Oct 13, 2010

ASP.NET Interview Questions on caching application data




2.1 What is ASP.NET?

What exactly happens when ASPX page is requested from Browser?


Following are the steps which occur when we request a ASPX page :-

  • The browser sends the request to the webserver.let's assume that the webserver
    at the other end is IIS.
  • Once IIS receives the request he looks on which engine can serve this request.
    When I mean engine means the DLL who can parse this page or compile and
    send a response back to browser. Which request to map to is decided by file
    extension of the page requested.
Depending on file extension following are some mapping
  • aspx, for ASP.NET Web pages,
  • asmx, for ASP.NET Web services,
  • .config, for ASP.NET configuration files,
  • .ashx, for custom ASP.NET HTTP handlers, 
  • .rem, for remoting resources
  • Etc
You can also configure the extension mapping to which engine it can route by using the IIS engine.

Example a ASP page will be sent to old classic ASP.DLL to compile. While .ASPX pages will be routed to ASP.NET engine for compilation.

  • As this book mainly will target ASP.NET we will look in to how ASP.NET pages that is ASPX pages generation sequence occurs. Once IIS passes the request to ASP.NET engine page has to go through two section HTTP module section and HTTP handler section. Both these section have there own work to be done in order that the page is properly compiled and sent to the IIS. HTTP modules inspect the incoming request and depending on that they can change the internal workflow of the request. HTTP handler actually compiles the page and generates output. If you see your machine.config file you will see following section of HTTP modules
<httpModules>
    <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />
    <add name="Session" type="System.Web.SessionState.SessionStateModule" />
    <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />
    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
    <add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule" />
    <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
    <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" />
    <add name="ErrorHandlerModule" type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile, Version=1.0.5000.0, Culture=neutral,    
    PublicKeyToken=b03f5f7f11d50a3a" / >
</httpModules>
The above mapping shows which functionality is handled by which Namespace.
Example FormsAthuentication is handled by "System.Web.Security.FormsAuthenticationModule". If you look at the web.config section HTTP module is where authentication and authorization happens. Ok now the HTTP handler is where the actual compilation takes place and the output is generated.Following is a paste from HTTP handler section of WEB.CONFIG file.
<httpHandlers>
    <add verb="*" path="*.vjsproj" type="System.Web.HttpForbiddenHandler" />
    <add verb="*" path="*.java" type="System.Web.HttpForbiddenHandler" />
    <add verb="*" path="*.jsl" type="System.Web.HttpForbiddenHandler" />
    <add verb="*" path="trace.axd" type="System.Web.Handlers.TraceHandler" />
    <add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory" />
    <add verb="*" path="*.ashx" type="System.Web.UI.SimpleHandlerFactory" />
    ...
</httpHandlers>

  • Depending on the File extension handler decides which Namespace will
    generate the output. Example all .ASPX extension files will be compiled by
    System.Web.UI.PageHandlerFactory
  • Once the file is compiled it send back again to the HTTP modules and from
    there to IIS and then to the browser.

How do we enable tracing ?


<%@ Page Trace="true" %>

What is Tracing in ASP.NET ?


Tracing allows us to view in detail how the code was executed.

You find that one of your validation is very complicated and does not fit in any of the validators , so what will you do ?


Best is to go for CustomValidators..Below is a sample code for a custom validator which
checks that a textbox should not have zero value

<asp:CustomValidator id="CustomValidator1" runat="server" ErrorMessage="Number not divisible by Zero" ControlToValidate="txtNumber" OnServerValidate="ServerValidate" ClientValidationFunction="CheckZero" />

Input:
<asp:TextBox id="txtNumber" runat="server" />

<script language="javascript">
<!--
function CheckZero(source, args) {
    int val = parseInt(args.Value, 10);
    if (value==0) {
        args.IsValid = false;
        }
else
    {
        args.IsValid = true;
    }
} // -->
</script>

ASP.NET Questions


(I)How can we force all the validation control to run ?
Page.Validate
How can we check if all the validation control are valid and proper ?
Using the Page.IsValid() property you can check whether all the validation are done.
If you have client side validation is enabled in your Web page , Does that mean server side code is not run?
When client side validation is enabled server emit's JavaScript code for the custom validators. But note that does not mean that server side checks on custom validators do not execute. It does this two time redundant check. As some of the validators do not support client side scripting.
Which JavaScript file is referenced for validating the validators at the client side ?
WebUIValidation.js javascript file installed at "aspnet_client" root IIS directory is used to validate the validation controls at the client side
How to disable client side script in validators?
Set EnableClientScript to false.
I want to show the entire validation error message in a message box on the client side?
In validation summary set "ShowMessageBox" to true.

