.NET WebDev interview questions
9. How will you identify which event in the ASP.NET Web page life cycle takes the longest time to execute? A. Turn on ASP.NET trace and run the Web application. B. Add a few code to each of the page life-cycle events that will print the current time. C. In the Web.config file, add the monitorTimings attribute and set it to True. D. In the Web site properties, turn on the performance monitor and run the Web application. After that, open performance monitor to see the timings.
11. You are interested in examining the data that is posted to the Web server. What trace result section can you use to see this information?A. Control Tree B. Headers Collection C. Form Collection D. Server Variables
12. While creating web site you need to add an HTML Web server control to the Web page, you need to drag an HTML element from the ToolBox of Visual Studio 2005 to the Web page and then which of the following tasks you will perform? A. Right-click the HTML element and click Run=Server. B. Double-click the HTML element to convert it to an HTML server control. C. Right-click the HTML element and click Run As Server Control. D. Click the HTML element and set ServerControl to true in the Properties window.
13. While testing your ASP.NET web application you noticed that while clicking on CheckBox of one of the web page it does not cause a PostBack; you required that the CheckBox should make PostBack so Web page can be update on the server-side code. How can you make the CheckBox to cause a PostBack? A. Set the AutoPostBack property to true. B. Add JavaScript code to call the ForcePostBack method. C. Set the PostBackAll property of the Web page to true. D. Add server-side code to listen for the click event from the client.
14. While writing code in Visual Studio 2005 you creates a new instance of a ASP.NET TextBox server control, what do you need to do to get the TextBox to display on the Web page? A. Call the ShowControl method on the TextBox. B. Set the VisibleControl to true on the TextBox. C. Add the TextBox instance to the form1.Controls collection. D. Execute the AddControl method on the Web page.
15. While creating your ASP.NET web based application you want to create multiple RadioButton server controls which should be mutually exclusive, what property of RadioButton server controls you must set? A. Exclusive B. MutuallyExclusive C. Grouped D. GroupName
16. While creating an ASP.NET web application with the help of Visual Studio 2005 you are creates a Web page that has several related buttons, such as fast-forward, reverse, play, stop, and pause. There should be one event handler that handles the processes of PostBack from these Button server controls. Other than the normal Submit button, what type of button can you create? A. OneToMany B. Command C. Reset D. ManyToOne
ASP .NET Interview Questions, Part 1
1. Describe the role of inetinfo.exe, aspnet_isapi.dll andaspnet_wp.exe in the page loading process. inetinfo.exe is theMicrosoft IIS server running, handling ASP.NET requests among other things.When an ASP.NET request is received (usually a file with .aspx extension),the ISAPI filter aspnet_isapi.dll takes care of it by passing the request tothe actual worker process aspnet_wp.exe.
2. What’s the difference between Response.Write() andResponse.Output.Write()? The latter one allows you to write formattedoutput.
3. What methods are fired during the page load? Init() – when the pageis instantiated, Load() – when the page is loaded into server memory,PreRender() – the brief moment before the page is displayed to the user asHTML, Unload() – when page finishes loading.
4. Where does the Web page belong in the .NET Framework class hierarchy?System.Web.UI.Page
5. Where do you store the information about the user’s locale? System.Web.UI.Page.Culture
6. What’s the difference between Codebehind=”MyCode.aspx.cs” andSrc=”MyCode.aspx.cs”? CodeBehind is relevant to Visual Studio.NET only.
7. What’s a bubbled event? When you have a complex control, like DataGrid, writing an event processing routine for each object (cell, button, row, etc.) is quite tedious. The controls can bubble up their eventhandlers, allowing the main DataGrid event handler to take care of its constituents.
8. Suppose you want a certain ASP.NET function executed on MouseOver overa certain button. Where do you add an event handler? It’s the Attributesproperty, the Add function inside that property. So btnSubmit.Attributes.Add(“onMouseOver”,”someClientCode();”)
9. What data type does the RangeValidator control support? Integer,String and Date.
10. Explain the differences between Server-side and Client-side code? Server-side code runs on the server. Client-side code runs in the clients’ browser.
