What is AppSetting Section in “Web.Config” file?

Web.config file defines configuration for a web project.

AppSetting section is used to set the user defined values. For e.g.: The
ConnectionString which is used through out the project for database connection.

<configuration>
<appSettings>

<BR>

<addkey="ConnectionString"value="server=xyz; pwd=www; database=testing" />

</appSettings>

Difference between Server.Transfer and response.Redirect.

Following are the major differences between them:-

Server.Transfer

• The browser is directly redirected to another page

• There is no round trip
• A Server transfer is possible within a website
• Information can be preserved in Server transfer through a parameter called
preserve Form

Response.Redirect

• The browser is requested to redirect to some other page through a message.

• There is a round trip.
• Response redirect is possible within two websites too.
• A state can be maintained in Response redirect but has a lot of drawbacks

Server.Transfer

The Transfer method transfers from inside of one ASP page to another ASP page.
Transfer passes the context information to the called page.
The state information that has been created for an ASP page gets transferred to the
other ASP page which comprises of objects and variables within an Application or
Session scope, and all items in the Request collections.

Response.Redirect
The redirect message issues HTTP 304 to the browser and causes browser to go to
the specified page. There is round trip between client and server.
Redirect doesn’t pass context information to the called page.

Difference between authentication and authorization.

Authentication is the process of verifying the identity of a user.

Authorization is process of checking whether the user has access rights to the
system.

Authorization is the process of allowing an authenticated user access to resources.

Authentication always proceeds to Authorization.

What is impersonation in ASP.NET?

Impersonation is a technique to access application resources using the identity of

some other user.

By default, Impersonation is off

To enable impersonation:

<identity impersonate="true" userName="domain name\username"

password="password"/>

What is event bubbling in .NET?

The passing of the control from the child to the parent is called as bubbling.
Controls like DataGrid, Datalist, Repeater, etc can have child controls like Listbox,
etc inside them. An event generated is passed on to the parent as an ItemCommand.

Describe how the ASP.NET authentication process works.

ASP.NET runs inside the process of IIS due to which there are two authentication
layers which exist in the system.

First authentication happens at the IIS level and the second at ASP.NET level per
the WEB.CONFIG file.

Working:
At first, IIS ensures that the incoming request is from an authenticated IP address.
Otherwise the request is rejected.

By default IIS allows anonymous access due to which requests are automatically
authenticated.

However, if this is changed, IIS performs its own user authentication too.

ASP.net checks if impersonation is enabled if a request is passed to ASP.net by an

authenticated user. If it is enabled, ASP.net acts itself as an authenticated user else it
acts with its own configured account.

Finally the OS resources are requested by the identity obtained from previous step.
The user is granted the resources if the authentication is successful else the
resources are denied.

Resources can include ASP.net page, code access security features to extend
authorization step to disk files, registry keys, etc.

Explain the various authentication mechanisms in ASP.NET.

ASP.NET supports 3 authentication mechanisms:

a. Windows Authentication: This is used for an intranet based application. Used to

authenticate domain users within a network. By default windows authentication is
used.

b. Form Authentication: It’s a custom security based on roles and user accounts
created specifically for an application.

c. Passport Authentication: This is based on hotmail passport account.

Explain the ways of authentication techniques in ASP.NET?

Selection of an authentication provider is done through the entries in the web.config

file for an application.

The modes of authentication are:

<authentication mode=”windows”>
<authentication mode=”passport”>
<authentication mode=”forms”>

Custom authentication needs installation of ISAPI filter in IIS. It compares

incoming requests to a list of source IP addresses and a request is considered to be
authenticated if it comes from an acceptable address.
Windows authentication.

If windows authentication mode is selected for an ASP.NET application, then

authentication also needs to be configured within IIS since it is provided by IIS.

IIS provides a choice for four different authentication methods:

Anonymous: IIS doesn’t perform any authentication. All are allowed to access the
ASP.NET application.

