ASP .Net Interview Question Answers - 5

ASP .Net Interview Question Answers - 5

• Name the validation control available in asp.net?.
RequiredField, RangeValidator,RegularExpression,Custom validator,compare Validator

• What are the various ways of securing a web site that could prevent from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,

• What is the difference between in-proc and out-of-proc?
An inproc is one which runs in the same process area as that of the client giving tha advantage of speed but the disadvantage of stability becoz if it crashes it takes the client application also with it.Outproc is one which works outside the clients memory thus giving stability to the client, but we have to compromise a bit on speed.

• When you’re running a component within ASP.NET, what process is it running within on Windows XP? Windows 2000? Windows 2003?
On Windows 2003 (IIS 6.0) running in native mode, the component is running within the w3wp.exe process associated with the application pool which has been configured for the web application containing the component.
On Windows 2003 in IIS 5.0 emulation mode, 2000, or XP, it's running within the IIS helper process whose name I do not remember, it being quite a while since I last used IIS 5.0.

• What does aspnet_regiis -i do ?
Aspnet_regiis.exe is The ASP.NET IIS Registration tool allows an administrator or installation program to easily update the script maps for an ASP.NET application to point to the ASP.NET ISAPI version associated with the tool. The tool can also be used to display the status of all installed versions of ASP. NET, register the ASP.NET version coupled with the tool, create client-script directories, and perform other configuration operations.

When multiple versions of the .NET Framework are executing side-by-side on a single computer, the ASP.NET ISAPI version mapped to an ASP.NET application determines which version of the common language runtime is used for the application.

The tool can be launched with a set of optional parameters. Option "i" Installs the version of ASP.NET associated with Aspnet_regiis.exe and updates the script maps at the IIS metabase root and below. Note that only applications that are currently mapped to an earlier version of ASP.NET are affected

• What is a PostBack?
The process in which a Web page sends data back to the same page on the server.

• What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?
ViewState is the mechanism ASP.NET uses to keep track of server control state values that don't otherwise post back as part of the HTTP form. ViewState Maintains the UI State of a Page
ViewState is base64-encoded.
It is not encrypted but it can be encrypted by setting EnableViewStatMAC="true" & setting the machineKey validation type to 3DES. If you want to NOT maintain the ViewState, include the directive <. %@ Page EnableViewState="false" % .> at the top of an .aspx page or add the attribute EnableViewState="false" to any control.

• What is the <. machinekey .> element and what two ASP.NET technologies is it used for?
Configures keys to use for encryption and decryption of forms authentication cookie data and view state data, and for verification of out-of-process session state identification.There fore 2 ASP.Net technique in which it is used are Encryption/Decryption & Verification
• What three Session State providers are available in ASP.NET 1.1? What are the pros and cons of each?
ASP.NET provides three distinct ways to store session data for your application: in-process session state, out-of-process session state as a Windows service, and out-of-process session state in a SQL Server database. Each has it advantages.
1.In-process session-state mode
Limitations:
* When using the in-process session-state mode, session-state data is lost if aspnet_wp.exe or the application domain restarts.
* If you enable Web garden mode in the <. processModel .> element of the application's Web.config file, do not use in-process session-state mode. Otherwise, random data loss can occur.
Advantage:
* in-process session state is by far the fastest solution. If you are storing only small amounts of volatile data in session state, it is recommended that you use the in-process provider.
2. The State Server simply stores session state in memory when in out-of-proc mode. In this mode the worker process talks directly to the State Server
3. SQL mode, session states are stored in a SQL Server database and the worker process talks directly to SQL. The ASP.NET worker processes are then able to take advantage of this simple storage service by serializing and saving (using .NET serialization services) all objects within a client's Session collection at the end of each Web request
Both these out-of-process solutions are useful primarily if you scale your application across multiple processors or multiple computers, or where data cannot be lost if a server or process is restarted.

• What is the difference between HTTP-Post and HTTP-Get?
As their names imply, both HTTP GET and HTTP POST use HTTP as their underlying protocol. Both of these methods encode request parameters as name/value pairs in the HTTP request
The GET method creates a query string and appends it to the script's URL on the server that handles the request.
The POST method creates a name/value pairs that are passed in the body of the HTTP request message.

• Name and describe some HTTP Status Codes and what they express to the requesting client.
When users try to access content on a server that is running Internet Information Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that indicates the status of the request. This status code is recorded in the IIS log, and it may also be displayed in the Web browser or FTP client. The status code can indicate whether a particular request is successful or unsuccessful and can also reveal the exact reason why a request is unsuccessful. There are 5 groups ranging from 1xx - 5xx of http status codes exists.
101 - Switching protocols.
200 - OK. The client request has succeeded
302 - Object moved.
400 - Bad request.
500.13 - Web server is too busy.

