Interview Tips Interview Tips, Interview Questions and Answers

28Oct/100

How Sessions Are Implemented in ASP.NET

Since the HTTP protocol used by web browsers to request files from web servers is stateless, ASP.NET needs to determine which requests were from the same user. The primary mechanism utilizes a non-persistent cookie that is issued by the web server that contains a session id value. The id provided by this cookie is the key used to index into the session infrastructure to access the user's specific data. The session framework is implemented by the HTTP module System.Web.SessionState.SessionStateModule, which executes before the .aspx page events. The module uses the EnableSessionState attribute from the @Page directive to determine if it must retrieve the user’s session information (and whether it needs to write out changes when the request is complete). If the EnableSessionState attribute is true (which it is by default), the module retrieves all of the user’s session information and sets the Session property of the Page class to an instance of the HttpSessionState class. This article focuses on the cookie mechanism, although a cookie-less method of sessions is implemented in ASP.NET (the session id is embedded in the URL string). The Session information can be stored in-process (default, stores in web server memory), with a state service, or a SQL Server database. This article will focus on the in-process storage, but the technique applies to all three locations.

Tagged as: , , , , , , , , , No Comments
12Jan/100

10 ASP.NET Interview Questions

    1. How does ViewState work and why is it either useful or evil? interview2
    2. What is the OO relationship between an ASPX page and its CS/VB code behind file in ASP.NET 1.1? in 2.0?
    3. What is an assembly binding redirect? Where are the places an administrator or developer can affect how assembly binding policy is applied?
    4. Compare and contrast LoadLibrary(), CoCreateInstance(), CreateObject() and Assembly.Load().
    5. What happens from the point an HTTP request is received on a TCP/IP port up until the Page fires the On_Load event?
    6. What are ASHX files?  What are HttpHandlers?  Where can they be configured?
    7. What is needed to configure a new extension for use in ASP.NET? For example, what if I wanted my system to serve ASPX files with a *.jsp extension?
    8. What events fire when binding data to a data grid? What are they good for?
    9. How does IIS communicate at runtime with ASP.NET?  Where is ASP.NET at runtime in IIS5? IIS6?
    10. Explain how PostBacks work, on both the client-side and server-side. How do I chain my own JavaScript into the client side without losing PostBack functionality?
Tagged as: , , , , , , , , , No Comments
22Dec/090

ASP.NET Interview Questions on Database Administrator

Why is "Connecting to SQL Server using Integrated Security" considered a best practice?
Connecting to SQL Server using integrated security instead of using an explicit user name and password, helps avoid the possibility of the connection string being compromised and your user ID and password being exposed.

What are the best practices to follow to secure connection strings in an ASP.NET web application?
1. Always store connection strings in the site's Web.config file. Web.config is very secure. Users will not be able to access web.config from the browser.
2. Do not store connection strings as plain text. To help keep the connection to your database server secure, it is recommended that you encrypt connection string information in the configuration file.
3. Never store connection strings in an aspx page.
4. Never set connection strings as declarative properties of the SqlDataSource control or other data source controls.

What is Script injection?
A script injection attack attempts to send executable script to your application with the intent of having other users run it. A typical script injection attack sends script to a page that stores the script in a database, so that another user who views the data inadvertently runs the code.

What is the advantage of storing an XML file in the applications App_Data folder? The contents of the App_Data folder will not be returned in response to direct HTTP requests.

What is SQL injection?
A SQL injection attack attempts to compromise your database by creating SQL commands that are executed instead of, or in addition to, the commands that you have built into your application.

What are the best practices to keep in mind when accepting user input on a web application?
1. Always use validation controls whenever possible to limit user input to acceptable values.
2. Always check the IsValid property of the aspx page. Run the server side code only if the IsValid property value is true. A value of false means that one or more validation controls have failed a validation check.
3. Always perform server side validation irrespective of client side validation being performed or not. This will protect your web application even if the client has by passed the client side validation by disabling javascript in the web browser.
4. Also make sure to re validate user input in the business logic layer of your application.

What are the steps to follow to avoid SQL Injection attacks?
Always use parameterized queries or stored procedures instead of creating SQL commands by concatenating strings together.

