The current property settings of an ASP.NET page and those of any
ASP.NET server controls contained within the page. ASP.NET can detect
when a form is requested for the first time versus when the form is
posted (sent to the server), which allows you to program accordingly.
· What are user controls and custom controls?
Custom controls:
A control authored by a user or a third-party software vendor that
does not belong to the .NET Framework class library. This is a
generic term that includes user controls. A custom server control is
used in Web Forms (ASP.NET pages). A custom client control is used in
Windows Forms applications.
User Controls:
In ASP.NET: A user-authored server control that enables an ASP.NET page
to be re-used as a server control. An ASP.NET user control is
authored declaratively and persisted as a text file with an .ascx
extension. The ASP.NET page framework compiles a user control on the
fly to a class that derives from the System.Web.UI.U serControl
class.
· What are the validation controls?
A set of server controls included with ASP.NET that test user input in
HTML and Web server controls for programmer-defined requirements.
Validation controls perform input checking in server code. If the user
is working with a browser that supports DHTML, the validation controls
can also perform validation using client script.
· What's the difference between Response.Write( )
andResponse.Out put.Write()?
The latter one allows you to write formattedoutput .
· What methods are fired during the page load? Init()
When the page is instantiated, Load() - when the page is loaded into
server memory,PreRende r () - the brief moment before the page is
displayed to the user as HTML, Unload() - when page finishes loading.
·
Where does the Web page belong in the .NET Framework class hierarchy?
System.Web.UI.P age
· Where do you store the information about the user's locale?
System.Web.UI.P age.Culture
· What's the difference between Codebehind="MyC ode.aspx.cs" and
Src="MyCode.asp x.cs"?
CodeBehind is relevant to Visual Studio.NET only.
· What's a bubbled event?
When you have a complex control, likeDataGrid, writing an event
processing routine for each object (cell, button,row, etc.) is quite
tedious. The controls can bubble up their eventhandlers, allowing the
main DataGrid event handler to take care of its constituents.
Suppose you want a certain ASP.NET function executed on MouseOver over
a certain button.
· Where do you add an event handler?
It's the Attributesprope rty, the Add function inside that property.
e.g. btnSubmit.Attri butes.Add("onMo useOver","someC lientCode();")
· What data type does the RangeValidator control support?
Integer,String and Date.
· What are the different types of caching?
Caching is a technique widely used in computing to increase performance
by keeping frequently accessed or expensive data in memory. In context
of web application, caching is used to retain the pages or data across
HTTP requests and reuse them without the expense of recreating
them.ASP.NET has 3 kinds of caching strategiesOutpu t CachingFragment
CachingData
CachingOutput Caching: Caches the dynamic output generated by a
request. Some times it is useful to cache the output of a website even
for a minute, which will result in a better performance. For caching
the whole page the page should have OutputCache directive.<%@
OutputCache Duration="60" VaryByParam="st ate" %>
Fragment Caching: Caches the portion of the page generated by the
request. Some times it is not practical to cache the entire page, in
such cases we can cache a portion of page<%@ OutputCache Duration="120"
VaryByParam="Ca tegoryID;Select edID"%>
Data Caching: Caches the objects programmaticall y. For data caching
asp.net provides a cache object for eg: cache["States"] = dsStates;
· What do you mean by authentication and authorization?
Authentication is the process of validating a user on the credentials
(username and password) and authorization performs after
authentication. After Authentication a user will be verified for
performing the various tasks, It access is limited it is known as
authorization.
· What are different types of directives in .NET?
@Page: Defines page-specific attributes used by the ASP.NET page parser
and compiler. Can be included only in .aspx files <%@ Page
AspCompat="TRUE " language="C#" %>
@Control:Define s control-specific attributes used by the ASP.NET page
parser and compiler. Can be included only in .ascx files. <%@
Control Language="VB" EnableViewState ="false" %>
@Import: Explicitly imports a namespace into a page or user control.
The Import directive cannot have more than one namespace
attribute. To import multiple namespaces, use multiple @Import
directives. <% @ Import Namespace="Syst em.web" %>
@Implements: Indicates that the current page or user control implements
the specified .NET framework interface.<%@ Implements
Interface="Syst em.Web.UI.IPost BackEventHandle r" %>
@Register: Associates aliases with namespaces and class names for
concise notation in custom server control syntax.<%@ Register
Tagprefix="Acme " Tagname="AdRota tor" Src="AdRotator. ascx" %>
@Assembly: Links an assembly to the current page during compilation,
making all the assembly's classes and interfaces available
for use on the page. <%@ Assembly Name="MyAssembl y" %><%@ Assembly
Src="MySource.v b" %>
@OutputCache: Declaratively controls the output caching policies of an
ASP.NET page or a user control contained in a page<%@
OutputCache Duration="#ofse conds" Location="Any | Client | Downstream |
Server | None" Shared="True | False" VaryByControl=" controlname"
VaryByCustom="b rowser | customstring" VaryByHeader="h eaders"
VaryByParam="pa rametername" %>
@Reference: Declaratively indicates that another user control or page
source file should be dynamically compiled and linked
against the page in which this directive is declared.
· How do I debug an ASP.NET application that wasn't written with
Visual Studio.NET and that doesn't use code-behind?
Start the DbgClr debugger that comes with the .NET Framework SDK, open
the file containing the code you want to debug, and set your
breakpoints. Start the ASP.NET application. Go back to DbgClr, choose
Debug Processes from the Tools menu, and select aspnet_wp.exe from
the list of processes. (If aspnet_wp.exe doesn't appear in the
list,check the "Show system processes" box.) Click the Attach
button to attach to aspnet_wp.exe and begin debugging.
Be sure to enable debugging in the ASPX file before debugging it with
DbgClr. You can enable tell ASP.NET to build debug executables by
placing a
<%@ Page Debug="true" % statement at the top of an ASPX file or a
<COMPILATION debug="true" />statement in a Web.config file.
· Can a user browsing my Web site read my Web.config or Global.asax
files?
