Describe how the ASP.NET authentication process works
ASP.NET runs inside the process of IIS due to which there are two authentication layers which exist in the system.
First authentication happens at the IIS level and the second at ASP.NET level per the WEB.CONFIG file.
Working:
At first, IIS ensures that the incoming request is from an authenticated IP address.
Otherwise the request is rejected.
By default IIS allows anonymous access due to which requests are automatically authenticated.
However, if this is changed, IIS performs its own user authentication too.
ASP.net checks if impersonation is enabled if a request is passed to ASP.net by an authenticated user. If it is enabled, ASP.net acts itself as an authenticated user else it acts with its own configured account.
Finally the OS resources are requested by the identity obtained from previous step.
The user is granted the resources if the authentication is successful else the resources are denied.
Resources can include ASP.net page, code access security features to extend authorization step to disk files, registry keys, etc.
10 ASP.NET Interview Questions
- How does ViewState work and why is it either useful or evil?
- What is the OO relationship between an ASPX page and its CS/VB code behind file in ASP.NET 1.1? in 2.0?
- What is an assembly binding redirect? Where are the places an administrator or developer can affect how assembly binding policy is applied?
- Compare and contrast LoadLibrary(), CoCreateInstance(), CreateObject() and Assembly.Load().
- What happens from the point an HTTP request is received on a TCP/IP port up until the Page fires the On_Load event?
- What are ASHX files? What are HttpHandlers? Where can they be configured?
- What is needed to configure a new extension for use in ASP.NET? For example, what if I wanted my system to serve ASPX files with a *.jsp extension?
- What events fire when binding data to a data grid? What are they good for?
- How does IIS communicate at runtime with ASP.NET? Where is ASP.NET at runtime in IIS5? IIS6?
- Explain how PostBacks work, on both the client-side and server-side. How do I chain my own JavaScript into the client side without losing PostBack functionality?
Top 10 ASP.NET Interview Questions
- From constructor to destructor (taking into consideration Dispose() and the concept of non-deterministic finalization), what the are events fired as part of the ASP.NET System.Web.UI.Page lifecycle. Why are they important? What interesting things can you do at each?
- What is needed to configure a new extension for use in ASP.NET? For example, what if I wanted my system to serve ASPX files with a *.jsp extension?
- What events fire when binding data to a data grid? What are they good for?
- Explain how PostBacks work, on both the client-side and server-side. How do I chain my own JavaScript into the client side without losing PostBack functionality?
- How does ViewState work and why is it either useful or evil?
- What is the OO relationship between an ASPX page and its CS/VB code behind file in ASP.NET 1.1? in 2.0?
- What happens from the point an HTTP request is received on a TCP/IP port up until the Page fires the On_Load event?
- How does IIS communicate at runtime with ASP.NET? Where is ASP.NET at runtime in IIS5? IIS6?
- What is an assembly binding redirect? Where are the places an administrator or developer can affect how assembly binding policy is applied?
- Compare and contrast LoadLibrary(), CoCreateInstance(), CreateObject() and Assembly.Load().