What are the steps to follow to avoid Script Injection attacks?
1. Encode user input with the HtmlEncode method. This method turns HTML into its text representation.
2. If you are using the GridView control with bound fields, set the BoundField object's HtmlEncode property to true. This causes the GridView control to encode user input when the row is in edit mode.

Can you encrypt view state data of an aspx page?
Yes, you encrypt view state data of an aspx page by setting the page's ViewStateEncryptionMode property to true.

Tagged as: , , , , , , , , , No Comments
21Dec/090

Interview questions for ASP.NET (UI) Developers

    1. What three Session State providers are available in ASP.NET 1.1? What are the pros and cons of each?
    2. What is Web Gardening? How would using it affect a design?
    3. Given one ASP.NET application, how many application objects does it have on a single proc box? A dual? A dual with Web Gardening enabled? How would this affect a design?
    4. Describe how a browser-based Form POST becomes a Server-Side event like Button1_OnClick.
    5. What is a PostBack?
    6. What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?
    7. What is the <machinekey> element and what two ASP.NET technologies is it used for?
    8. Describe ways to present an arbitrary endpoint (URL) and route requests to that endpoint to ASP.NET.
    9. Explain how cookies work. Give an example of Cookie abuse.
    10. Explain the importance of HttpRequest.ValidateInput()?
    11. How does VaryByCustom work?
    12. How would one implement ASP.NET HTML output caching, caching outgoing versions of pages generated via all values of q= except where q=5 (as in http://localhost/page.aspx?q=5)?
    13. What kind of data is passed via HTTP Headers?
    14. Juxtapose the HTTP verbs GET and POST. What is HEAD?
    15. Name and describe at least a half dozen HTTP Status Codes and what they express to the requesting client.
    16. How does if-not-modified-since work? How can it be programmatically implemented with ASP.NET?
      Explain <@OutputCache%> and the usage of VaryByParam, VaryByHeader.
    17. Are threads reused in ASP.NET between reqeusts? Does every HttpRequest get its own thread? Should you use Thread Local storage with ASP.NET?
    18. Is the [ThreadStatic] attribute useful in ASP.NET? Are there side effects? Good or bad?
    19. Give an example of how using an HttpHandler could simplify an existing design that serves Check Images from an .aspx page.
    20. What kinds of events can an HttpModule subscribe to? What influence can they have on an implementation? What can be done without recompiling the ASP.NET Application?
Tagged as: , , , , , , , , , , , , No Comments
19Dec/090

Top 10 ASP.NET Interview Questions

  1. From constructor to destructor (taking into consideration Dispose() and the concept of non-deterministic finalization), what the are events fired as part of the ASP.NET System.Web.UI.Page lifecycle. Why are they important? What interesting things can you do at each?
  2. What is needed to configure a new extension for use in ASP.NET? For example, what if I wanted my system to serve ASPX files with a *.jsp extension?
  3. What events fire when binding data to a data grid? What are they good for?
  4. Explain how PostBacks work, on both the client-side and server-side. How do I chain my own JavaScript into the client side without losing PostBack functionality?
  5. How does ViewState work and why is it either useful or evil?
  6. What is the OO relationship between an ASPX page and its CS/VB code behind file in ASP.NET 1.1? in 2.0?
  7. What happens from the point an HTTP request is received on a TCP/IP port up until the Page fires the On_Load event?
  8. How does IIS communicate at runtime with ASP.NET?  Where is ASP.NET at runtime in IIS5? IIS6?
  9. What is an assembly binding redirect? Where are the places an administrator or developer can affect how assembly binding policy is applied?
  10. Compare and contrast LoadLibrary(), CoCreateInstance(), CreateObject() and Assembly.Load().
Tagged as: , , , , , , , , , No Comments
   

  • Recent Posts

  • Tag Cloud

  • BlogRoll

  • Archives

  • Categories

  • .NET
  • Asp.Net
  • Database
  • Interview Skills
  • Interview Tips
  • Java
  • Job News
  • Phone Screen Skills
  • Programming
  • web

    • Sponsors