No. The <HTTPHANDLERS>s ection of Machine.config, which holds the master
configuration settings for ASP.NET, contains entries that map ASAX
files, CONFIG files, and selected other file types to an HTTP handler
named HttpForbiddenHa ndler, which fails attempts to retrieve the
associated file. You can modify it by editing Machine.config or
including an section in a local Web.config file.
· What's the difference between Page.RegisterCl ientScriptBlock and
Page.RegisterSt artupScript?
RegisterClientS criptBlock is for returning blocks of client-side script
containing functions. RegisterStartup Script is for returning blocks of
client-script not packaged in functions-in other words, code that's
to execute when the page is loaded. The latter positions script blocks
near the end of the document so elements on the page that the script
interacts are loaded before the script runs.<%@ Reference
Control="MyCont rol.ascx" %>
· Is it necessary to lock application state before accessing it?
Only if you're performing a multistep update and want the update to be
treated as an atomic operation. Here's an example:
Application.Loc k ();
Application["ItemsSold"] = (int)
Application["ItemsSold"] + 1;
Application["ItemsLeft"] = (int)
Application["ItemsLeft"] - 1;
Application.UnL ock ();
By locking application state before updating it and unlocking it
afterwards, you ensure that another request being processed on another
thread doesn't read application state at exactly the wrong time and
see an inconsistent view of it. If I update session state, should I
lock it, too? Are concurrent accesses by multiple requests executing on
multiple threads a concern with session state?
Concurrent accesses aren't an issue with session state, for two
reasons. One, it's unlikely that two requests from the same user will
overlap. Two, if they do overlap, ASP.NET locks down session state
during request processing so that two threads can't touch it at once.
Session state is locked down when the HttpApplication instance that's
processing the request fires an AcquireRequestS tate event and unlocked
when it fires a ReleaseRequestS tate event.
Do ASP.NET forms authentication cookies provide any protection against
replay attacks? Do they, for example, include the client's IP address
or anything else that would distinguish the real client from an
attacker?
No. If an authentication cookie is stolen, it can be used by an
attacker. It's up to you to prevent this from happening by using an
encrypted communications channel (HTTPS). Authentication cookies issued
as session cookies, do, however,include a time-out valid that
limits their lifetime. So a stolen session cookie can only be used in
replay attacks as long as the ticket inside the cookie is valid. The
default time-out interval is 30 minutes.You can change that by
modifying the timeout attribute accompanying the <formselement in
Machine.config or a local Web.config file. Persistent authentication
cookies do not time-out and therefore are a more serious security
threat if stolen.
· How do I send e-mail from an ASP.NET application?
MailMessage message = new MailMessage ();
message.From = <email>;
message.To = <email>;
message.Subject = "Scheduled Power Outage";
message.Body = "Our servers will be down tonight.";
SmtpMail.SmtpSe rver = "localhost" ;
SmtpMail.Send (message);
MailMessage and SmtpMail are classes defined in the .NET Framework
Class Library's System.Web.Mail namespace. Due to a security change
made to ASP.NET just before it shipped, you need to set SmtpMail's
SmtpServer property to "localhost" even though "localhost" is the
default. In addition, you must use the IIS configuration applet to
enable localhost (127.0.0.1) to relay messages through the local SMTP
service.
· What are VSDISCO files?
VSDISCO files are DISCO files that support dynamic discovery of Web
services. If you place the following VSDISCO file in a directory on
your Web server, for example, it returns references to all ASMX and
DISCO files in the host directory and any subdirectories not
noted in <excludeelement s:
<?xml version="1.0" ?>
<dynamicDiscove ry
xmlns="urn:sche mas-dynamicdiscover y:disco.2000-03-17">
<exclude path="_vti_cnf" />
<exclude path="_vti_pvt" />
<exclude path="_vti_log" />
<exclude path="_vti_scri pt" />
<exclude path="_vti_txt" />
</dynamicDiscover y>
· How does dynamic discovery work?
ASP.NET maps the file name extension VSDISCO to an HTTP handler that
scans the host directory and subdirectories for ASMX and DISCO files
and returns a dynamically generated DISCO document. A client who
requests a VSDISCO file gets back what appears to be a static DISCO
document.
Note that VSDISCO files are disabled in the release version of ASP.NET.
You can reenable them by uncommenting the line in the <httpHandlers >
section of Machine.config that maps *.vsdisco to
System.Web.Serv ices.Discovery. DiscoveryReques tHandler and granting the
ASPNET user account permission to read the IIS metabase. However,
Microsoft is actively discouraging the use of VSDISCO files because
they could represent a threat to Web server security.
· Is it possible to prevent a browser from caching an ASPX page?
Just call SetNoStore on the HttpCachePolicy object exposed through the
Response object's Cache property, as demonstrated here:
<%@ Page Language="C#" %>
<html>
<body>
<%
Response.Cache. SetNoStore ();
Response.Write (DateTime.Now.T oLongTimeString ());
%>
</body>
</html>
SetNoStore works by returning a Cache-Control: private, no-store header
in the HTTP response. In this example, it prevents caching of a Web
page that shows the current time.
· What does AspCompat="true " mean and when should I use it?
AspCompat is an aid in migrating ASP pages to ASPX pages. It defaults
to false but should be set to true in any ASPX file that creates
apartment-threaded COM objects--that is, COM objects registered
ThreadingModel= Apartment. That includes all COM objects written with
Visual Basic 6.0. AspCompat should also be set to true (regardless of
threading model) if the page creates COM objects that access
intrinsic ASP objects such as Request and Response. The following
directive sets AspCompat to true:
<%@ Page AspCompat="true " %>
Setting AspCompat to true does two things. First, it makes intrinsic
ASP objects available to the COM components by placing unmanaged
wrappers around the equivalent ASP.NET objects. Second, it improves the
performance of calls that the page places to apartment- threaded COM
objects by ensuring that the page (actually, the thread that processes
the request for the page) and the COM objects it creates share an
apartment. AspCompat="true " forces ASP.NET request threads into
single-threaded apartments (STAs). If those threads create COM objects
marked ThreadingModel= Apartment, then the objects are created in the
same STAs as the threads that created them. Without AspCompat="true ,"
request threads run in a multithreaded apartment (MTA) and each call to
an STA-based COM object incurs a performance hit when it's marshaled
across apartment boundaries.
