Saturday, July 5, 2008

ASP.NET Questionnaire

Question: Why a conventional ASP web page is considered to be stateless amd how do
u overcome this using ASP.NET?
Answer: Whenver a URL request is made, Web server creates instance of requested
web form, generates HTML and posts it to browser for rendering. It then
destroys instance of web form on the server. When user submits data back to
the web server, a new instance of web form is created which has no
knowledge of earlier webform. Hence conventional web page is stateless. In
ASP.NET before web form get destroyed the state of the webform is stored in
Viewstate(hidden control) on the page and when the page is posted back, the
state of the webform is restored from view state.

Question: What is a web-farm and how do u manage session in web-farm?
Answer: A web-farm is group of webservers hosting a single web application.
Sice the web application is shared across multiple servers, session info can
not be stored in process memory of any of servers. It should be stored in a
centralizes database or state machine.

Question: How do you preserve persistent data, such as simple variables, in a Web
Answer: You can preserve data in state variables, such as ApplicationState,
SessionState, or ViewState.

Question: How cookieless session works in ASP.NET?
Answer: In cookieless session session id gets embedded in URL automatically. So
when url request is made, session id is stripped from URL by ASP.NET
And is used to identify session information belonging to user.

Question: Does cookieless session works when absolute paths are specified ?
Answer: No cookieless session does not work with absolute paths. It works only with
relative path.

Question: Is it possible to protect view state from tampering when it's passed over an
unencrypted channel?
Answer: Yes. Simply include an @ Page directive with an
EnableViewStateMac="true" attribute in each ASPX file you wish to
protect, or include the following statement in Web.config: his
configuration directive appends a hash (officially called the message
authentication code, or MAC) to view state values round-tripped to
the client and enables ASP.NET to detect altered view state. If
ASP.NET determines that view state has been altered when a page
posts back to the server, it throws an exception.
The hash is generated by appending a secret key (the
validationKey value attached to the element in
Machine.config) to the view state and hashing the result. An
attacker can't modify view state and fix up the hash without
knowing the secret key, too.

Question: How do u synchronize access to Application variables by multiple threads.
Answer: Use Application.Lock and Application.Unlock before accessing Application

Question: How do u cache a web page in ASP.NET?
Answer: <%@ outputcache duration=”60” varybyparam=”none”>

Question: What is difference between following statements
1 - <%@ outputcache duration=”60” varybyparam=”none”>
2 - <%@ outputcache duration=”60” varybyparam=”*”>
3 - <%@ outputcache duration=”60” varybyparam=”name”>
Answer: Statement 1 caches only one version of the page irrespective of querystring
parameters. Statement 2 caches multiple versions of same page I any of
quewrystring parameter varies. Statement 3 caches multiple versions of the
page for different values of parameter xyz.

Question: What is difference between canche.insert and cache.add method
Answer: The Add and Insert methods have the same signature, but there are subtle
differences between them. First, calling the Add method returns an object
that represents the cached item, while calling Insert does not. Second, their
behavior is different if you call these methods and add an item to the cache

Question: What is cache dependency and how do u add it?
Answer: If object1 has Cache dependency on object2 , then whnever object2 changes,
object1 is removed from the cache.
e.g. following example sets up a database connection string denedency on
xml file.
Cache.Insert("MyData1", connectionString, new

Question: What are 2 expiration policies for Cached objects?
Answer: 1. Absolute expiration: This is fixed duration expiration. For cache
duration of 10 seconds, object is removed from cache after 10 seconds
no matter what.
2. Sliding expiration: Canche duration varies based on frequency of
access. E.g. If there is sliding expiration of 10 seconds and item is
accessed from the cached again at 8th second, then object is reached
again for the next 10 seconds

Question: What is fragment caching?
Answer: Fragment caching is caching enabled for ascx controls.

Question: How do u notify an application when an item is removed from the cache?
Answer: By implementing event CacheItemRemovedCallBack.

Question: What is the main difference between the Button server control and the Button HTML
Answer: When clicked, the Button server control triggers an ASP.NET Click event procedure
on the server. The Button HTML control triggers the event procedure indicated in
the button' s onclick attribute, which runs on the client.

