Monday, June 30, 2008

ASP,ASP.NET active server pages

(B) What’s the sequence in which ASP.NET events are
processed ?
Following is the sequence in which the events occur :-
√ Page_Init.
√ Page_Load.
√ Control events
√ Page_Unload event.
Page_init event only occurs when first time the page is started , but Page_Load occurs in
subsequent request of the page.
(B) In which event are the controls fully loaded ?
Page_load event guarantees that all controls are fully loaded.Controls are also accessed in
Page_Init events but you will see that viewstate is not fully loaded during this event.
(B) How can we identify that the Page is PostBack ?
Page object has a “IsPostBack” property which can be checked to know that is the page
posted back.
(B) How does ASP.NET maintain state in between
subsequent request ?
Refer caching chapter.
(A) What is event bubbling ?
Server controls like Datagrid , DataList , Repeater can have other child controls inside
them.Example DataGrid can have combo box inside datagrid.These child control do not
raise there events by themselves , rather they pass the event to the container parent
(which can be a datagrid , datalist , repeater) , which passed to the page as “ItemCommand”
event.As the child control send there events to parent this is termed as event bubbling.
121
(B) How do we assign page specific attributes ?
Page attributes are specified using the @Page directive.
(A) Administrator wants to make a security check that no
one has tampered with ViewState , how can he ensure this ?
Using the @Page directive EnableViewStateMac to True.
(B) What’s the use of @ Register directives ?
@Register directive informs the compiler of any custom server control added to the
page.
(B) What’s the use of SmartNavigation property ?
It’s a feature provided by ASP.NET to prevent flickering and redrawing when the page is
posted back.
Note:- This is only supported for IE browser.Project’s who have browser compatibility as
requirement have to think some other ways of avoiding flickering.
(B) What is AppSetting Section in “Web.Config” file ?
Web.config file defines configuration for a webproject.Using “AppSetting” section we can
define user defined values.Example below defined is “ConnectionString” section which
will be used through out the project for database connection.




(B) Where is ViewState information stored ?
In HTML Hidden Fields.
122
(I) What’s the use of @ OutputCache directive in ASP.NET?
It’s basically used for caching.See more for Caching chapter.
(B) How can we create custom controls in ASP.NET ?
User controls are created using .ASCX in ASP.NET.After .ASCX file is created you need
to two things in order that the ASCX can be used in project:.
√ Register the ASCX control in page using the <%@ Register directive.Example
<%@ Register tagprefix="Accounting" Tagname="footer" Src="Footer.ascx" %>
√ Now to use the above accounting footer in page you can use the below directive.