Do not set AspCompat to true if your page uses no COM objects or if it
uses COM objects that don't access ASP intrinsic objects and that are
registered ThreadingModel= Free or ThreadingModel= Both.
· Explain the differences between Server-side and Client-side code?
Server side scripting means that all the script will be executed by
the server and interpreted as needed. ASP doesn't have some of the
functionality like sockets, uploading, etc. For these you have to make
a custom components usually in VB or VC++. Client side scripting means
that the script will be executed immediately in the browser such as
form field validation, clock, email validation, etc. Client side
scripting is usually done in VBScript or JavaScript. Download time,
browser compatibility, and visible code - since JavaScript and
VBScript code is included in the HTML page, then anyone can see the
code by viewing the page source. Also a possible security hazards for
the client computer.
· What type of code (server or client) is found in a Code-Behind
class?
C#
· Should validation (did the user enter a real date) occur
server-side or client-side? Why?
Client-side validation because there is no need to request a server
side date when you could obtain a date from the client machine.
· What are ASP.NET Web Forms? How is this technology different than
what is available though ASP?
Web Forms are the heart and soul of ASP.NET. Web Forms are the User
Interface (UI) elements that give your Web applications their look and
feel. Web Forms are similar to Windows Forms in that they provide
properties, methods, and events for the controls that are placed onto
them. However, these UI elements render themselves in the appropriate
markup language required by the request, e.g. HTML. If you use
Microsoft Visual Studio .NET, you will also get the familiar
drag-and-drop interface used to create your UI for your Web
application.
· What is the difference between Server.Transfer and
Response.Redire ct? Why would I choose one over the other?
In earlier versions of IIS, if we wanted to send a user to a new Web
page, the only option we had was Response.Redire ct. While this method
does accomplish our goal, it has several important drawbacks. The
biggest problem is that this method causes each page to be treated as a
separate transaction. Besides making it difficult to maintain your
transactional integrity, Response.Redire ct introduces some additional
headaches. First, it prevents good encapsulation of code. Second, you
lose access to all of the properties in the Request object. Sure,
there are workarounds, but they're difficult. Finally,
Response.Redire ct necessitates a round trip to the client, which, on
high-volume sites, causes scalability problems.
As you might suspect, Server.Transfer fixes all of these problems. It
does this by performing the transfer on the server without requiring a
roundtrip to the client.
· How can you provide an alternating color scheme in a Repeater
control?
AlternatingItem Template Like the ItemTemplate element, but rendered for
every other row (alternating items) in the Repeater control. You can
specify a different appearance for the AlternatingItem Template element
by setting its style properties.
· Which template must you provide, in order to display data in a
Repeater control?
ItemTemplate
· What event handlers can I include in Global.asax?
Application_Sta rt,Application_ End, Application_Acq uireRequestStat e,
Application_Aut henticateReques t, Application_Aut horizeRequest,
Application_Beg inRequest, Application_Dis posed,
Application_End Request, Application_Err or,
Application_Pos tRequestHandler Execute,
Application_Pre RequestHandlerE xecute,
Application_Pre SendRequestCont ent, Application_Pre SendRequestHead ers,
Application_Rel easeRequestStat e, Application_Res olveRequestCach e,
Application_Upd ateRequestCache , Session_Start,S ession_End
You can optionally include "On" in any of method names. For example,
you can name a BeginRequest event handler.Applica tion_BeginReque st or
Application_OnB eginRequest.You can also include event handlers in
Global.asax for events fired by custom HTTP modules.Note that not all
of the event handlers make sense for Web Services (they're designed for
ASP.NET applications in general, whereas .NET XML Web Services are
specialized instances of an ASP.NET app). For example, the
Application_Aut henticateReques t and Application_Aut horizeRequest events
are designed to be used with ASP.NET Forms authentication.
· What is different b/w webconfig.xml & Machineconfig.x ml
Web.config & machine.config both are configuration files.Web.confi g
contains settings specific to an application where as machine.config
contains settings to a computer. The Configuration system first
searches settings in machine.config file & then looks in application
configuration files.Web.confi g, can appear in multiple directories on
an ASP.NET Web application server. Each Web.config file applies
configuration settings to its own directory and all child directories
below it. There is only Machine.config file on a web server.
If I'm developing an application that must accomodate multiple security
levels though secure login and my ASP.NET web appplication is spanned
across three web-servers (using round-robbin load balancing) what would
be the best approach to maintain login-in state for the users?
Use the state server or store the state in the database. This can be
easily done through simple setting change in the web.config.
<SESSIONSTATE
StateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1; user id=sa; password="
cookieless="fal se"
timeout="30"
/>
You can specify mode as "stateserve r" or "sqlserver" .
Where would you use an iHTTPModule, and what are the limitations of any
approach you might take in implementing one
"One of ASP.NET's most useful features is the extensibility of the HTTP
pipeline, the path that data takes between client and server. You can
use them to extend your ASP.NET applications by adding pre- and
post-processing to each HTTP request coming into your application. For
example, if you wanted custom authentication facilities for your
application, the best technique would be to intercept the request when
it comes in and process the request in a custom HTTP module.
· How do you turn off cookies for one page in your site?
Since no Page Level directive is present, I am afraid that cant be
done.
· How do you create a permanent cookie?
Permanent cookies are available until a specified expiration date, and
are stored on the hard disk.So Set the 'Expires' property any value
greater than DataTime.MinVal ue with respect to the current datetime. If
u want the cookie which never expires set its Expires property equal to
DateTime.maxVal ue.
· Which method do you use to redirect the user to another page
without performing a round trip to the client?
Server.Transfer and Server.Execute
· What property do you have to set to tell the grid which page to go
to when using the Pager object?
CurrentPageInde x
· Should validation (did the user enter a real date) occur
server-side or client-side? Why?
