspx.cs"? CodeBehind is relevant to Visual Studio.NET only.

7. What’s a bubbled event? When you have a complex control, like DataGrid, writing an event processing routine for each object (cell, button, row, etc.) is quite tedious. The controls can bubble up their eventhandlers, allowing the main DataGrid event handler to take care of its constituents.

8. Suppose you want a certain ASP.NET function executed on MouseOver overa certain button. Where do you add an event handler? It’s the Attributesproperty, the Add function inside that property. So btnSubmit.Attributes.Add("onMouseOver","someClientCode();")

9. What data type does the RangeValidator control support? Integer,String and Date.

10. Explain the differences between Server-side and Client-side code? Server-side code runs on the server. Client-side code runs in the clients’ browser.

11. What type of code (server or client) is found in a Code-Behind class? Server-side code.

12. Should validation (did the user enter a real date) occur server-side or client-side? Why? Client-side. This reduces an additional request to the server to validate the users input.

13. What does the "EnableViewState" property do? Why would I want it on or off? It enables the viewstate on the page. It allows the page to save the users input on a form.

14. What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other? Server.Transfer is used to post a form to another page. Response.Redirect is used to redirect the user to another page or site.

15. Can you explain the difference between an ADO.NET Dataset and an ADO Recordset?

· A DataSet can represent an entire relational database in memory, complete with tables, relations, and views.

· A DataSet is designed to work without any continuing connection to the original data source.

· Data in a DataSet is bulk-loaded, rather than being loaded on demand.

· There's no concept of cursor types in a DataSet.

· DataSets have no current record pointer You can use For Each loops to move through the data.

· You can store many edits in a DataSet, and write them to the original data source in a single operation.

· Though the DataSet is universal, other objects in ADO.NET come in different versions for different data sources.

16. Can you give an example of what might be best suited to place in the Application_Start and Session_Start subroutines? This is where you can set the specific variables for the Application and Session objects.

17. If I’m developing an application that must accommodate multiple security levels though secure login and my ASP.NET web application is spanned across three web-servers (using round-robin load balancing) what would be the best approach to maintain login-in state for the users? Maintain the login state security through a database.

18. Can you explain what inheritance is and an example of when you might use it? When you want to inherit (use the functionality of) another class. Base Class Employee. A Manager class could be derived from the Employee base class.

19. Whats an assembly? Assemblies are the building blocks of the .NET framework. Overview of assemblies from MSDN

20. Describe the difference between inline and code behind. Inline code written along side the html in a page. Code-behind is code written in a separate file and referenced by the .aspx page.

21. Explain what a diffgram is, and a good use for one? The DiffGram is one of the two XML formats that you can use to render DataSet object contents to XML. For reading database data to an XML file to be sent to a Web Service.

22. Whats MSIL, and why should my developers need an appreciation of it if at all? MSIL is the Microsoft Intermediate Language. All .NET compatible languages will get converted to MSIL.

23. Which method do you invoke on the DataAdapter control to load your generated dataset with data? The .Fill() method

24. Can you edit data in the Repeater control? No, it just reads the information from its data source

25. Which template must you provide, in order to display data in a Repeater control? ItemTemplate

26. How can you provide an alternating color scheme in a Repeater control? Use the AlternatingItemTemplate

27. What property must you set, and what method must you call in your code, in order to bind the data from some data source to the Repeater control? You must set the DataSource property and call the DataBind method.

28. What base class do all Web Forms inherit from? The Page class.

29. Name two properties common in every validation control? ControlToValidate property and Text property.

30. What tags do you need to add within the asp:datagrid tags to bind columns manually? Set AutoGenerateColumns Property to false on the datagrid tag

31. What tag do you use to add a hyperlink column to the DataGrid? <asp:HyperLinkColumn>

32. What is the transport protocol you use to call a Web service? SOAP is the preferred protocol.

33. True or False: A Web service can only be written in .NET? False

34. What does WSDL stand for? (Web Services Description Language)

35. Which property on a Combo Box do you set with a column name, prior to setting the DataSource, to display data in the combo box? DataTextField property

36. Which control would you use if you needed to make sure the values in two different controls matched? CompareValidator Control

37. True or False: To test a Web service you must create a windows application or Web application to consume this service? False, the webservice comes with a test page and it provides HTTP-GET method to test.

38. How many classes can a single .NET DLL contain? It can contain many classes.

Posted in: .NET Framework| Tags: .NET asp.net ado.net C# Interview Interview Questions and Answers Server-Side code-Behind Application_Start Session_Start
Previous

Hot Posts

Latest posts

Tags

Others

Sponsors


© 2009 Jack is Here | Contact: jack.niu[at]live.com