(B) How many types of validation controls are provided by
ASP.NET ?
There are main six types of validation controls :-
RequiredFieldValidator
It checks does the control have any value.It's used when you want the control should not
be empty.
RangeValidator
Checks if the value in validated control is in that specific range.Example TxtCustomerCode
should not be more than eight length.
CompareValidator
Checks that the value in controls should match the value in other control.Example Textbox
TxtPie should be equal to 3.14.
RegularExpressionValidator
When we want the control value should match with a specific regular expression.
123
CustomValidator
Used to define UserDefined validation.
ValidationSummary
Displays summary of all current validation errors.
Note:- It's rare that some one will ask step by step all the validation controls.Rather they
will ask for what type of validation which validator will be used.Example in one of the
interviews i was asked how do you display summary of all errors in the validation
control...So there goes the last one Validation summary.
(B) Can you explain what is “AutoPostBack” feature in
ASP.NET ?
If we want the control to automatically postback in case of any event , we will need to
check this attribute as true.Example on a ComboBox change we need to send the event
immediately to the server side then set the “AutoPostBack” attribute to true.
(B) How can you enable automatic paging in DataGrid ?
Following are the points to be done in order to enable paging in Datagrid :-
√ Set the “AllowPaging” to true.
√ In PageIndexChanged event set the current pageindex clicked.
Note:- The answers are very short , if you have implemented practically its just a
revision.If you are fresher just make sample code using Datagrid and try to implement this
functionality.
(B) What’s the use of “GLOBAL.ASAX” file ?
It allows to execute ASP.NET application level events and set application-level variables.
(B) What’s the difference between “Web.config” and
“Machine.Config” ?
124
“Web.config” files apply settings to each web application , while “Machine.config” file
apply settings to all ASP.NET applications.
(B) What’s a SESSION and APPLICATION object ?
Session object store information between HTTP request for a particular user.While
application object are global across users.
(A) What’s difference between Server.Transfer and
response.Redirect ?
Following are the major differences between them:-
√ Response.Redirect sends message to the browser saying it to move to some
different page.While server.transfer does not send any message to the browser
but rather redirects the user directly from the server itself. So in server.transfer
there is no round trip while response.redirect has a round trip and hence puts
a load on server.
√ Using Server.Transfer you can not redirect to a different from the server itself.
Example If your server is www.yahoo.com you can use server.transfer to move
to www.microsoft.com but yes you can move to www.yahoo.com/travels , i.e.
within websites. This cross server redirect is possible only using
Response.redirect.
√ With server.transfer you can preserve your information. It has a parameter
called as “preserveForm”. So the existing query string etc. will be able in the
calling page. In response.redirect you can maintain the state. You can but has
lot of drawbacks.
If you are navigating with in the same website use “Server.transfer” or else go for
“response.redirect()”
(A)What’s difference between Authentication and
authorization?
This can be a tricky question. These two concepts seem altogether similar but there is
wide range of difference. Authentication is verifying the identity of a user and authorization
is process where we check does this identity have access rights to the system. In short we
125
can say the following authentication is the process of obtaining some sort of credentials
from the users and using those credentials to verify the user’s identity. Authorization is
the process of allowing an authenticated user access to resources. Authentication is always
precedes to Authorization; even if your application lets anonymous users connect and
use the application, it still authenticates them as being anonymous.
(I) What is impersonation in ASP.NET ?
By default, ASP.NET executes in the security context of a restricted user account on the
local machine. Sometimes you need to access network resources such as a file on a shared
drive, which requires additional permissions. One way to overcome this restriction is to
use impersonation. With impersonation, ASP.NET can execute the request using the
identity of the client who is making the request, or ASP.NET can impersonate a specific
account you specify in web.config.
(B) Can you explain in brief how the ASP.NET authentication
process works?
ASP.NET does not run by itself it runs inside the process of IIS. So there are two
authentication layers which exist in ASP.NET system. First authentication happens at
the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file.
Below is how the whole process works:-
√ IIS first checks to make sure the incoming request comes from an IP address
that is allowed access to the domain. If not it denies the request.
√ Next IIS performs its own user authentication if it is configured to do so. By
default IIS allows anonymous access, so requests are automatically
authenticated, but you can change this default on a per – application basis
with in IIS.
√ If the request is passed to ASP.net with an authenticated user, ASP.net checks
to see whether impersonation is enabled. If impersonation is enabled, ASP.net
acts as though it were the authenticated user. If not ASP.net acts with its own
configured account.
√ Finally the identity from step 3 is used to request resources from the operating
system. If ASP.net authentication can obtain all the necessary resources it
grants the users request otherwise it is denied. Resources can include much
126
more than just the ASP.net page itself you can also use .Net’s code access
security features to extend this authorization step to disk files, Registry keys
and other resources.
(A) What are the various ways of authentication techniques
in ASP.NET?
Selecting an authentication provider is as simple as making an entry in the web.config file
for the application. You can use one of these entries to select the corresponding built in
authentication provider:



