asp.net questions and answers
What are the various ways of securing a web site that could prevent from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,
Name the validation control available in asp.net?.
RequiredField, RangeValidator,RegularExpression,Custom validator,compare Validator
What is a PostBack?
The process in which a Web page sends data back to the same page on the server.
What is different b/w webconfig.xml & Machineconfig.xml
Web.config & machine.config both are configuration files.Web.config contains settings specific to an application where as machine.config contains settings to a computer. The Configuration system first searches settings in machine.config file & then looks in application configuration files, Web.config, can appear in multiple directories on an ASP.NET Web application server. Each Web.config file applies configuration settings to its own directory and all child directories below it. There is only Machine.config file on a web server.
What is Web.config?
In classic ASP all Web site related information was stored in the metadata of IIS. This had the disadvantage that remote Web developers couldn't easily make Web-site configuration changes. For example, if you want to add a custom 404 error page, a setting needs to be made through the IIS admin tool, and you're Web host will likely charge you a flat fee to do this for you. With ASP.NET, however, these settings are moved into an XML-formatted text file (Web.config) that resides in the Web site's root directory. Through Web.config you can specify settings like custom 404 error pages, authentication and authorization settings for the Web sitempilation options for the ASP.NET Web pages, if tracing should be enabled, etc.
The Web.config file is an XML-formatted file. At the root level is the tag. Inside this tag you can add a number of other tags, the most common and useful one being the system.web tag, where you will specify most of the Web site configuration parameters. However, to specify application-wide settings you use the tag.
For example, if we wanted to add a database connection string parameter we could have a Web.config file like so.
What are benefits and Limitation of using Hidden fields in asp.net?
Following are the benefits of using Hidden fields:-
. They are simple to implement.
. As data is cached on client side, they work with Web Farms.
. All browsers support hidden field.
. No server resources are required.
Following are limitations of Hidden field:-
. They can be tampered creating a security hole.
. Page performance decreases if you store large data, as the data are stored in pages itself.
. Hidden fields do not support rich structures as HTML hidden fields are only single valued. Then you have to work around with delimiters etc to handle complex structures.
Below is how you will actually implement hidden field in a project
Introduction to ASP.NET with C#
Classic Asp: 
Asp, which is now more commonly known as Classic Asp was used extensively in 1990's. The idea of creating dynamic pages and linking them with database was the main purpose of classic Asp. Asp used html controls for user interaction. Apart from the good features available in Asp programming, it also lacks in some of the major areas. These areas include clean coding as asp pages were incline pages and all the business logic as well as the interface was coded in a single page. This produces many problem when the code had to be updated or modified. Asp pages also lacked performance and scalability which were fixed in Asp.net. Lets see what Asp.net technology has to offer a developer to build dynamic pages much faster.
Language Options:
Asp.net provides lets you choose the scripting language between javascript and VbScript. This is beneficial for the java programmers as well as the VB programmers since they already have the basic background of the language.
Caching features:
Asp.net also introduces caching features which increases the performance of the application. Caching allows the developer to save the recently used data in a cache variable so that if does not have to spend any time looking for it in the future when anyone requests it.
Use of Controls:
Asp.net provides the developer with several controls to perform basic as well as advanced operations. Controls provided in Asp.net falls under HTML Controls, HTML Server Controls and Web Server Controls.
HTML Controls:
Html controls are the basic controls that are executed on the client machine. These controls include textbox, label , image etc. A simple example of html control can be given by the following code which renders an image.
As you see HTML controls are very easy to use but they don't provide much features. Microsoft decided to introduce HTML Server controls which extends the functionality of simple HTML Controls.
HTML Server Controls:
HTML Server Controls looks exactly like the HTML Controls with one difference that they are executed on the server rather than the client. A simple example of HTML Server controls is given below:
just add a runat server attribute with the image tag.
As you can see that the image tag or control looks exactly like the one that we have previously discussed. But it has an additional attribute which is runat. The runat attribute denotes that this is a HTML Server Control and will be executed on the Server rather than the client.
Note: src attribute in the image tag denotes the path of the image it can be "C:MyDirectorymyImage.jpg"
Asp.net Web Applications:
Asp.net is based on the .NET framework for building web applications. Since Asp.net is a part of the Microsoft. NET Framework it has the ability to take advantage of rich class libraries provided by Microsoft. The question is that why should one use Asp.net and not use classic asp or any other web programming technology. Here are some of the features of Asp.net that makes it the best web application technology.
Web Server Controls
Web Server Controls are the most advanced controls in Asp.net. Each control comes with tons of features that allows the developer to complete the task in less time.Web Server Controls are executed on the Server. Web Server Controls include datagrid control, datalist control, calendar control and many many more.
Special Note:
When dealing with different types of controls one must always remember that when to use which control. If the control will only act as a static entity than you should always use HTML Controls. If the control will be dynamic you should useWeb Server Controls.
ASP.NET Features and Advantages
ASP.NET is a compiled, .NET-based environment; you can code the applications in any .NET compatible language, including Visual Basic .NET, C#, and JScript .NET. Additionally, the entire .NET Framework is available to any ASP.NET application.
ASP.NET has been designed with scalability in mind, with features specifically tailored to improve performance in clustered and multiprocessor environments. With built in Windows authentication and per-application configuration, you can be assured that your applications are secure. 