It should occur both at client-side and Server side.By using expression
validator control with the specified expression ie.. the regular
expression provides the facility of only validatating the date
specified is in the correct format or not. But for checking the date
where it is the real data or not should be done at the server side, by
getting the system date ranges and checking the date whether it is in
between that range or not.
· What does the "EnableViewStat e" property do? Why would I want it on
or off?
Enable ViewState turns on the automatic state management feature that
enables server controls to re-populate their values on a round trip
without requiring you to write any code. This feature is not free
however, since the state of a control is passed to and from the server
in a hidden form field. You should be aware of when ViewState is
helping you and when it is not. For example, if you are binding a
control to data on every round trip, then you do not need the control
to maintain it's view state, since you will wipe out any re-populated
data in any case. ViewState is enabled for all server controls by
default. To disable it, set the EnableViewState property of the control
to false.
· What is the difference between Server.Transfer and
Response.Redire ct? Why would I choose one over the other?
Server.Transfer () : client is shown as it is on the requesting page
only, but the all the content is of the requested page. Data can be
persist accros the pages using Context.Item collection, which is one of
the best way to transfer data from one page to another keeping the page
state alive.
Response.Dedire ct() :client know the physical location (page name and
query string as well). Context.Items loses the persisitance when
nevigate to destination page. In earlier versions of IIS, if we wanted
to send a user to a new Web page, the only option we had was
Response.Redire ct. While this method does accomplish our goal, it has
several important drawbacks. The biggest problem is that this method
causes each page to be treated as a separate transaction. Besides
making it difficult to maintain your transactional integrity,
Response.Redire ct introduces some additional headaches. First, it
prevents good encapsulation of code. Second, you lose access to all of
the properties in the Request object. Sure, there are workarounds, but
they're difficult. Finally, Response.Redire ct necessitates a round trip
to the client, which, on high-volume sites, causes scalability
problems. As you might suspect, Server.Transfer fixes all of these
problems. It does this by performing the transfer on the server without
requiring a roundtrip to the client.
· Can you give an example of when it would be appropriate to use a
web service as opposed to a non-serviced .NET component?
Communicating through a Firewall When building a distributed
application with 100s/1000s of users spread over multiple locations,
there is always the problem of communicating between client and server
because of firewalls and proxy servers. Exposing your middle tier
components as Web Services and invoking the directly from a Windows UI
is a very valid option.
Application Integration When integrating applications written in
various languages and running on disparate systems. Or even
applications running on the same platform that have been written by
separate vendors.
Business-to-Business Integration This is an enabler for B2B
intergtation which allows one to expose vital business processes to
authorized supplier and customers. An example would be exposing
electronic ordering and invoicing, allowing customers to send you
purchase orders and suppliers to send you invoices electronically.
Software Reuse This takes place at multiple levels. Code Reuse at the
Source code level or binary componet-based resuse. The limiting factor
here is that you can reuse the code but not the data behind it.
Webservice overcome this limitation. A scenario could be when you are
building an app that aggregates the functionality of serveral other
Applicatons. Each of these functions could be performed by individual
apps, but there is value in perhaps combining the the multiple apps to
present a unifiend view in a Portal or Intranet.
When not to use Web Services: Single machine Applicatons When the apps
are running on the same machine and need to communicate with each other
use a native API. You also have the options of using component
technologies such as COM or .NET Componets as there is very little
overhead.
Homogeneous Applications on a LAN If you have Win32 or Winforms apps
that want to communicate to their server counterpart. It is much more
efficient to use DCOM in the case of Win32 apps and .NET Remoting in
the case of .NET Apps
· Can you give an example of what might be best suited to place in
the Application_Sta rt and Session_Start subroutines?
The Application_Sta rt event is guaranteed to occur only once throughout
the lifetime of the application. It's a good place to initialize global
variables. For example, you might want to retrieve a list of products
from a database table and place the list in application state or the
Cache object. SessionStateMod ule exposes both Session_Start and
Session_End events.
· What are the advantages and disadvantages of viewstate?
The primary advantages of the ViewState feature in ASP.NET are:
1. Simplicity. There is no need to write possibly complex code to store
form data between page submissions.
2. Flexibility. It is possible to enable, configure, and disable
ViewState on a control-by-control basis, choosing to persist the values
of some fields but not others.
There are, however a few disadvantages that are worth pointing out:
1. Does not track across pages. ViewState information does not
automatically transfer from page to page. With the session
approach, values can be stored in the session and accessed from other
pages. This is not possible with ViewState, so storing
data into the session must be done explicitly.
2. ViewState is not suitable for transferring data for back-end
systems. That is, data still has to be transferred to the back
end using some form of data object.
· Describe session handling in a webfarm, how does it work and what
are the limits?
ASP.NET Session supports storing of session data in 3 ways, i] in
In-Process ( in the same memory that ASP.NET uses) , ii] out-of-process
using Windows NT Service )in separate memory from ASP.NET ) or iii] in
SQL Server (persistent storage). Both the Windows Service and SQL
Server solution support a webfarm scenario where all the web-servers
can be configured to share common session state store.
1. Windows Service :
We can start this service by Start | Control Panel | Administrative
Tools | Services | . In that we service names ASP.NET State Service.
We can start or stop service by manually or configure to start
automatically. Then we have to configure our web.config file
<CONFIGURATION> <configuratio n>
<system.web>
<SessionState
mode = "StateServe r"
stateConnection String = "tcpip=127.0.0. 1:42424"
stateNetworkTim eout = "10"
sqlConnectionSt ring="data source = 127.0.0.1; uid=sa;pwd="
cookieless ="Flase"
timeout= "20" />
</system.web>
</configuration</SYSTEM.WEB>
</CONFIGURATION>
Here ASP.Net Session is directed to use Windows Service for state
management on local server (address : 127.0.0.1 is TCP/IP loop-back
address). The default port is 42424. we can configure to any port but
for that we have to manually edit the registry.
Follow these simple steps
- In a webfarm make sure you have the same config file in all your web
servers.
- Also make sure your objects are serializable.
- For session state to be maintained across different web servers in
the webfarm, the application path of the web-site in the IIS Metabase
should be identical in all the web-servers in the webfarm.