What order they are triggered ?

They're triggered in the following order:
  • Application_BeginRequest
  • Application_AuthenticateRequest
  • Application_AuthorizeRequest
  • Application_ResolveRequestCache
  • Application_AcquireRequestState
  • Application_PreRequestHandlerExecute
  • Application_PreSendRequestHeaders
  • Application_PreSendRequestContent
    < <code is executed> >
  • Application_PostRequestHandlerExecute
  • Application_ReleaseRequestState
  • Application_UpdateRequestCache
  • Application_EndRequest.

What are major events in GLOBAL.ASAX file ?

The Global.asax file, which is derived from the HttpApplication class, maintains a pool of HttpApplication objects, and assigns them to applications as needed. The Global.asax file contains the following events:
Application_Init:
Fired when an application initializes or is first called. It's invoked for all HttpApplication object instances.
Application_Disposed:
Fired just before an application is destroyed. This is the ideal location for cleaning up previously used resources.
Application_Error:
Fired when an unhandled exception is encountered within the application.

Application_Start:
Fired when the first instance of the HttpApplication class is created. It allows you to create objects that are accessible by all HttpApplication instances.
Application_End:
Fired when the last instance of an HttpApplication class is destroyed. It's fired only once during an application's lifetime.

Application_BeginRequest:
Fired when an application request is received. It's the first event fired for a request, which is often a page request (URL) that a user enters.
Application_EndRequest:
The last event fired for an application request.

Application_PreRequestHandlerExecute:
Fired before the ASP.NET page framework begins executing an event handler like a page or Web service.
Application_PostRequestHandlerExecute:
Fired when the ASP.NET page framework is finished executing an event handler.

Applcation_PreSendRequestHeaders:
Fired before the ASP.NET page framework sends HTTP headers to a requesting client (browser).
Application_PreSendContent:
Fired before the ASP.NET page framework sends content to a requesting client (browser).
Application_AcquireRequestState:
Fired when the ASP.NET page framework gets the current state (Session state) related to the current request.

Application_ReleaseRequestState:
Fired when the ASP.NET page framework completes execution of all event handlers.
This results in all state modules to save their current state data.
Application_ResolveRequestCache:
Fired when the ASP.NET page framework completes an authorization request. It allows caching modules to serve the request from the cache, thus bypassing handler execution.
Application_UpdateRequestCache:
Fired when the ASP.NET page framework completes handler execution to allow caching modules to store responses to be used to handle subsequent requests.
Application_AuthenticateRequest:
Fired when the security module has established the current user's identity as valid. At this point, the user's credentials have been validated.
Application_AuthorizeRequest:
Fired when the security module has verified that a user can access resources.
Session_Start:
Fired when a new user visits the application Web site.

Session_End:
Fired when a user's session times out, ends, or they leave the application Web site.

Difference between ASP and ASP.NET?

ASP.NET new feature supports are as follows :-
Better Language Support
  • New ADO.NET Concepts have been implemented.
  • ASP.NET supports full language (C# , VB.NET,C++) and not simple scripting like VBSCRIPT..
Better controls than ASP 
  • ASP.NET covers large set's of HTML controls..
  • Better Display grid like Datagrid , Repeater and datalist.Many of the display grid have paging support.
Controls have event supports 
  • All ASP.NET controls support events. 
  • Load, Click and Change events handled by code makes coding much simpler and much better organized.
Compiled Code
The first request for an ASP.NET page on the server will compile the ASP.NET code and keep a cached copy in memory. The result of this is greatly increased performance.

Better Authentication Support
ASP.NET supports forms-based user authentication, including cookie management and automatic redirecting of unauthorized logins. (You can still do your custom login page and custom user checking).

User Accounts and Roles ASP.NET allows for user accounts and roles, to give each user (with a given role) access to different server code and executables.

High Scalability 
  • Much has been done with ASP.NET to provide greater scalability.
  • Server to server communication has been greatly enhanced, making it possible to scale an application over several servers. One example of this is the ability to run XML parsers, XSL transformations and even resource hungry session objects on other servers.
Easy Configuration
  • Configuration of ASP.NET is done with plain text files.
  • Configuration files can be uploaded or changed while the application is running. No need to restart the server. No more metabase or registry puzzle.

Easy Deployment
No more server restart to deploy or replace compiled code. ASP.NET simply redirects all new requests to the new code.