• Explain <. @OutputCache% .> and the usage of VaryByParam, VaryByHeader.
OutputCache is used to control the caching policies of an ASP.NET page or user control. To cache a page @OutputCache directive should be defined as follows <. %@ OutputCache Duration="100" VaryByParam="none" % .>
VaryByParam: A semicolon-separated list of strings used to vary the output cache. By default, these strings correspond to a query string value sent with GET method attributes, or a parameter sent using the POST method. When this attribute is set to multiple parameters, the output cache contains a different version of the requested document for each specified parameter. Possible values include none, *, and any valid query string or POST parameter name.
VaryByHeader: A semicolon-separated list of HTTP headers used to vary the output cache. When this attribute is set to multiple headers, the output cache contains a different version of the requested document for each specified header.

• What is the difference between repeater over datalist and datagrid?
The Repeater class is not derived from the WebControl class, like the DataGrid and DataList. Therefore, the Repeater lacks the stylistic properties common to both the DataGrid and DataList. What this boils down to is that if you want to format the data displayed in the Repeater, you must do so in the HTML markup.
The Repeater control provides the maximum amount of flexibility over the HTML produced. Whereas the DataGrid wraps the DataSource contents in an HTML <>, and the DataList wraps the contents in either an HTML <> or <> tags (depending on the DataList's RepeatLayout property), the Repeater adds absolutely no HTML content other than what you explicitly specify in the templates.
While using Repeater control, If we wanted to display the employee names in a bold font we'd have to alter the "ItemTemplate" to include an HTML bold tag, Whereas with the DataGrid or DataList, we could have made the text appear in a bold font by setting the control's ItemStyle-Font-Bold property to True.
The Repeater's lack of stylistic properties can drastically add to the development time metric. For example, imagine that you decide to use the Repeater to display data that needs to be bold, centered, and displayed in a particular font-face with a particular background color. While all this can be specified using a few HTML tags, these tags will quickly clutter the Repeater's templates. Such clutter makes it much harder to change the look at a later date. Along with its increased development time, the Repeater also lacks any built-in functionality to assist in supporting paging, editing, or editing of data. Due to this lack of feature-support, the Repeater scores poorly on the usability scale.
However, The Repeater's performance is slightly better than that of the DataList's, and is more noticeably better than that of the DataGrid's. Following figure shows the number of requests per second the Repeater could handle versus the DataGrid and DataList

• Can we handle the error and redirect to some pages using web.config?
Yes, we can do this, but to handle errors, we must know the error codes; only then we can take the user to a proper error message page, else it may confuse the user.
CustomErrors Configuration section in web.config file:
The default configuration is:
<. customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" .>
< statuscode="404" redirect="Notfound.aspx">
<. /customErrors .>
If mode is set to Off, custom error messages will be disabled. Users will receive detailed exception error messages.
If mode is set to On, custom error messages will be enabled.
If mode is set to RemoteOnly, then users will receive custom errors, but users accessing the site locally will receive detailed error messages.
Add an <. error .> tag for each error you want to handle. The error tag will redirect the user to the Notfound.aspx page when the site returns the 404 (Page not found) error.

[Example]
There is a page MainForm.aspx
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim str As System.Text.StringBuilder
str.Append("hi") ' Error Line as str is not instantiated
Response.Write(str.ToString)
End Sub
[Web.Config]
<. customErrors mode="On" defaultRedirect="Error.aspx"/ .>
' a simple redirect will take the user to Error.aspx [user defined] error file.
<. customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" .>
< statuscode="404" redirect="Notfound.aspx">
<. /customErrors .>
'This will take the user to NotFound.aspx defined in IIS.

• How do you implement Paging in .Net?
The DataGrid provides the means to display a group of records from the data source (for example, the first 10), and then navigate to the "page" containing the next 10 records, and so on through the data.
Using Ado.Net we can explicit control over the number of records returned from the data source, as well as how much data is to be cached locally in the DataSet.
1.Using DataAdapter.fill method give the value of 'Maxrecords' parameter
(Note: - Don't use it because query will return all records but fill the dataset based on value of 'maxrecords' parameter).
2.For SQL server database, combines a WHERE clause and a ORDER BY clause with TOP predicate.
3.If Data does not change often just cache records locally in DataSet and just take some records from the DataSet to display.

• What is the difference between Server.Transfer and Response.Redirect?
Server.Transfer() : client is shown as it is on the requesting page only, but the all the content is of the requested page. Data can be persist across the pages using Context.Item collection, which is one of the best way to transfer data from one page to another keeping the page state alive.
Response.Dedirect() :client knows the physical location (page name and query string as well). Context.Items loses the persistence when navigate to destination page. In earlier versions of IIS, if we wanted to send a user to a new Web page, the only option we had was Response.Redirect. While this method does accomplish our goal, it has several important drawbacks. The biggest problem is that this method causes each page to be treated as a separate transaction. Besides making it difficult to maintain your transactional integrity, Response.Redirect introduces some additional headaches. First, it prevents good encapsulation of code. Second, you lose access to all of the properties in the Request object. Sure, there are workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the client, which, on high-volume sites, causes scalability problems. As you might suspect, Server.Transfer fixes all of these problems. It does this by performing the transfer on the server without requiring a roundtrip to the client.
Response.Redirect sends a response to the client browser instructing it to request the second page. This requires a round-trip to the client, and the client initiates the Request for the second page. Server.Transfer transfers the process to the second page without making a round-trip to the client. It also transfers the HttpContext to the second page, enabling the second page access to all the values in the HttpContext of the first page.

• Can you create an app domain?
Yes, We can create user app domain by calling on of the following overload static methods of the System.AppDomain class
1. Public static AppDomain CreateDomain(String friendlyName)
2. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo)
3. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info)
4. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, String appBasePath, String appRelativeSearchPath, bool shadowCopyFiles)

• What are the various security methods which IIS Provides apart from .NET ?
The various security methods which IIS provides are
a) Authentication Modes
b) IP Address and Domain Name Restriction
c) DNS Lookups DNS Lookups
d) The Network ID and Subnet Mask
e) SSL

• What is Web Gardening? How would using it affect a design?
The Web Garden Model
The Web garden model is configurable through the section of the machine.config file. Notice that the section is the only configuration section that cannot be placed in an application-specific web.config file. This means that the Web garden mode applies to all applications running on the machine. However, by using the node in the machine.config source, you can adapt machine-wide settings on a per-application basis.
Two attributes in the section affect the Web garden model. They are webGarden and cpuMask. The webGarden attribute takes a Boolean value that indicates whether or not multiple worker processes (one per each affinitized CPU) have to be used. The attribute is set to false by default. The cpuMask attribute stores a DWORD value whose binary representation provides a bit mask for the CPUs that are eligible to run the ASP.NET worker process. The default value is -1 (0xFFFFFF), which means that all available CPUs can be used. The contents of the cpuMask attribute is ignored when the webGarden attribute is false. The cpuMask attribute also sets an upper bound to the number of copies of aspnet_wp.exe that are running.
Web gardening enables multiple worker processes to run at the same time. However, you should note that all processes will have their own copy of application state, in-process session state, ASP.NET cache, static data, and all that is needed to run applications. When the Web garden mode is enabled, the ASP.NET ISAPI launches as many worker processes as there are CPUs, each a full clone of the next (and each affinitized with the corresponding CPU). To balance the workload, incoming requests are partitioned among running processes in a round-robin manner. Worker processes get recycled as in the single processor case. Note that ASP.NET inherits any CPU usage restriction from the operating system and doesn't include any custom semantics for doing this.
All in all, the Web garden model is not necessarily a big win for all applications. The more stateful applications are, the more they risk to pay in terms of real performance. Working data is stored in blocks of shared memory so that any changes entered by a process are immediately visible to others. However, for the time it takes to service a request, working data is copied in the context of the process. Each worker process, therefore, will handle
its own copy of working data, and the more stateful the application, the higher the cost in performance. In this context, careful and savvy application benchmarking is an absolute must.
Changes made to the section of the configuration file are effective only after IIS is restarted. In IIS 6, Web gardening parameters are stored in the IIS metabase; the webGarden and cpuMask attributes are ignored.

• What is view state?.where it stored?.can we disable it?
The web is state-less protocol, so the page gets instantiated, executed, rendered and then disposed on every round trip to the server. The developers code to add "statefulness" to the page by using Server-side storage for the state or posting the page to itself. When require to persist and read the data in control on webform, developer had to read the values and store them in hidden variable (in the form), which were then used to restore the values. With advent of .NET framework, ASP.NET came up with ViewState mechanism, which tracks the data values of server controls on ASP.NET webform. In effect,ViewState can be viewed as "hidden variable managed by ASP.NET framework!". When ASP.NET page is executed, data values from all server controls on page are collected and encoded as single string, which then assigned to page's hidden atrribute "<. input type=hidden .>", that is part of page sent to the client.
ViewState value is temporarily saved in the client's browser.ViewState can be disabled for a single control, for an entire page orfor an entire web application. The syntax is:
Disable ViewState for control (Datagrid in this example)
<. asp:datagrid EnableViewState="false" ... / .>
Disable ViewState for a page, using Page directive
<. %@ Page EnableViewState="False" ... % .>
Disable ViewState for application through entry in web.config
<. Pages EnableViewState="false" ... / .>

Share this

Related Posts

There was an error in this gadget