· Which template must you provide, in order to display data in a
Repeater control?
You have to use the ItemTemplate to Display data. Syntax is as follows,
< ItemTemplate >
< div class ="rItem" >
< img src="images/<%# Container.DataI tem("ImageURL") %>"
hspace="10" />
< b <% # Container.DataI tem("Title")%>
< /div >
< ItemTemplate >
· How can you provide an alternating color scheme in a Repeater
control?
Using the AlternatintItem Template
· What property must you set, and what method must you call in your
code, in order to bind the data from some data source to the Repeater
control?
Set the DataMember property to the name of the table to bind to. (If
this property is not set, by default the first table in the dataset is
used.)
DataBind method, use this method to bind data from a source to a server
control. This method is commonly used after retrieving a data set
through a database query.
· What method do you use to explicitly kill a user s session?
You can dump (Kill) the session yourself by calling the method
Session.Abandon .
ASP.NET automatically deletes a user's Session object, dumping its
contents, after it has been idle for a configurable timeout interval.
This interval, in minutes, is set in the <SESSIONSTATE>s ection of the
web.config file. The default is 20 minutes.
· How do you turn off cookies for one page in your site?
Use Cookie.Discard property, Gets or sets the discard flag set by the
server. When true, this property instructs the client application not
to save the Cookie on the user's hard disk when a session ends.
· Which two properties are on every validation control?
We have two common properties for every validation controls
1. Control to Validate,
2. Error Message.
· What tags do you need to add within the asp:datagrid tags to bind
columns manually?
< asp:DataGrid id="dgCart" AutoGenerateCol umns="False" CellPadding="4"
Width="448px" runat="server" >
< Columns >
< asp:ButtonColum n HeaderText="SEL ECT" Text="SELECT"
CommandName="se lect" >< /asp:ButtonColum n >
< asp:BoundColumn DataField="Prod uctId" HeaderText="Pro duct ID" ><
/asp:BoundColumn >
< asp:BoundColumn DataField="Prod uctName" HeaderText="Pro duct Name" ><
/asp:BoundColumn >
< asp:BoundColumn DataField="Unit Price" HeaderText="Uni tPrice" ><
/asp:BoundColumn >
< /Columns >
< /asp:DataGrid >
· How do you create a permanent cookie?
Permanent cookies are the ones that are most useful. Permanent cookies
are available until a specified expiration date, and are stored on the
hard disk. The location of cookies differs with each browser, but this
doesn't matter, as this is all handled by your browser and the
server. If you want to create a permanent cookie called Name with a
value of Nigel, which expires in one month, you'd use the following
code
Response.Cookie s ("Name") = "Nigel"
Response.Cookie s ("Name"). Expires = DateAdd ("m", 1, Now ())
· What tag do you use to add a hyperlink column to the DataGrid?
< asp:HyperLinkCo lumn </ asp:HyperLinkCo lumn>
· Which method do you use to redirect the user to another page
without performing a round trip to the client?
Server.transfer
· What is the transport protocol you use to call a Web service SOAP ?
HTTP Protocol
· Explain role based security ?
Role Based Security lets you identify groups of users to allow or deny
based on their role in the organization.In Windows NT and Windows XP,
roles map to names used to identify user groups. Windows defines
several built-in groups, including Administrators, Users, and Guests.To
allow or deny access to certain groups of users, add the <ROLES>elemen t
to the authorization list in your Web application's Web.config
file.e.g.
<AUTHORIZATION> < authorization >
< allow roles="Domain Name\Administra tors" / < !-- Allow
Administrators in domain. -- >
< deny users="*" / < !-- Deny anyone
else. -- >
< /authorization >
· How do you register JavaScript for webcontrols ?
You can register javascript for controls using <CONTROL
-name>Attribtues .Add(scriptname ,scripttext) method.
· When do you set "<IDENTITY impersonate="tr ue" />" ?
Identity is a webconfig declaration under System.web, which helps to
control the application Identity of the web applicaton. Which can be at
any level(Machine,S ite,application ,subdirectory,o r page), attribute
impersonate with "true" as value specifies that client impersonation is
used.
· What are different templates available in Repeater,DataLi st and
Datagrid ?
Templates enable one to apply complicated formatting to each of the
items displayed by a control.Repeate r control supports five types of
templates.Heade rTemplate controls how the header of the repeater
control is formatted.ItemT emplate controls the formatting of each item
displayed.Alter natingItemTempl ate controls how alternate items are
formatted and the SeparatorTempla te displays a separator between each
item displyed.Footer Template is used for controlling how the footer of
the repeater control is formatted.The DataList and Datagrid supports
two templates in addition to the above five.SelectedIt em Template
controls how a selected item is formatted and EditItemTemplat e
controls how an item selected for editing is formatted.
· What is ViewState ? and how it is managed ?
ASP.NET ViewState is a new kind of state service that developers can
use to track UI state on a per-user basis. Internally it uses an an
old Web programming trick-roundtripping state in a hidden form field
and bakes it right into the page-processing framework.It needs less
code to write and maintain state in your Web-based forms.
· What is web.config file ?
Web.config file is the configuration file for the Asp.net web
application. There is one web.config file for one asp.net application
which configures
the particular application. Web.config file is written in XML with
specific tags having specific meanings.It includes databa which
includes
connections,Ses sion States,Error Handling,Securi ty etc.
For example :
< configuration >
< appSettings >
< add key="Connection String"
value="server=l ocalhost;uid=sa ;pwd=;database= MyDB" / >
< /appSettings >
< /configuration >
· What is advantage of viewstate and what are benefits?
When a form is submitted in classic ASP, all form values are cleared.
Suppose you have submitted a form with a lot of information and the
server comes back with an error. You will have to go back to the form
and correct the information. You click the back button, and what
happens.......A LL form values are CLEARED, and you will have to start
all over again! The site did not maintain your ViewState.With ASP
..NET, the form reappears in the browser window together with all form
values.This is because ASP .NET maintains your ViewState. The ViewState
indicates the status of the page when submitted to the server.