11. What type of code (server or client) is found in a Code-Behind class? Server-side code.
12. Should validation (did the user enter a real date) occur server-side or client-side? Why? Client-side. This reduces an additional request to the server to validate the users input.
13. What does the “EnableViewState” property do? Why would I want it on or off? It enables the viewstate on the page. It allows the page to save the users input on a form.
14. What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other? Server.Transfer is used to post a form to another page. Response.Redirect is used to redirect the user to another page or site.
15. Can you explain the difference between an ADO.NET Dataset and an ADO Recordset?
· A DataSet can represent an entire relational database in memory, complete with tables, relations, and views.
· A DataSet is designed to work without any continuing connection to the original data source.
· Data in a DataSet is bulk-loaded, rather than being loaded on demand.
· There’s no concept of cursor types in a DataSet.
· DataSets have no current record pointer You can use For Each loops to move through the data.
· You can store many edits in a DataSet, and write them to the original data source in a single operation.
· Though the DataSet is universal, other objects in ADO.NET come in different versions for different data sources.
16. Can you give an example of what might be best suited to place in the Application_Start and Session_Start subroutines? This is where you can set the specific variables for the Application and Session objects.
17. If I’m developing an application that must accommodate multiple security levels though secure login and my ASP.NET web application is spanned across three web-servers (using round-robin load balancing) what would be the best approach to maintain login-in state for the users? Maintain the login state security through a database.
18. Can you explain what inheritance is and an example of when you might use it? When you want to inherit (use the functionality of) another class. Base Class Employee. A Manager class could be derived from the Employee base class.
ASP.NET Interview Questions on Database Administrator
Why is "Connecting to SQL Server using Integrated Security" considered a best practice?
Connecting to SQL Server using integrated security instead of using an explicit user name and password, helps avoid the possibility of the connection string being compromised and your user ID and password being exposed.
What are the best practices to follow to secure connection strings in an ASP.NET web application?
1. Always store connection strings in the site's Web.config file. Web.config is very secure. Users will not be able to access web.config from the browser.
2. Do not store connection strings as plain text. To help keep the connection to your database server secure, it is recommended that you encrypt connection string information in the configuration file.
3. Never store connection strings in an aspx page.
4. Never set connection strings as declarative properties of the SqlDataSource control or other data source controls.
What is Script injection?
A script injection attack attempts to send executable script to your application with the intent of having other users run it. A typical script injection attack sends script to a page that stores the script in a database, so that another user who views the data inadvertently runs the code.
What is the advantage of storing an XML file in the applications App_Data folder? The contents of the App_Data folder will not be returned in response to direct HTTP requests.
What is SQL injection?
A SQL injection attack attempts to compromise your database by creating SQL commands that are executed instead of, or in addition to, the commands that you have built into your application.
What are the best practices to keep in mind when accepting user input on a web application?
1. Always use validation controls whenever possible to limit user input to acceptable values.
2. Always check the IsValid property of the aspx page. Run the server side code only if the IsValid property value is true. A value of false means that one or more validation controls have failed a validation check.
3. Always perform server side validation irrespective of client side validation being performed or not. This will protect your web application even if the client has by passed the client side validation by disabling javascript in the web browser.
4. Also make sure to re validate user input in the business logic layer of your application.
What are the steps to follow to avoid SQL Injection attacks?
Always use parameterized queries or stored procedures instead of creating SQL commands by concatenating strings together.
What are the steps to follow to avoid Script Injection attacks?
1. Encode user input with the HtmlEncode method. This method turns HTML into its text representation.
2. If you are using the GridView control with bound fields, set the BoundField object's HtmlEncode property to true. This causes the GridView control to encode user input when the row is in edit mode.
Can you encrypt view state data of an aspx page?
Yes, you encrypt view state data of an aspx page by setting the page's ViewStateEncryptionMode property to true.