You can use Web Forms or XML Web services when creating an ASP.NET application, or combine both depending on your need. Both of them allows you to use authentication schemes, cache frequently used data, or customize application's configuration.
ASP.Net allows programmers to develop web applications that interface with a database. The advantage of ASP.Net is that it is object-oriented and has many programming tools that allow for faster development and more functionality.
There are 2 aspects of ASP.Net make it fast, compiled code and caching.
Prior to DOT Net Framework, the code was interpreted into machine language when your website visitor views your page. Now, with ASP.Net the code is compiled into machine language before your visitor ever comes to your site.
Caching is the storage of information that will be reused in a memory location for faster access in the future. ASP.Net allows programmers to set up pages or areas of pages that are commonly reused to be cached for a set period of time to improve the performance of web applications. I have used caching in many of my applications with few records, static and frequently used data.
ASP.Net automatically recovers from memory leaks and errors to make sure that your website is always available to your visitors. Programmers can actually write their code in any of the supported .Net languages like VB.Net, C#, and JScript.Net. In the Learning series, we will be using C# since it’s the widely used language across many companies.
An ASP.NET Framework application is deployed to a server simply by copying the necessary files to the server. No server restart is required, even to deploy or replace running compiled code.
Security is one of the major advantage, you can use built in Windows authentication and also you can set the security configuration by application.
ASP.NET Interview Questions on Database Administrator
Why is "Connecting to SQL Server using Integrated Security" considered a best practice?
Connecting to SQL Server using integrated security instead of using an explicit user name and password, helps avoid the possibility of the connection string being compromised and your user ID and password being exposed.
What are the best practices to follow to secure connection strings in an ASP.NET web application?
1. Always store connection strings in the site's Web.config file. Web.config is very secure. Users will not be able to access web.config from the browser.
2. Do not store connection strings as plain text. To help keep the connection to your database server secure, it is recommended that you encrypt connection string information in the configuration file.
3. Never store connection strings in an aspx page.
4. Never set connection strings as declarative properties of the SqlDataSource control or other data source controls.
What is Script injection?
A script injection attack attempts to send executable script to your application with the intent of having other users run it. A typical script injection attack sends script to a page that stores the script in a database, so that another user who views the data inadvertently runs the code.
What is the advantage of storing an XML file in the applications App_Data folder? The contents of the App_Data folder will not be returned in response to direct HTTP requests.
What is SQL injection?
A SQL injection attack attempts to compromise your database by creating SQL commands that are executed instead of, or in addition to, the commands that you have built into your application.
What are the best practices to keep in mind when accepting user input on a web application?
1. Always use validation controls whenever possible to limit user input to acceptable values.
2. Always check the IsValid property of the aspx page. Run the server side code only if the IsValid property value is true. A value of false means that one or more validation controls have failed a validation check.
3. Always perform server side validation irrespective of client side validation being performed or not. This will protect your web application even if the client has by passed the client side validation by disabling javascript in the web browser.
4. Also make sure to re validate user input in the business logic layer of your application.
What are the steps to follow to avoid SQL Injection attacks?
Always use parameterized queries or stored procedures instead of creating SQL commands by concatenating strings together.
What are the steps to follow to avoid Script Injection attacks?
1. Encode user input with the HtmlEncode method. This method turns HTML into its text representation.
2. If you are using the GridView control with bound fields, set the BoundField object's HtmlEncode property to true. This causes the GridView control to encode user input when the row is in edit mode.
Can you encrypt view state data of an aspx page?
Yes, you encrypt view state data of an aspx page by setting the page's ViewStateEncryptionMode property to true.
Interview Questions for ASP.Net
- We can add a crystal report in aspx page using two techniques, what are these?
- What is Cache?
- What is AJAX?
- Is AJAX a language?
- What is the difference between syncronus and asyncronus?
- what do you mean by HTTP Handler?
- What is the purpose of Global.asax?
- What is the difference between stroed procedure and stored function in SQL?
- Can we have an updateable view in SQL?
- What is connection pooling? how can we acheive that in asp.net?
- What is DataSet?
- What is the difference between typed and untyped dataset?
- What is the difference bewteen accessing the data throgh the dataset and datareader?
- Any idea of Data Access Component provided by Microsoft?
- Any idea of Enterprise library?
- What is web service?
- What is WSDL?
- Can a web service be only developed in asp.ent?
- can we use multiple web services from a single application?
- can we call a web service asynchronously?
- Can a web service be used from a windows application?
- What do we need to deploy a web service?
- What is the significance of web.config?
- Can we have multiple web.config files in a sigle web project?
- Can we have more then one configuration file?
- Type of Authentications?
- Can we have multiple assemblies in a single web project?
- What is the difference between the inline and code behind?
- what is side by side execution?
- can we have two different versions of dot net frameworks running on the same machine?
- What is CLR? Difference b/w CLR and JVM?
- What is CLI?
- What is GAC?
- What is View State?
- Can you read the View State?
- What is the difference between encoding and encryption? Which is easy to break?
- Can we disable the view state application wide?
- can we disable it on page wide?
- can we disable it for a control?
- What is provider Model?
- What is machine.config?
- What different types of session state Management we have in asp.net?
- What are cookies?
- What is the significance of Application_Start/Session_Start/Application_Error?
- What is CTS?
- What is .resx file meant for?
- Any idea of aspnet_regiis?
- Any idea of ASP NET State Service?
- Crystal report is only used for read only data and reporting purposes?