√ Custom authentication where you might install an ISAPI filter in IIS that
compares incoming requests to list of source IP addresses, and considers
requests to be authenticated if they come from an acceptable address. In that
case, you would set the authentication mode to none to prevent any of the
.net authentication providers from being triggered.
Windows authentication and IIS
If you select windows authentication for your ASP.NET application, you also have to
configure authentication within IIS. This is because IIS provides Windows authentication.
IIS gives you a choice for four different authentication methods:
Anonymous, basic digest and windows integrated
If you select anonymous authentication, IIS doesn’t perform any authentication, Any one
is allowed to access the ASP.NET application.
If you select basic authentication, users must provide a windows username and password
to connect. How ever this information is sent over the network in clear text, which makes
basic authentication very much insecure over the internet.
If you select digest authentication, users must still provide a windows user name and
password to connect. However the password is hashed before it is sent across the network.
127
Digest authentication requires that all users be running Internet Explorer 5 or later and
that windows accounts to stored in active directory.
If you select windows integrated authentication, passwords never cross the network.
Users must still have a username and password, but the application uses either the Kerberos
or challenge/response protocols authenticate the user. Windows-integrated authentication
requires that all users be running internet explorer 3.01 or later Kerberos is a network
authentication protocol. It is designed to provide strong authentication for client/server
applications by using secret-key cryptography. Kerberos is a solution to network security
problems. It provides the tools of authentication and strong cryptography over the network
to help to secure information in systems across entire enterprise
Passport authentication
Passport authentication lets you to use Microsoft’s passport service to authenticate users
of your application. If your users have signed up with passport, and you configure the
authentication mode of the application to the passport authentication, all authentication
duties are off-loaded to the passport servers.
Passport uses an encrypted cookie mechanism to indicate authenticated users. If users
have already signed into passport when they visit your site, they’ll be considered
authenticated by ASP.NET. Otherwise they’ll be redirected to the passport servers to log
in. When they are successfully log in, they’ll be redirected back to your site
To use passport authentication you have to download the Passport Software Development
Kit (SDK) and install it on your server. The SDK can be found at http://
msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.It includes
full details of implementing passport authentication in your own applications.
Forms authentication
Forms authentication provides you with a way to handle authentication using your own
custom logic with in an ASP.NET application. The following applies if you choose forms
authentication.
√ When a user requests a page for the application, ASP.NET checks for the
presence of a special session cookie. If the cookie is present, ASP.NET assumes
the user is authenticated and processes the request.
128
√ If the cookie isn’t present, ASP.NET redirects the user to a web form you
provide
You can carry out whatever authentication, checks you like in your form. When the user
is authenticated, you indicate this to ASP.NET by setting a property, which creates the
special cookie to handle subsequent requests.
(A)How does authorization work in ASP.NET?
ASP.NET impersonation is controlled by entries in the applications web.config file. The
default setting is “no impersonation”. You can explicitly specify that ASP.NET shouldn’t
use impersonation by including the following code in the file

It means that ASP.NET will not perform any authentication and runs with its own
privileges. By default ASP.NET runs as an unprivileged account named ASPNET. You
can change this by making a setting in the processModel section of the machine.config
file. When you make this setting, it automatically applies to every site on the server. To
user a high-privileged system account instead of a low-privileged, set the userName
attribute of the processModel element to SYSTEM. Using this setting is a definite security
risk, as it elevates the privileges of the ASP.NET process to a point where it can do bad
things to the operating system.
When you disable impersonation, all the request will run in the context of the account
running ASP.NET: either the ASPNET account or the system account. This is true when
you are using anonymous access or authenticating users in some fashion. After the user
has been authenticated, ASP.NET uses it own identity to request access to resources.
The second possible setting is to turn on impersonation.