· What tags do you need to add within the asp:datagrid tags to bind
columns manually?
Set AutoGenerateCol umns Property to false on the datagrid tag and then
use Column tag and an ASP:databound tag
< asp:DataGrid runat="server" id="ManualColum nBinding"
AutoGenerateCol umns="False" >
< Columns >
< asp:BoundColumn HeaderText="Col umn1" DataField="Colu mn1"/ >
< asp:BoundColumn HeaderText="Col umn2" DataField="Colu mn2"/ >
< /Columns >
< /asp:DataGrid >
<asp:DataGrid id=ManualColumn Binding runat="server"
AutoGenerateCol umns="False">
<COLUMNS <asp:BoundColum n HeaderText="Col umn2"
DataField="Colu mn2"></asp:BoundColumn >
</asp:DataGrid>
· Which property on a Combo Box do you set with a column name, prior
to setting the DataSource, to display data in the combo box?
DataTextField and DataValueField
· Which control would you use if you needed to make sure the values
in two different controls matched?
CompareValidato r is used to ensure that two fields are identical.
· What is validationsumma ry server control?where it is used?.
The ValidationSumma ry control allows you to summarize the error
messages from all validation controls on a Web page in a single
location. The summary can be displayed as a list, a bulleted list, or a
single paragraph, based on the value of the DisplayMode property. The
error message displayed in the ValidationSumma ry control for each
validation control on the page is specified by the ErrorMessage
property of each validation control. If the ErrorMessage property of
the validation control is not set, no error message is displayed in the
ValidationSumma ry control for that validation control. You can also
specify a custom title in the heading section of the ValidationSumma ry
control by setting the HeaderText property.
You can control whether the ValidationSumma ry control is displayed or
hidden by setting the ShowSummary property. The summary can also be
displayed in a message box by setting the ShowMessageBox property to
true.
· What is the sequence of operation takes place when a page is
loaded?
BeginTranaction - only if the request is transacted
Init - every time a page is processed
LoadViewState - Only on postback
ProcessPostData 1 - Only on postback
Load - every time
ProcessData2 - Only on Postback
RaiseChangedEve nt - Only on Postback
RaisePostBackEv ent - Only on Postback
PreRender - everytime
BuildTraceTree - only if tracing is enabled
SaveViewState - every time
Render - Everytime
End Transaction - only if the request is transacted
Trace.EndReques t - only when tracing is enabled
UnloadRecursive - Every request
· Difference between asp and asp.net?.
"ASP (Active Server Pages) and ASP.NET are both server side
technologies for building web sites and web applications, ASP.NET is
Managed compiled code - asp is interpreted. and ASP.net is fully Object
oriented. ASP.NET has been entirely re-architected to provide a highly
productive programming experience based on the .NET Framework, and a
robust infrastructure for building reliable and scalable web
applications."
· Name the validation control available in asp.net?.
RequiredField, RangeValidator, RegularExpressi on,Custom
validator,compa re Validator
· What are the various ways of securing a web site that could prevent
from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,
· What is the difference between in-proc and out-of-proc?
An inproc is one which runs in the same process area as that of the
client giving tha advantage of speed but the disadvantage of stability
becoz if it crashes it takes the client application also with
it.Outproc is one which works outside the clients memory thus giving
stability to the client, but we have to compromise a bit on speed.
· When you're running a component within ASP.NET, what process is
it running within on Windows XP? Windows 2000? Windows 2003?
On Windows 2003 (IIS 6.0) running in native mode, the component is
running within the w3wp.exe process associated with the application
pool which has been configured for the web application containing the
component.
On Windows 2003 in IIS 5.0 emulation mode, 2000, or XP, it's running
within the IIS helper process whose name I do not remember, it being
quite a while since I last used IIS 5.0.
· What does aspnet_regiis -i do ?
Aspnet_regiis.e xe is The ASP.NET IIS Registration tool allows an
administrator or installation program to easily update the script maps
for an ASP.NET application to point to the ASP.NET ISAPI version
associated with the tool. The tool can also be used to display the
status of all installed versions of ASP. NET, register the ASP.NET
version coupled with the tool, create client-script directories, and
perform other configuration operations.
When multiple versions of the .NET Framework are executing side-by-side
on a single computer, the ASP.NET ISAPI version mapped to an ASP.NET
application determines which version of the common language runtime is
used for the application.
The tool can be launched with a set of optional parameters. Option "i"
Installs the version of ASP.NET associated with Aspnet_regiis.e xe and
updates the script maps at the IIS metabase root and below. Note that
only applications that are currently mapped to an earlier version of
ASP.NET are affected
· What is a PostBack?
The process in which a Web page sends data back to the same page on the
server.
· What is ViewState? How is it encoded? Is it encrypted? Who uses
ViewState?
ViewState is the mechanism ASP.NET uses to keep track of server control
state values that don't otherwise post back as part of the HTTP form.
ViewState Maintains the UI State of a Page
ViewState is base64-encoded.
It is not encrypted but it can be encrypted by setting
EnableViewStatM AC="true" & setting the machineKey validation type to
3DES. If you want to NOT maintain the ViewState, include the directive
< %@ Page EnableViewState ="false" % at the top of an .aspx page or
add the attribute EnableViewState ="false" to any control.
· What is the < machinekey element and what two ASP.NET
technologies is it used for?
Configures keys to use for encryption and decryption of forms
authentication cookie data and view state data, and for verification of
out-of-process session state identification. There fore 2 ASP.Net
technique in which it is used are Encryption/Decryption & Verification
· What three Session State providers are available in ASP.NET 1.1?
What are the pros and cons of each?
ASP.NET provides three distinct ways to store session data for your
application: in-process session state, out-of-process session state as
a Windows service, and out-of-process session state in a SQL Server
database. Each has it advantages.
1.In-process session-state mode
Limitations:
* When using the in-process session-state mode, session-state data is
lost if aspnet_wp.exe or the application domain restarts.
* If you enable Web garden mode in the < processModel element of the
application's Web.config file, do not use in-process session-state
mode. Otherwise, random data loss can occur.