Question: List two different exception-handling approaches in ASP.NET Web applications.
Answer: Exceptions can be handled in exception-handling blocks using the Try, Catch, and
Finally keywords in Visual Basic .NET or the try, catch, and finally keywords in
Visual C#. They can also be handled using Error event procedures at the Global,
Application, or Page levels using the Server object' s GetLastError and ClearError

Question: Write the HTML for a hyperlink that will send mail when the user clicks the link.
Answer: Send mail

Question: Show the code that writes a cookie containing the user name “Rob Young” and the
current date to the user' s computer. Set the cookie to remain on the user' s computer
for 30 days.
Answer: HttpCookie cookUserInfo = new HttpCookie("UserInfo")
CookUserInfo["Name"] = "Rob Young"
CookUserInfo["Time"] = DateTime.Now.ToString()
cookUserInfo.Expires = DateTime.Now.AddDays(30)

Question: What is the difference between the CurrentCulture property and the Current-
UICulture property?
Answer: The CurrentCulture property affects how the .NET Framework handles dates,
currencies, sorting, and formatting issues. The Current UICulture property
determines which satellite assembly is used when loading resources.

Question: How do you detect the user' s culture?
Answer: Use the Request object' s UserLanguages array. The value at element 0 corresponds
ASP.NET Questionnaire
Compiled by Page 7 of 20
to one of the culture codes used by the CultureInfo class. For example:
SLang = Request.UserLanguages(0)

Question: What are 2 layout options for a webform
Answer: Grid layout: This is the default. Controls are placed exactly where you draw them
and they have absolute positions on the page. Use grid layout for Windows-style
applications, in which controls are not mixed with large amounts of text.
Flow layout: This places controls relative to other elements on the page. If you add
elements at run time, the controls that occur after the new element move down. Use
flow layout for document-style applications, in which text and controls are

Question: Can an ASPX file contain more than one form marked runat="server"?
Answer: No

Question: How do I comment out statements in ASPX files?
Answer: <%--


Question: How do you get several RadioButton controls to interoperate on a Web form so that
only one of the RadioButtons can be selected at once?
Answer: Set the GroupName property of each RadioButton to the same name.
Question: What is wrong with the following line of code?
Answer: You can' t use the Transfer method with HTML pages. It works only with .aspx

Question: How do you display a page in one frame from a hyperlink in another frame?
Answer: Use the element' s target attribute to specify the frame to display the page. For
example, the following hyperlink displays a page in the main frame of a frameset:
Show the answers!

Question: Briefly describe the best uses for each of the three types of Web controls
Answer: Create a user control when you want to…
…quickly create a group of controls that can be reused throughout a project to
perform some logical unit of work.
Create a composite custom control when you want to…
…combine one or more existing controls into a compiled assembly that can be easily
reused in many different projects.
Create a rendered control when you want to…
…build an entirely new control that can be compiled into an assembly for use in
multiple projects.

Question: What is the most important method to override when creating a composite custom
Answer: You override the CreateChildControls method to add existing controls to a
composite custom control.

Question: What is the most important method to override when creating a rendered control?
Answer: You override the Render method when creating a rendered custom control.

Question: What is the advantage of using CSS rather than in-line styles for formatting a Web

Answer: Using CSS allows you to maintain formatting separately from the content of your
Web forms, so changes are easier to make and consistency is easier to maintain.
Question: How will u get or set the values from a CheckBoxList or RadioButtonList control?
Answer: , use a For Each loop to check each control in the list
private void Button1_Click(object sender,
System.EventArgs e)
foreach (ListItem lstItem in RadioButtonList1.Items)
if (lstItem.Selected)
Response.Write(lstItem.Text +
" is selected.
Question: Specify form tag which contains file upload control.
runat="server" ID="Form1">
Level: SE
Number: 33
Heading: UI Controls / Data bound controls
Question: What is difference between click event of a simple link button and image
button control?
Answer: Using the Button and LinkButton Click event procedure is straightforward. The
ImageButton control provides an additional capability. The Click event argument for
the ImageButton control includes the X and Y coordinates for where the user clicked
on the control. The image response depends on where it Images that respond to
clicks in this way are called image maps.