Passport authentication

Passport authentication provides authentication using Microsoft’s passport service.

If passport authentication is configured and users login using passport then the
authentication duties are off-loaded to the passport servers.

Passport uses an encrypted cookie mechanism to indicate authenticated users. The

passport users are considered authenticated while the rest are redirected to the
passport servers to log in, after which they are redirected back to the site.

Passport Software Development Kit can be downloaded and installed http://

msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.

Basic: users must provide a windows username and password to connect. This
information is plain text which makes this mode insecure.

Digest: Users need to provide a password which is sent over the network. However
in this case the password is hashed. It also requires that all users be using IE 5 or
later versions.

Windows integrated: passwords are not sent over the network. The application uses
either the Kerberos or challenge/response protocols authenticate the user. Users
need to be running IE 3.01 or later.

Forms authentication

Using form authentication, ones own custom logic can be used for authentication.

ASP.NET checks for the presence of a special session cookie when a user requests a
page for the application. Authentication is assumed if the cookie is present else the
user is redirected to a web form

Explain how authorization works in ASP.NET.

ASP.NET impersonation is controlled by entries in the applications web.config file.

Though the default setting is no impersonation, it can be explicitly set using:

<identity impersonate=”false”/>

With ASP.NET won’t perform any authentication and would run with its own
privileges. The default is an unprivileged account named ASPNET. It can be
changed a setting in the processModel section of the machine.config file.

Disabling impersonation runs the entire request in the context of the account
running ASP.NET (ASPNET account or the system account).

The second possible setting is to turn on impersonation.

<identity impersonate =”true”/>

Here, ASP.NET takes on the identity IIS passes to it. If anonymous access is allowed
in IIS, then the IUSR_ComputerName account will be impersonated otherwise
ASP.NET will take the authenticated user credentials and make requests for
resources.

A particular identity can be specified to use all authenticated requests as:

<identity impersonate=”true” username=”DOMAIN\username”
password=”password”/>

With this, the requests are made as the specified user. The password is assumed to
be correct. The drawback is that you must embed the user’s password in the
web.config file in plain text which is a security risk.

What is Authorization in ASP.NET?

Usually after a user is authenticated by means of a login, the process of

authorization is followed where the decision is made whether a user should be
granted access to a specific resource.

There are 2 ways to authorize access to a given resource:

URL authorization:

URL authorization is performed by the UrlAuthorizationModule

It maps users and roles to URLs in ASP.NET applications.

File authorization:
File authorization is performed by the FileAuthorizationModule.
It checks the access control list of the .aspx or .asmx handler file to determine
whether a user should have access to the file.

Difference between Datagrid, Datalist and repeater

Similarities:

They are all ASP.NET data Web controls.

They have common properties like

DataSource Property
DataBind Method
ItemDataBound
ItemCreated

When the DataSource Property of a Datagrid is assigned to a

DataSet then each DataRow present in the DataRow Collection
of DataTable is assigned to a corresponding DataGridItem.

Difference:

Datagrid

The HTML code generated has an HTML TABLE element created

for the particular DataRow and is a tabular representation with
Columns and Rows. Datagrid has a in-built support for Sort,
Filter and paging the Data.

Datalist
an Array of Rows and based on the Template Selected and the
RepeatColumn Property value the number DataSource records
that appear per HTML

Repeater Control
The Datarecords to be displayed depend upon the Templates
specified and the only HTML generated accordingly. Repeater
does not have in-built support for Sort, Filter and paging the
Data.
Difference between Datagrid, Datalist and repeater

Datagrid:

For displaying data in an HTML <table>.

i.e. DataGrid displays each DataSource record as a row in an

HTML <table>, and each field as a column in said table. No
matter what one record will occupy an entire row. However, it
has max features, like paging and sorting which are much
easier to implement in datagrid with minimal coding.