In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous
access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account
that IIS itself uses. If you aren’t allowing anonymous access,ASP.NET will take on the
credentials of the authenticated user and make requests for resources as if it were that
user. Thus by turning impersonation on and using a non-anonymous method of
authentication in IIS, you can let users log on and use their identities within your ASP.NET
application.
Finally, you can specify a particular identity to use for all authenticated requests
129
>
With this setting, all the requests are made as the specified user (Assuming the password
it correct in the configuration file). So, for example you could designate a user for a single
application, and use that user’s identity every time someone authenticates to the
application. The drawback to this technique is that you must embed the user’s password
in the web.config file in plain text. Although ASP.NET won’t allow anyone to download
this file, this is still a security risk if anyone can get the file by other means.
(B)What’s difference between Datagrid , Datalist and
repeater ?
A Datagrid, Datalist and Repeater are all ASP.NET data Web controls.
They have many things in common like DataSource Property , DataBind Method
ItemDataBound and ItemCreated.
When you assign the DataSource Property of a Datagrid to a DataSet then each DataRow
present in the DataRow Collection of DataTable is assigned to a corresponding
DataGridItem and this is same for the rest of the two controls also.But The HTML code
generated for a Datagrid has an HTML TABLE element created for the particular
DataRow and its a Table form representation with Columns and Rows.
For a Datalist its an Array of Rows and based on the Template Selected and the
RepeatColumn Property value We can specify how many DataSource records should
appear per HTML row. In short in datagrid we have one record per row, but in
datalist we can have five or six rows per row.
For a Repeater Control,The Datarecords to be displayed depends upon the Templates
specified and the only HTML generated is the due to the Templates.
In addition to these , Datagrid has a in-built support for Sort,Filter and paging the Data
,which is not possible when using a DataList and for a Repeater Control we would require
to write an explicit code to do paging.
130
(A)From performance point of view how do they rate ?
Repeater is fastest followed by Datalist and finally datagrid.
(B)What’s the method to customize columns in DataGrid?
Use the template column.
(B)How can we format data inside DataGrid?
Use the DataFormatString property.
(A) How will decide the design consideration to take a
Datagrid , datalist or repeater ?
Many make a blind choice of choosing datagrid directly , but that's not the right way.
Datagrid provides ability to allow the end-user to sort, page, and edit its data.But it
comes at a cost of speed.Second the display format is simple that is in row and columns.
Real life scenarios can be more demanding that
With its templates, the DataList provides more control over the look and feel of the
displayed data than the DataGrid.It offers better performance than datagrid
Repeater control allows for complete and total control. With the Repeater, the only HTML
emitted are the values of the databinding statements in the templates along with the
HTML markup specified in the templates—no "extra" HTML is emitted, as with the
DataGrid and DataList. By requiring the developer to specify the complete generated
HTML markup, the Repeater often requires the longest development time.But repeater
does not provide editing features like datagrid so everything has to be coded by programmer
. However, the Repeater does boast the best performance of the three data Web controls.
Repeater is fastest followed by Datalist and finally datagrid.
(B) Difference between ASP and ASP.NET?
ASP.NET new feature supports are as follows :-
Better Language Support
√ New ADO.NET Concepts have been implemented.
131
√ ASP.NET supports full language (C# , VB.NET,C++) and not simple scripting
like VBSCRIPT..
Better controls than ASP
√ ASP.NET covers large set’s of HTML controls..
√ Better Display grid like Datagrid , Repeater and datalist.Many of the display
grid have paging support.
Controls have event supports
√ All ASP.NET controls support events.
√ Load, Click and Change events handled by code makes coding much simpler
and much better organized.
Compiled Code
The first request for an ASP.NET page on the server will compile the ASP.NET code and
keep a cached copy in memory. The result of this is greatly increased performance.
Better Authentication Support
ASP.NET supports forms-based user authentication, including cookie management and
automatic redirecting of unauthorized logins. (You can still do your custom login page
and custom user checking).
User Accounts and Roles
ASP.NET allows for user accounts and roles, to give each user (with a given role) access
to different server code and executables.
High Scalability
√ Much has been done with ASP.NET to provide greater scalability.
√ Server to server communication has been greatly enhanced, making it possible
to scale an application over several servers. One example of this is the ability
to run XML parsers, XSL transformations and even resource hungry session
objects on other servers.
Easy Configuration
132
√ Configuration of ASP.NET is done with plain text files.
√ Configuration files can be uploaded or changed while the application is running.
No need to restart the server. No more metabase or registry puzzle.
Easy Deployment
No more server restart to deploy or replace compiled code. ASP.NET simply redirects all
new requests to the new code.
(A) What are major events in GLOBAL.ASAX file ?
The Global.asax file, which is derived from the HttpApplication class, maintains a pool
of HttpApplication objects, and assigns them to applications as needed. The Global.asax
file contains the following events:
Application_Init: Fired when an application initializes or is first called. It's invoked for all
HttpApplication object instances.
Application_Disposed: Fired just before an application is destroyed. This is the ideal
location for cleaning up previously used resources.
Application_Error: Fired when an unhandled exception is encountered within the
application.
Application_Start: Fired when the first instance of the HttpApplication class is created.
It allows you to create objects that are accessible by all HttpApplication instances.
Application_End: Fired when the last instance of an HttpApplication class is destroyed.
It's fired only once during an application's lifetime.
Application_BeginRequest: Fired when an application request is received. It's the first
event fired for a request, which is often a page request (URL) that a user enters.
Application_EndRequest: The last event fired for an application request.
Application_PreRequestHandlerExecute: Fired before the ASP.NET page framework
begins executing an event handler like a page or Web service.
Application_PostRequestHandlerExecute: Fired when the ASP.NET page framework is
finished executing an event handler.
Applcation_PreSendRequestHeaders: Fired before the ASP.NET page framework sends
HTTP headers to a requesting client (browser).
133
Application_PreSendContent: Fired before the ASP.NET page framework sends content
to a requesting client (browser).
Application_AcquireRequestState: Fired when the ASP.NET page framework gets the
current state (Session state) related to the current request.
Application_ReleaseRequestState: Fired when the ASP.NET page framework completes
execution of all event handlers. This results in all state modules to save their current state
data.
Application_ResolveRequestCache: Fired when the ASP.NET page framework completes
an authorization request. It allows caching modules to serve the request from the cache,
thus bypassing handler execution.
Application_UpdateRequestCache: Fired when the ASP.NET page framework completes
handler execution to allow caching modules to store responses to be used to handle
subsequent requests.
Application_AuthenticateRequest: Fired when the security module has established the
current user's identity as valid. At this point, the user's credentials have been validated.
Application_AuthorizeRequest: Fired when the security module has verified that a user
can access resources.
Session_Start: Fired when a new user visits the application Web site.
Session_End: Fired when a user's session times out, ends, or they leave the application
Web site.
Note :- During interview you do not have to really cram all these events.But just keep the
basic events in mind
(A) What order they are triggered ?
They're triggered in the following order:
Application_BeginRequest
Application_AuthenticateRequest
Application_AuthorizeRequest
Application_ResolveRequestCache
Application_AcquireRequestState
134
Application_PreRequestHandlerExecute
Application_PreSendRequestHeaders
Application_PreSendRequestContent
<>
Application_PostRequestHandlerExecute
Application_ReleaseRequestState
Application_UpdateRequestCache
Application_EndRequest.
(I) Do session use cookies ?
Twist:- How can we make session to not to use cookies ?
Left to the user , you will enjoy to find this answer.
(I)How can we force all the validation control to run ?
Page.Validate
(B)How can we check if all the validation control are valid
and proper ?
Using the Page.IsValid() property you can check whether all the validation are done.
(A)If you have client side validation is enabled in your Web
page , Does that mean server side code is not run?
When client side validation is enabled server emit’s JavaScript code for the custom
validators. But note that does not mean that server side checks on custom validators do
not execute. It does this two time redundant check. As some of the validators do not
support client side scripting.
(A)Which JavaScript file is referenced for validating the
validators at the client side ?
135
WebUIValidation.js javascript file installed at “aspnet_client” root IIS directory is used
to validate the validation controls at the client side
(B)How to disable client side script in validators?
Set EnableClientScript to false.
(A)I want to show the entire validation error message in a
message box on the client side?
In validation summary set “ShowMessageBox” to true.
(B)You find that one of your validation is very complicated
and does not fit in any of the validators , so what will you do
?
Best is to go for CustomValidators..Below is a sample code for a custom validator which
checks that a textbox should not have zero value
ErrorMessage="Number not divisible by Zero"
ControlToValidate="txtNumber"
OnServerValidate="ServerValidate"
ClientValidationFunction="CheckZero" />

Input:


(A)What is Tracing in ASP.NET ?
Tracing allows us to view in detail how the code was executed.
(A) How do we enable tracing ?
<%@ Page Trace="true" %>
(I)What exactly happens when ASPX page is requested from
Browser?
Note: - Here the interviewer is expecting complete flow of how an ASPX page is processed
with respect to IIS and ASP.NET engine.
Following are the steps which occur when we request a ASPX page :-
√ The browser sends the request to the webserver.let’s assume that the webserver
at the other end is IIS.
√ Once IIS receives the request he looks on which engine can serve this request.
When I mean engine means the DLL who can parse this page or compile and
send a response back to browser. Which request to map to is decided by file
extension of the page requested.
Depending on file extension following are some mapping
√ .aspx, for ASP.NET Web pages,
√ .asmx, for ASP.NET Web services,
√ .config, for ASP.NET configuration files,
137
√ .ashx, for custom ASP.NET HTTP handlers,
√ .rem, for remoting resources
√ Etc
You can also configure the extension mapping to which engine it can route by using the
IIS engine.
Figure: - 7.1 Following screen shows some IIS mappings
138
Example a ASP page will be sent to old classic ASP.DLL to compile. While .ASPX pages
will be routed to ASP.NET engine for compilation.
√ As this book mainly will target ASP.NET we will look in to how ASP.NET
pages that is ASPX pages generation sequence occurs. Once IIS passes the
request to ASP.NET engine page has to go through two section HTTP module
section and HTTP handler section. Both these section have there own work
to be done in order that the page is properly compiled and sent to the IIS.
HTTP modules inspect the incoming request and depending on that they can
change the internal workflow of the request. HTTP handler actually compiles
the page and generates output. If you see your machine.config file you will see
following section of HTTP modules



type="System.Web.Security.WindowsAuthenticationModule" />
type="System.Web.Security.FormsAuthenticationModule" />
type="System.Web.Security.PassportAuthenticationModule" />
type="System.Web.Security.UrlAuthorizationModule" />
type="System.Web.Security.FileAuthorizationModule" />
>

139
The above mapping shows which functionality is handled by which Namespace. Example
FormsAthuentication is handled by “System.Web.Security.FormsAuthenticationModule”.
If you look at the web.config section HTTP module is where authentication and
authorization happens.
Ok now the HTTP handler is where the actual compilation takes place and the output is
generated.Following is a paste from HTTP handler section of WEB.CONFIG file.







...

√ Depending on the File extension handler decides which Namespace will
generate the output. Example all .ASPX extension files will be compiled by
System.Web.UI.PageHandlerFactory
√ Once the file is compiled it send back again to the HTTP modules and from
there to IIS and then to the browser.
140
Figure :- 7.2 IIS flow from various sections.
(B)How can we kill a user session ?
Session.abandon
141
(I)How do you upload a file in ASP.NET ?
I will leave this to the readers … Just a hint we have to use System.Web.HttpPostedFile
class.
(I)How do I send email message from ASP.NET ?
ASP.NET provides two namespaces System.WEB.mailmessage classand
System.Web.Mail.Smtpmail class. Just a small homework create a Asp.NET project and
send a email at shiv_koirala@yahoo.com . Do not Spam.
(A)What are different IIS isolation levels?
IIS has three level of isolation:-
LOW (IIS process):- In this main IIS process and ASP.NET application run in same process.
So if any one crashes the other is also affected. Example let’s say (well this is not possible)
I have hosted yahoo , hotmail .amazon and google on a single PC. So all application and
the IIS process runs on the same process.In case any website crashes it affects every one.
Figure: - 7.3 LOW IIS process scenario
Medium (Pooled):- In Medium pooled scenario the IIS and web application run in different
process. So in this case there are two processes process1 and process2. In process1 the IIS
process is running and in process2 we have all Web application running.
142
Figure: - 7.4 Medium pooled scenario
High (Isolated):-In high isolated scenario every process is running is there own process. In
below figure there are five processes and every one handling individual application. This
consumes heavy memory but has highest reliability.
143
Figure: - 7.5 High isolation scenario
(A)ASP used STA threading model , whats the threading
model used for ASP.NET ?
ASP.NET uses MTA threading model.
(A)Whats the use of <%@ page aspcompat=true %>
attribute ?
This attribute works like a compatibility option. As said before ASP worked in STA
model and ASP.NET works in MTA model. But what if your ASP.NET application is
using a VB COM component. In order that VB COM runs properly in ASP.NET threading
model we have to set that attribute. After defining the ASPCOMPAT directive attribute
ASP.NET pages runs in STA model thus building the compatibility between ASP.NET
and old COM components who does not support MTA model.
144
(B)Explain the differences between Server-side and Clientside
code?
Server side code is executed at the server side on IIS in ASP.NET framework , while
client side code is executed on the browser.
(I)Can you explain Forms authentication in detail ?
In old ASP if you where said to create a login page and do authentication you have to do
hell lot of custom coding. But now in ASP.NET that’s made easy by introducing Forms
authentication. So let’s see in detail what form authentication is.
Forms authentication uses a ticket cookie to see that user is authenticated or not. That
means when user is authenticated first time a cookie is set to tell that this user is
authenticated. If the cookies expire then Forms authentication mechanism sends the user
to the login page.
Following are the steps which defines steps for Forms authentication :-
√ Configure Web.config file with forms authentication.As shown below in the
config file you can see we have give the cookie name and loginurl page.




loginUrl="login.aspx"
protection="All"
timeout="30"
path="/" />



145
√ Remove anonymous access to the IIS web application , following are changes
done to web.config file.








√ Create the login page which will accept user information.Create your login
page that is the Login.aspx which will actually take the user data.
√ Finally a Small coding in the login button.
Let's assume that the login page has two textboxes Txtname and txtapssword.
Also import System.Web.Security and put the following code in login button
of the page.
If Page.IsValid Then
If FormsAuthentication.Authenticate(txtName.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage(txtName.Text, False)
Else
lblStatus.Text = "Error not proper user"
End If
End If
146
(A)How do I sign out in forms authentication ?
FormsAuthentication.Signout()
(A)If cookies are not enabled at browser end does form
Authentication work?
No it does not work.
(A)How to use a checkbox in a datagrid?
Twist :- How can I track event in checkbox which is one of the columns of a datagrid ?
Note: - This is normally asked when the interviewer wants to see that have you really
worked practically on a project.
Following are the steps to be done :-
√ In ASPX page you have to add Itemtemplate tag in datagrid.

OnCheckedChanged="Check_Clicked">

√ If you look at the Itemtemplate we have “OnCheckChanged” event. This
“OnCheckChanged” event has “Check_Clicked” subroutine is actually in
behind code.Note this method which is in behind code should either be
“protected” or “public”
√ Following below is the subroutine which defines the method
Protected Sub Check_Clicked(ByVal sender As Object, ByVal e As EventArgs)
‘ do something
End Sub
The above steps should be defined in short to the interviewer which will give a quick
feeling of your practical experience with ASP.NET
147
(I)What are the steps to create a windows service in VB.NET
?
Windows Services are long-running executable applications that run in its own Windows
session, which then has the ability to start automatically when the computer boots and
also can be manually paused, stopped or even restarted.
Following are the steps to create a service :-
√ Create a project of type “Windows Service”.
Figure 7.6 :- Create project for Windows Service
√ If you see the class created it is automatically inheriting from
“System.ServiceProcess.ServiceBase”.
148
√ You can override the following events provided by service and write your
custom code. All the three main events can be used that is Start , stop and
continue.
protected override void OnStart(string[] args)
{
}
protected override void OnStop()
{
}
protected override void OnContinue()
{
}
√ Now to install the service you need to do run the install util exe.
InstallUtil \BIN\MyNewService.exe

Friday, June 13, 2008

What method do you use to explicitly kill a user Session?

Ans : Session.Abandon
Abandon
The Abandon method destroys all the objects stored in a Session object and releases their resources. If you do not call the Abandon method explicitly, the server destroys these objects when the session times out.
Syntax Session.Abandon
Remarks
When the Abandon method is called, the current Session object is queued for deletion, but is not actually deleted until all of the script commands on the current page have been processed. This means that you can access variables stored in the Session object on the same page as the call to Abandon, but not in any subsequent Web pages.
For example, in the following script, the third line prints the value Mary. This is because the Session object is not destroyed until the server has finished processing the script.
<% Session.Abandon Session("MyName") = "Mary" Reponse.Write(Session("MyName")) %>
Contents.Remove
The Remove method deletes a specific item from the Session object's Contents collection.
Syntax
Session.Contents.Remove( Item|Index )
Parameter
Item - The name of the member to remove from the collection.
Index - The index entry for the member to remove from the collection.
Remarks
The Contents.Remove method takes either a string or an integer as an input parameter. If the input parameter is a string, the method will search the contents collection for an item with that name and remove it. If the input parameter is an integer, the method counts that number of items from the start of the collection, and removes the corresponding item.
Example
The following example adds and removes a variable called myName to the Session.Contents collection.
<% Session("myName") = " " Session.Contents.Remove("myName") %>
Contents.RemoveAll
The RemoveAll method deletes all items that have been added to the Session object's Contents collection.
Syntax
Session.Contents.RemoveAll ()
Example
The following example removes all items that have been added to the Session.contents collection:
<%Session.Contents.RemoveAll()%>

Dataset, Repeater and List control Difference?

Type of Control Purpose Features
Table • General-purpose, programmable table. • Can display any combination of HTML text and controls.
• Supports a TableCell control that can be set to display information. Does not use templates for display.
• Is not inherently data-bound.
• Exposes a model for dynamically creating rows (TableRow controls) and cells (TableCell controls).
Repeater • Simple, read-only output • Has no built-in support for selecting or editing items.
• Has no default appearance; you must lay out the list by creating templates. The list can be vertical, horizontal, all on one line, or in any format you specify.
• Has no default paging; all data is displayed in a single list.
• Can define separators between elements using a template.
• Supports custom functionality that can be applied to items (for example, specifying an "Add to shopping cart" button for each item).
DataList • List output with editing
• Non-tabular lists (for example, comma-delimited lists)
• Easily customizable output • Has a table appearance by default, but can be configured to show any list output.
• Can customize look of list extensively.
• Has an auto-format option.
• WYSIWYG template editing.
• Supports styles for custom look of items.
• Can define separators between elements using a template.
• Has editable contents (contents displayed in text boxes or other controls, based on data type of bound data).
• Supports single selection. Multiple selection requires custom code.
• Supports either horizontal (columns) or vertical (rows) layout of the data items.
• Has no default paging; all data is displayed in a single list.
• Supports custom functionality that can be applied to items (for example, specifying an "Add to shopping cart" button for each item).
DataGrid • Full-featured list output with editing
• Paged reporting • Has a grid appearance by default.
• Can customize look of grid extensively.
• Has an auto-format option.
• Can specify output using bound columns, columns of buttons or hyperlinks, and custom columns created using templates.
• Has no separator template. However, the grid renders in a table, and you can specify table border size and color.
• Supports WYSIWYG template editing.
• Items support styles for custom look.
• Can edit, update, and delete contents.
• Supports single selection. Multiple selection requires custom code.
• Has optional paged output.
• Supports sorting.
• Supports custom functionality that can be applied to items (for example, specifying an "Add to shopping cart" button for each item).

4. In what order do the events ofan ASPX page Execute?

Control Execution Lifecycle

The server loads an ASP.NET page every time it is requested and then unloads it after the request is completed. The page and the server controls it contains are responsible for executing the request and rendering HTML back to the client. Although the communication between the client and the server is stateless and disconnected, the client experience must appear to be that of a continuously executing process.

This illusion of continuity is created by the ASP.NET page framework and by the page and its controls. On postback, a control must behave as if it were starting where it left off at the end of the previous Web request. The ASP.NET page framework makes it relatively easy to perform state management, but control developers must be aware of the control execution sequence to achieve the effect of continuity. Control developers need to understand which information is available to a control at each phase in its lifecycle, which data is persisted, and what the control's state is when it is rendered. For example, a control is unable to invoke its parent until the tree of controls on a page has been populated.

The following table provides a high-level overview of the phases in the lifecycle of a control. For details, follow the links in the table.

Phase

What a control needs to do

Method or event to override

Initialize

Initialize settings needed during the lifetime of the incoming Web request.

Init event (OnInit method)

Load view state

At the end of this phase, the ViewState property of a control is automatically populated as described in Maintaining State in a Control. A control can override the default implementation of the LoadViewState method to customize state restoration.

LoadViewState method

Process postback data

Process incoming form data and update properties accordingly. See Processing Postback Data.

Note Only controls that process postback data participate in this phase.

LoadPostData method

(if IPostBackDataHandler is implemented)

Load

Perform actions common to all requests, such as setting up a database query. At this point, server controls in the tree are created and initialized, the state is restored, and form controls reflect client-side data

Load event

(OnLoad method)

Send postback change notifications

Raise change events in response to state changes between the current and previous postbacks.

Note Only controls that raise postback change events participate in this phase.

RaisePostDataChangedEvent method

(if IPostBackDataHandler is implemented)

Handle postback events

Handle the client-side event that caused the postback and raise appropriate events on the server

Note Only controls that process postback events participate in this phase.

RaisePostBackEvent method

(if IPostBackEventHandler is implemented)

Prerender

Perform any updates before the output is rendered. Any changes made to the state of the control in the prerender phase can be saved, while changes made in the rendering phase are lost

PreRender event

(OnPreRender method)

Save state

The ViewState property of a control is automatically persisted to a string object after this stage. This string object is sent to the client and back as a hidden variable. For improving efficiency, a control can override the SaveViewState method to modify the ViewState property.

SaveViewState method

Render

Generate output to be rendered to the client.

Render method

Dispose

Perform any final cleanup before the control is torn down. References to expensive resources such as database connections must be released in this phase.

Dispose method

Unload

Perform any final cleanup before the control is torn down. Control authors generally perform cleanup in Dispose and do not handle this event.

UnLoad event (On UnLoad method)