Question: Assume that on a web page on left side there is small section consisting of a
text boxes for entering login name and password and button and there are
many other controls . It is required that controls used for login should
disappear after logging in. How to achieve this functionality?
Answer: Place login controls on panel control. Make the panel invisible after login

Question: How error messages are displayed using validationsummary control?
Answer: Suppose there are five validator controls on a webform and a single validation
summary control.if there is validation error, then Individual validators display their
Text properties, while the longer ErrorMessage property is displayed in the
ValidationSummary control.

Question: What validation control you will use to validate a prime number in a text
Answer: Use custom validator control and write prime number checking code in
servervalidate event of custom validator.

Question: A developer has designed a generic data access layer assembly which can be shared across many web applications. How do u package and deploy such an
Answer: Prefix assembly with strong name. Register with GAC to make it a shared
assembly. Create a merge module pacakage(.msm) which can be combined
with other installables.

Question: Where will u store connection string in ASP.NET and how will u retrieve it
in aspx page?
Answer: Store the conncetion string in web.config file as follows.

value="Server=moon;database=Store;Trusted_Connection=yes" />

The value can be retrieved as follows.
Dim dsn As String = ConfigurationSettings.AppSettings("DSN")

Question: How do u configure custom errors in ASP.NET?
Answer: As the name says all about, customErros provides information about custom
error messages for an ASP.NET application. CustomErrors tag provides us
with three attributes.
defaultRedirect can be used to specify the URL to direct a browser, if any
unexpected error occurs. The mode attribute takes three values On, Off or
RemoteOnly. Remeteonly specifies that custom errors are shown only to
remote clients.
The subtag might be very useful in a variety of way. We can specify
the error status code and ask the browser to redirect to a specific page. We
should use the attribute, statusCode to specify the error status code and the
redirect attribute to specify the redirect URL.

Question: How do u configure session mode in web.config file?
Answer: Using tag
This tag can be used to specify, were we are storing the session. This can be
specified in the mode attribute. Supported values mode are Off, InProc,
StateServer and SqlServer. InProc indicates that, session states is stored
locally. StateServer indicates that session state is stored on a remote server
and sqlserver can be used to indicate that the session state is stored on a sql
We also have the choice to use cookies to store the sessions. This can be set
using the attribute cookieless. Session timeout can be specified using the
attribute called timeout. By default, the session timeout is 20 minutes (same
as classic ASP).

Question: What if some one types the web.config file in the URL?
Answer: ASP.NET configures IIS to prevent direct browser access to web.config files to ensure
that their values cannot become public (attempts to access them will cause ASP.NET
to return 403: Access Forbidden).

Question: Explain application isolation levels in IIS 5
Answer: 􀂷 In-process with IIS (Inetinfo.exe). This option increases performance because
all calls are made in-process; however, it offers no protection. If an
application fails, it can corrupt memory and affect Inetinfo.exe, as well as
other applications running in-process.
􀂷 Pooled with other Web application processes in DLLHost.exe. This is the
default option and it provides a balance between protection and
performance. If an application fails, it can affect other applications in the
pool, but it will not affect Inetinfo.exe.
􀂷 Isolated in its own instance of DLLHost.exe. Isolated applications are
protected from affecting or being affected by problems in other applications.
However, calls to other applications must cross process boundaries, and this
affects performance.

Question: What is the difference between the Debug and Trace classes?
Answer: Under the default environment settings, code using the Debug class is stripped out
of release builds, while code using the Trace class is left in. The classes are otherwise

Question: What are the two special steps you need to take to ensure that a COM component
can use a component from a .NET assembly?
Answer: 1.You must register the .NET assembly in the system registry using RegAsm.exe.
2. You must make sure that the COM component can find the .NET assembly, either
by placing the .NET assembly in the global assembly cache, by placing the two
components in the same folder, or by following the other assembly-probing rules.

Question: You have developed a educational ASP.NET application. The web.config file
has following structure.