DataList: Highly customized layout. You can display multiple

records in a single row. has advanced features and is much
more customizeabale than the datagrid. Is bidirectional.

Repeater:it has only a subset of the DataList's template

options. Provides the maximum amount of flexibility over the
HTML produced. Repeater is a good choice if you need to
display your data in a format different than an HTML <table>.
It needs a lot of coding to add editing, sorting and paging
features.

What are the events in GLOBAL.ASAX file?

Global.asax file contains the following events:

Application_Init
Fired when an application initializes or is first called. It is invoked for
all HttpApplication object instances.

Application_Disposed
Fired just before an application is destroyed. This is the ideal location
for cleaning up previously used resources.

Application_Error
Fired when an unhandled exception is encountered within the
application.

Application_Start
Fired when the first instance of the HttpApplication class is created.It
allows you to create objects that are accessible by all HttpApplication
instances.

Application_End
Fired when the last instance of an HttpApplication class is destroyed. It
is fired only once during an application's lifetime.

Application_BeginRequest
Fired when an application request is received. It is the first event fired
for a request, which is often a page request (URL) that a user enters

Application_EndRequest
The last event fired for an application request.

Application_PreRequestHandlerExecute
Fired before the ASP.NET page framework begins executing an event
handler like a page or Web service.

Application_PostRequestHandlerExecute
Fired when the ASP.NET page framework has finished executing an
event handler

Applcation_PreSendRequestHeaders
Fired before the ASP.NET page framework sends HTTP headers to a
requesting client (browser)

Application_PreSendContent
Fired before the ASP.NET page framework send content to a requesting
client (browser).

Application_AcquireRequestState
Fired when the ASP.NET page framework gets the current state
(Session state) related to the current request.

Application_ReleaseRequestState
Fired when the ASP.NET page framework completes execution of all
event handlers. This results in all state modules to save their current
state data

Application_ResolveRequestCache
Fired when the ASP.NET page framework completes an authorization
request. It allows caching modules to serve the request from the cache,
thus bypassing handler execution.

Application_UpdateRequestCache
Fired when the ASP.NET page framework completes handler execution
to allow caching modules to store responses to be used to handle
subsequent requests

Application_AuthenticateRequest
Fired when the security module has established the current user's
identity as valid. At this point, the user's credentials have been validated

Application_AuthorizeRequest
Fired when the security module has verified that a user can access
resources

Session_Start
Fired when a new user visits the application Web site

Session_End
Fired when a user's session times out, ends, or they leave the application
Web site

How can we add/remove row’s in “DataTable” object of “DataSet”?

‘NewRow’ method is provided by the ‘Datatable’ to add new row to it.

‘DataTable’ has “DataRowCollection” object which has all rows in a
“DataTable” object.
Add method of the DataRowCollection is used to add a new row in
DataTable.
We fill it with data fetched from the data store. Once the work is done
with the dataset, connection is reestablished
Remove method of the DataRowCollection is used to remove a
‘DataRow’ object from ‘DataTable’.
RemoveAt method of the DataRowCollection is used to remove a
‘DataRow’ object from ‘DataTable’ per the index specified in the
DataTable.
 How do we use stored procedure in ADO.NET and how do we provide
parameters to the stored procedures?

CREATE PROCEDURE RUPDATE (@RID INTEGER, @RDESC

NCHAR(50))
AS
SET NOCOUNT OFF
UPDATE Region
SET RDESC = @RDESC

SqlCommand command = new SqlCommand("RUPDATE",con);

command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add(new SqlParameter("@RID",SqlDbType.Int,0,"RID"));
command.Parameters.Add(new
SqlParameter("@RDESC",SqlDbType.NChar,50,"RDESC"));
command.Parameters[0].Value=4;
command.Parameters[1].Value="Southeast";
int i=command.ExecuteNonQuery();

Explain the basic use of “DataView” and explain its methods.

A DataView is a representation of a full table or a small section of rows.

It is used to sort and find data within Datatable.

Following are the methods of a DataView:

Find :

Parameter: An array of values;

Value Returned: Index of the row

FindRow :

Parameter: An array of values;

Value Returned: Collection of DataRow

AddNew : Adds a new row to the DataView object.

Delete : Deletes the specified row from DataView object
Explain the basic use of “DataView” and explain its methods.

It is a customizable view of a datatable that allows filtering, searching,

editing, navigation.

DataView method:

a. AddNew: To add a new row to the DataView.

b. BeginInit: Begins the initialization of a DataView.

c. CopyTo: items are copied into an array.

d. Delete: Used to delete a row at the specified position.

e. Dispose: Releases the resources.

f. EndInit: Ends the initialization of a DataView.

g. Equals: Compares object instances are equal or not.

h. Find: Finds a specific row in the DataView.

i. FindRows: Returns an array of DataRowView

j. GetEnumerator: Gets an enumerator.

k. GetHashCode: it is used in hashing algorithms.

l. GetService : fetches the implementer of the IServiceProvider.

m. GetType : fetches the current instance type.

n. ToString : Returns a String.

o. Close: Used to close a DataView.

p. ColumnCollectionChanged: Occurs after a DataColumnCollection is

successfully changed

q. Dispose: can be overloaded

r. Finalize: Used to free resources and cleanup before objects are
handeled by garbage collection.

s. IndexListChanged: This event tab=kes place when DataView has been

changed successfully.

t. MemberwiseClone : Creates a shallow copy.

u. OnListChanged: Raises the ListChanged event.

v. Open: To open a DataView.

Differences between “DataSet” and “DataReader”.

Dataset

DataSet object can contain multiple rowsets from the same data source
as well as from the relationships between them

Dataset is a disconnected architecture

Dataset can persist data.

A DataSet is well suited for data that needs to be retrieved from

multiple tables.

Due to overhead DatsSet is slower than DataReader.

Datareader

DataReader provides forward-only and read-only access to data.

Datareader is connected architecture. It has live connection while

reading data

Datareader can not persist data.

Speed performance is better in DataReader.

Explain how to load multiple tables in a DataSet.

MyDataSet myds = new MyDataSet();

SqlDataAdapter myda = new SqlDataAdapter ("procId",
this.Connection);
myda.SelectCommand.CommandType =
CommandType.StoredProcedure;
myda.SelectCommand.Parameters.AddWithValue ("@pId", pId);
myda.TableMappings.Add ("Table", myds.xval.TableName);
myda.Fill (myds);

ADO.NET Code showing Dataset storing multiple tables.

DataSet ds = new DataSet();

ds.Tables.Add(dt1);
ds.Tables.Add(dt2);
ds.Tables.Add(dtn);

What is the use of CommandBuilder?

CommandBuilder is used to build complex queries. It can even build

commands that are based on the returned results. CommandBuilder is
less error prone and more readable than the command object.

Diffrence between MasterPage and WebUserControl

A master page is a template for other pages, with shared layout and
functionality. The master page defines placeholders for content pages.
On the other hand the content pages contains the content you want to
display.

Which controls do not have events?

These are the fallowing controls which have no event

1. DirectoryEntry
2. DirectorySearcher
3. FolderBrowserDialog
4. HelpProvider
5. ImageList

Is string is value type or reference type?

The behavior of strings is different, strings are immutable (unchangeable)

if we alter a strings value, we create an entirely new string), so strings
don’t display the typical reference-type behavior. Any changes made to
a string within a method call won’t affect the original string.

Not only strings are immutable reference types. Multi-cast delegates too.
That is why it is safe to write

protected void OnMyEventHandler()

{
delegate handler = this.MyEventHandler;
if (null != hadler )
{
handler(this, new EventArgs());
}
}

I suppose that strings are immutable because this is the most safe
method to work with them and allocate memory.