Advantage:
* in-process session state is by far the fastest solution. If you are
storing only small amounts of volatile data in session state, it is
recommended that you use the in-process provider.
2. The State Server simply stores session state in memory when in
out-of-proc mode. In this mode the worker process talks directly to the
State Server
3. SQL mode, session states are stored in a SQL Server database and the
worker process talks directly to SQL. The ASP.NET worker processes are
then able to take advantage of this simple storage service by
serializing and saving (using .NET serialization services) all objects
within a client's Session collection at the end of each Web request
Both these out-of-process solutions are useful primarily if you scale
your application across multiple processors or multiple computers, or
where data cannot be lost if a server or process is restarted.
· What is the difference between HTTP-Post and HTTP-Get?
As their names imply, both HTTP GET and HTTP POST use HTTP as their
underlying protocol. Both of these methods encode request parameters as
name/value pairs in the HTTP request.
The GET method creates a query string and appends it to the script's
URL on the server that handles the request.
The POST method creates a name/value pairs that are passed in the body
of the HTTP request message.
· Name and describe some HTTP Status Codes and what they express to
the requesting client.
When users try to access content on a server that is running Internet
Information Services (IIS) through HTTP or File Transfer Protocol
(FTP), IIS returns a numeric code that indicates the status of the
request. This status code is recorded in the IIS log, and it may also
be displayed in the Web browser or FTP client. The status code can
indicate whether a particular request is successful or unsuccessful and
can also reveal the exact reason why a request is unsuccessful. There
are 5 groups ranging from 1xx - 5xx of http status codes exists.
101 - Switching protocols.
200 - OK. The client request has succeeded
302 - Object moved.
400 - Bad request.
500.13 - Web server is too busy.
· Explain < @OutputCache% and the usage of VaryByParam,
VaryByHeader.
OutputCache is used to control the caching policies of an ASP.NET page
or user control. To cache a page @OutputCache directive should be
defined as follows < %@ OutputCache Duration="100" VaryByParam="no ne" %
>VaryByParam: A semicolon-separated list of strings used to vary the
output cache. By default, these strings correspond to a query string
value sent with GET method attributes, or a parameter sent using the
POST method. When this attribute is set to multiple parameters, the
output cache contains a different version of the requested document for
each specified parameter. Possible values include none, *, and any
valid query string or POST parameter name.
VaryByHeader: A semicolon-separated list of HTTP headers used to vary
the output cache. When this attribute is set to multiple headers, the
output cache contains a different version of the requested document for
each specified header.
· What is the difference between repeater over datalist and datagrid?
The Repeater class is not derived from the WebControl class, like the
DataGrid and DataList. Therefore, the Repeater lacks the stylistic
properties common to both the DataGrid and DataList. What this boils
down to is that if you want to format the data displayed in the
Repeater, you must do so in the HTML markup.
The Repeater control provides the maximum amount of flexibility over
the HTML produced. Whereas the DataGrid wraps the DataSource contents
in an HTML < table >, and the DataList wraps the contents in either an
HTML < table or < span tags (depending on the DataList's
RepeatLayout property), the Repeater adds absolutely no HTML content
other than what you explicitly specify in the templates.
While using Repeater control, If we wanted to display the employee
names in a bold font we'd have to alter the "ItemTempla te" to include
an HTML bold tag, Whereas with the DataGrid or DataList, we could have
made the text appear in a bold font by setting the control's
ItemStyle-Font-Bold property to True.
The Repeater's lack of stylistic properties can drastically add to the
development time metric. For example, imagine that you decide to use
the Repeater to display data that needs to be bold, centered, and
displayed in a particular font-face with a particular background color.
While all this can be specified using a few HTML tags, these tags will
quickly clutter the Repeater's templates. Such clutter makes it much
harder to change the look at a later date. Along with its increased
development time, the Repeater also lacks any built-in functionality to
assist in supporting paging, editing, or editing of data. Due to this
lack of feature-support, the Repeater scores poorly on the usability
scale.
However, The Repeater's performance is slightly better than that of the
DataList's, and is more noticeably better than that of the DataGrid's.
Following figure shows the number of requests per second the Repeater
could handle versus the DataGrid and DataList
· Can we handle the error and redirect to some pages using
web.config?
Yes, we can do this, but to handle errors, we must know the error
codes; only then we can take the user to a proper error message page,
else it may confuse the user.
CustomErrors Configuration section in web.config file:
The default configuration is:
< customErrors mode="RemoteOnl y" defaultRedirect ="Customerror.a spx" >
< error statusCode="404 " redirect="Notfo und.aspx" / >
< /customErrors >
If mode is set to Off, custom error messages will be disabled. Users
will receive detailed exception error messages.
If mode is set to On, custom error messages will be enabled.
If mode is set to RemoteOnly, then users will receive custom errors,
but users accessing the site locally will receive detailed error
messages.
Add an < error tag for each error you want to handle. The error tag
will redirect the user to the Notfound.aspx page when the site returns
the 404 (Page not found) error.
[Example]
There is a page MainForm.aspx
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArg s) Handles MyBase.Load
'Put user code to initialize the page here
Dim str As System.Text.Str ingBuilder
str.Append("hi" ) ' Error Line as str is not instantiated
Response.Write( str.ToString)
End Sub
[Web.Config]
< customErrors mode="On" defaultRedirect ="Error.aspx "/ >
' a simple redirect will take the user to Error.aspx [user defined]
error file.
< customErrors mode="RemoteOnl y" defaultRedirect ="Customerror.a spx" >
< error statusCode="404 " redirect="Notfo und.aspx" / >
< /customErrors >
'This will take the user to NotFound.aspx defined in IIS.
· How do you implement Paging in .Net?
The DataGrid provides the means to display a group of records from the
data source (for example, the first 10), and then navigate to the
"page" containing the next 10 records, and so on through the data.
Using Ado.Net we can explicit control over the number of records
returned from the data source, as well as how much data is to be cached
locally in the DataSet.