In the root directory of ur application, there is a subdirectory called
“GuardiansOnly” . What actions u need to take to allow only “Guardians”
role to access directory “GuardiansOnly” without modifying web.config file
of root directory.
Answer: Create another web.config file in directory “GuardiansOnly” with following

Question: Which ASP.NET authentication mode is best suited to identifying and authorizing
users who belong to a corporate network?
Answer: Windows integrated authentication is best suited to authenticating users of a
corporate network because it uses the accounts and permissions that already exist for
network users.

Question: How does the Secure Sockets Layer (SSL) provide security in a Web application?
Answer: SSL protects data exchanged between a client and a Web application by encrypting
the data before it is sent across the Internet.

Question: Given the following settings

Where will be trace information be stored?
Answer: Trace information will be stored in trace.axd file in root directory.

Question: What is a http handler
Answer: Http handler is .net component designed for processing files with specific
extensions. E.g. If we wish to process abc.sync differently than normal aspx
file, then we can implement HttpHandler for handling requests with *.sync

Question: What are different steps involved in implementing http handler?
Answer: 1. Write a class which implements IHttpHandler interface
2. Register this handler in web.config or machine.config file.
3. Map the file extension (.15seconds) to ASP.NET ISAPI extension DLL
(aspnet_isapi.dll) in Internet Services Manager.

Question: Which method of HttpHandler gets invoked when request is received?
Answer: ProcessRequest(System.Web.HttpContext context) gets invoked

Question: How do u register Http Handler?
Answer: Add following settings in web.config file


Question: What is Http modue and where it can be used?
Answer: HTTP modules are .NET components that implement the
System.Web.IHttpModule interface. These components plug themselves into
ASP.NET Questionnaire
Compiled by Page 18 of 20
the ASP.NET request processing pipeline by registering themselves for
certain events. Whenever those events occur, ASP.NET invokes the interested
HTTP modules so that the modules can play with the request.

Question: How do u register/unregister http module?
Answer: Add following settings in web.config file
To register:

To unregister:

Question: What is output of Server.MapPath("")?
Answer: It gives physical path of the file that includes aboce statement

Question: How will u register a control “login.ascx” and declare its instance on a
Registering a control:
<%@ Register TagPrefix="uc1" TagName="login" Src="Login.ascx" %>
Instancing a control:

Question: What is impersonation?
Impersonation is when a user gains access to a resource by using a different
identity, usually as an anonymous user. To allow this, Windows uses a special
user account known as the anonymous logon account. Whenever an attempt is
made to access server resources over the Web, the user is automatically logged
on anonymously. The user can only access the resources for which the
anonymous user account has privileges. By default, the username for the
anonymous logon account takes the form IUSR_COMPUTERNAME, in which
COMPUTERNAME is the name of the server.

Question: Which accounts are used by ASP.NET for impersonation?
Answer: By default, ASP.NET uses two accounts to provide impersonation capabilities: the
local system process account and the IUSR_COMPUTERNAME account. When
impersonation is turned off, all the resources are accessed using the local system
process account. When impersonation is turned on, the IUSR_COMPUTERNAME
account is used to provide access to resources.

Question: What is authentication? Explain different types of authentication techniques
used in ASP.NET
Authentication is the process of identifying valid users by requiring them to
prove themselves. The three types of authentication provided by ASP.NET are
as follows:
􀂷 Windows built-in authentication. IIS uses basic, digest, or integrated
Windows authentication to perform the initial authentication. The user gains
access to the requested resources under the context of this account. The
accounts that are valid for accessing the complete application, or parts of it,
can be specified in the web.config file.
􀂷 Passport-based authentication. This authentication offers single login
and core profile services for member sites. This is possible through the
usage of a centralized Web-based authentication service, provided by
􀂷 Forms-based authentication. In this authentication, HTTP clientside
redirection is used to redirect an unauthenticated user to an HTML form.
Using this HTML form, the user provides his/her login credentials and then
submits the form. The system issues a cookie (containing the credentials or
a key for re-acquiring the identity) if the application authenticates the
request. Then, the client browser sends the cookie with all the subsequent
requests. The user can access the application while this cookie is retained.
In addition, when none of the preceding methods is used, the default IIS
authentication is used and resources can be accessed as specified by the
application settings in IIS. Impersonation is still implemented, and the resources
are accessed under the context of the local system process account or the
Level: SSE

No comments: