ASP.Net Interview Questions - Part 4

What is delay signing?

Ans :Delay signing allows you to place a shared assembly in the GAC by signing the assembly with just the public key. This allows the assembly to be signed with the private key at a later stage, when the development process is complete and the component or assembly is ready to be deployed. This process enables developers to work with shared assemblies as if they were strongly named, and it secures the private key of the signature from being accessed at different stages of development..


What’s the difference between code-based security and role-based security?
Which one is better?

Ans :Code security is the approach of using permissions and permission sets for a given code to run. The admin, for example, can disable running executables off the Internet or restrict access to corporate database to only few applications. Role-based security most of the time involves the code running with the privileges of the current user. This way the code cannot supposedly do more harm than mess up a single user account. There’s no better, or 100%
thumbs-up approach, depending on the nature of deployment, both code-based and role-based security could be implemented to an extent..


How can you work with permissions from your .NET application?

Ans :You can request permission to do something and you can demand certain permissions from other apps. You can also refuse permissions so that your app is not inadvertently used to destroy some data..


How can C# app request minimum permissions?

Ans :Using System.Security.Permissions; [assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum, Unrestricted=true)].


What’s a code group?

Ans :A code group is a set of assemblies that share a security context..


What’s the difference between authentication and authorization?

Ans :Authentication happens first. You verify user’s identity based on credentials. Authorization is making sure the user only gets access to the resources he has credentials for..


What are the authentication modes in ASP.NET?

Ans :None, Windows, Forms and Passport..


Are the actual permissions for the application defined at run-time or compiletime?

Ans :The CLR computes actual permissions at runtime based on code group membership and the calling chain of the code..


Explain the differences between Server-side and Client-side code?

Ans :Server side scripting means that all the script will be executed by the server and interpreted as needed. ASP doesn’t have some of the functionality like sockets, uploading, etc. For these you have to make a custom component usually in VB or VC++. Client side scripting means that the script will be executed immediately in the browser such as form field validation, clock, email validation, etc. Client side scripting is usually done in VBScript or JavaScript. Download time, browser compatibility, and visible code - since JavaScript and VBScript code is included in the HTML page, then anyone can see the code by viewing the page source. Also a possible security hazards for the client computer..


Should validation (did the user enter a real date) occur server-side or client-side? Why?

Ans :Client-side validation because there is no need to request a server side date when you could obtain a date from the client machine..


What does the "EnableViewState" property do? Why would I want it on or off?

Ans :Enable ViewState turns on the automatic state management feature that enables server controls to re-populate their values on a round trip without requiring you to write any code. This feature is not free however, since the state of a control is passed to and from the server in a hidden form field. You should be aware of when ViewState is helping you and when it is not. For example, if you are binding a control to data on every round trip (as in the datagrid example in tip #4), then you do not need the control to maintain it’s view state, since you will wipe out any re-populated data in any case. ViewState is enabled for all server controls by default. To disable it, set the EnableViewState property of the control to false..