1.Using DataAdapter.fil l method give the value of 'Maxrecords'
parameter
(Note: - Don't use it because query will return all records but fill
the dataset based on value of 'maxrecords' parameter).
2.For SQL server database, combines a WHERE clause and a ORDER BY
clause with TOP predicate.
3.If Data does not change often just cache records locally in DataSet
and just take some records from the DataSet to display.
· What is the difference between Server.Transfer and
Response.Redire ct?
Server.Transfer () : client is shown as it is on the requesting page
only, but the all the content is of the requested page. Data can be
persist across the pages using Context.Item collection, which is one of
the best way to transfer data from one page to another keeping the page
state alive.
Response.Dedire ct() :client knows the physical location (page name and
query string as well). Context.Items loses the persistence when
navigate to destination page. In earlier versions of IIS, if we wanted
to send a user to a new Web page, the only option we had was
Response.Redire ct. While this method does accomplish our goal, it has
several important drawbacks. The biggest problem is that this method
causes each page to be treated as a separate transaction. Besides
making it difficult to maintain your transactional integrity,
Response.Redire ct introduces some additional headaches. First, it
prevents good encapsulation of code. Second, you lose access to all of
the properties in the Request object. Sure, there are workarounds, but
they're difficult. Finally, Response.Redire ct necessitates a round trip
to the client, which, on high-volume sites, causes scalability
problems. As you might suspect, Server.Transfer fixes all of these
problems. It does this by performing the transfer on the server without
requiring a roundtrip to the client.
Response.Redire ct sends a response to the client browser instructing it
to request the second page. This requires a round-trip to the client,
and the client initiates the Request for the second page.
Server.Transfer transfers the process to the second page without making
a round-trip to the client. It also transfers the HttpContext to the
second page, enabling the second page access to all the values in the
HttpContext of the first page.
· Can you create an app domain?
Yes, We can create user app domain by calling on of the following
overload static methods of the System.AppDomai n class
1. Public static AppDomain CreateDomain(St ring friendlyName)
2. Public static AppDomain CreateDomain(St ring friendlyName, Evidence
securityInfo)
3. Public static AppDomain CreateDomain(St ring friendlyName, Evidence
securityInfo, AppDomainSetup info)
4. Public static AppDomain CreateDomain(St ring friendlyName, Evidence
securityInfo, String appBasePath, String appRelativeSear chPath, bool
shadowCopyFiles )
· What are the various security methods which IIS Provides apart from
..NET ?
The various security methods which IIS provides are
a) Authentication Modes
b) IP Address and Domain Name Restriction
c) DNS Lookups DNS Lookups
d) The Network ID and Subnet Mask
e) SSL
· What is Web Gardening? How would using it affect a design?
The Web Garden Model
The Web garden model is configurable through the section of the
machine.config file. Notice that the section is the only configuration
section that cannot be placed in an application-specific web.config
file. This means that the Web garden mode applies to all applications
running on the machine. However, by using the node in the
machine.config source, you can adapt machine-wide settings on a
per-application basis.
Two attributes in the section affect the Web garden model. They are
webGarden and cpuMask. The webGarden attribute takes a Boolean value
that indicates whether or not multiple worker processes (one per each
affinitized CPU) have to be used. The attribute is set to false by
default. The cpuMask attribute stores a DWORD value whose binary
representation provides a bit mask for the CPUs that are eligible to
run the ASP.NET worker process. The default value is -1 (0xFFFFFF),
which means that all available CPUs can be used. The contents of the
cpuMask attribute is ignored when the webGarden attribute is false. The
cpuMask attribute also sets an upper bound to the number of copies of
aspnet_wp.exe that are running.
Web gardening enables multiple worker processes to run at the same
time. However, you should note that all processes will have their own
copy of application state, in-process session state, ASP.NET cache,
static data, and all that is needed to run applications. When the Web
garden mode is enabled, the ASP.NET ISAPI launches as many worker
processes as there are CPUs, each a full clone of the next (and each
affinitized with the corresponding CPU). To balance the workload,
incoming requests are partitioned among running processes in a
round-robin manner. Worker processes get recycled as in the single
processor case. Note that ASP.NET inherits any CPU usage restriction
from the operating system and doesn't include any custom semantics for
doing this.
All in all, the Web garden model is not necessarily a big win for all
applications. The more stateful applications are, the more they risk to
pay in terms of real performance. Working data is stored in blocks of
shared memory so that any changes entered by a process are immediately
visible to others. However, for the time it takes to service a request,
working data is copied in the context of the process. Each worker
process, therefore, will handle its own copy of working data, and the
more stateful the application, the higher the cost in performance. In
this context, careful and savvy application benchmarking is an absolute
must.
Changes made to the section of the configuration file are effective
only after IIS is restarted. In IIS 6, Web gardening parameters are
stored in the IIS metabase; the webGarden and cpuMask attributes are
ignored.
· What is view state?.where it stored?.can we disable it?
The web is state-less protocol, so the page gets instantiated,
executed, rendered and then disposed on every round trip to the server.
The developers code to add "statefulne ss" to the page by using
Server-side storage for the state or posting the page to itself. When
require to persist and read the data in control on webform, developer
had to read the values and store them in hidden variable (in the form),
which were then used to restore the values. With advent of .NET
framework, ASP.NET came up with ViewState mechanism, which tracks the
data values of server controls on ASP.NET webform. In effect,ViewStat e
can be viewed as "hidden variable managed by ASP.NET framework!". When
ASP.NET page is executed, data values from all server controls on page
are collected and encoded as single string, which then assigned to
page's hidden atrribute "< input type=hidden >", that is part of page
sent to the client.
ViewState value is temporarily saved in the client's browser.ViewSta te
can be disabled for a single control, for an entire page orfor an
entire web application. The syntax is:
Disable ViewState for control (Datagrid in this example)
< asp:datagrid EnableViewState ="false" ... / >
Disable ViewState for a page, using Page directive
< %@ Page EnableViewState ="False" ... % >
Disable ViewState for application through entry in web.config
< Pages EnableViewState ="false" ... / >
www.shamirza.cjb.net