How will decide the design consideration to take a Datagrid , datalist or repeater ?

Many make a blind choice of choosing datagrid directly , but that's not the right way.
Datagrid provides ability to allow the end-user to sort, page, and edit its data.But it comes at a cost of speed.Second the display format is simple that is in row and columns. Real life scenarios can be more demanding that
With its templates, the DataList provides more control over the look and feel of the displayed data than the DataGrid.It offers better performance than datagrid
Repeater control allows for complete and total control. With the Repeater, the only HTML emitted are the values of the databinding statements in the templates along with the HTML markup specified in the templates—no "extra" HTML is emitted, as with the DataGrid and DataList. By requiring the developer to specify the complete generated HTML markup, the Repeater often requires the longest development time.But repeater does not provide editing features like datagrid so everything has to be coded by programmer . However, the Repeater does boast the best performance of the three data Web controls. Repeater is fastest followed by Datalist and finally datagrid.

Performance point of view, Customize columns in DataGrid, format data inside DataGrid

From performance point of view how do they rate ?
Repeater is fastest followed by Datalist and finally datagrid.
What's the method to customize columns in DataGrid?
Use the template column.
How can we format data inside DataGrid?
Use the DataFormatString property.

What's difference between Datagrid , Datalist and repeater ?


A Datagrid, Datalist and Repeater are all ASP.NET data Web controls.
They have many things in common like DataSource Property , DataBind Method ItemDataBound and ItemCreated.
When you assign the DataSource Property of a Datagrid to a DataSet then each DataRow present in the DataRow Collection of DataTable is assigned to a corresponding DataGridItem and this is same for the rest of the two controls also.But The HTML code generated for a Datagrid has an HTML TABLE <ROW> element created for the particular DataRow and its a Table form representation with Columns and Rows.
For a Datalist its an Array of Rows and based on the Template Selected and the RepeatColumn Property value We can specify how many DataSource records should appear per HTML <table> row. In short in datagrid we have one record per row, but in datalist we can have five or six rows per row.
For a Repeater Control,The Datarecords to be displayed depends upon the Templates specified and the only HTML generated is the due to the Templates.
In addition to these , Datagrid has a in-built support for Sort,Filter and paging the Data ,which is not possible when using a DataList and for a Repeater Control we would require to write an explicit code to do paging.
 How does authorization work in ASP.NET?

ASP.NET impersonation is controlled by entries in the applications web.config file. The default setting is "no impersonation". You can explicitly specify that ASP.NET shouldn't use impersonation by including the following code in the file
        <identity impersonate="false"/>
It means that ASP.NET will not perform any authentication and runs with its own privileges. By default ASP.NET runs as an unprivileged account named ASPNET. You can change this by making a setting in the processModel section of the machine.config file. When you make this setting, it automatically applies to every site on the server. To user a high-privileged system account instead of a low-privileged, set the userName attribute of the processModel element to SYSTEM. Using this setting is a definite security risk, as it elevates the privileges of the ASP.NET process to a point where it can do bad things to the operating system.
When you disable impersonation, all the request will run in the context of the account running ASP.NET: either the ASPNET account or the system account. This is true when you are using anonymous access or authenticating users in some fashion. After the user has been authenticated, ASP.NET uses it own identity to request access to resources.
The second possible setting is to turn on impersonation.
<identity impersonate ="true"/>
In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account that IIS itself uses. If you aren't allowing anonymous access,ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were that user. Thus by turning impersonation on and using a non-anonymous method of authentication in IIS, you can let users log on and use their identities within your ASP.NET application.
Finally, you can specify a particular identity to use for all authenticated requests
<identity impersonate="true" username="DOMAIN\username" password="password"/ >
With this setting, all the requests are made as the specified user (Assuming the password it correct in the configuration file). So, for example you could designate a user for a single application, and use that user's identity every time someone authenticates to the application. The drawback to this technique is that you must embed the user's password in the web.config file in plain text. Although ASP.NET won't allow anyone to download this file, this is still a security risk if anyone can get the file by other means.

What are the various ways of authentication techniques in ASP.NET?

Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider:
  • <authentication mode="windows">
  • <authentication mode="passport">
  • <authentication mode="forms">
  • Custom authentication where you might install an ISAPI filter in IIS that compares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptable address. In that case, you would set the authentication mode to none to prevent any of the .net authentication providers from being triggered.
Windows authentication and IIS
If you select windows authentication for your ASP.NET application, you also have to configure authentication within IIS. This is because IIS provides Windows authentication. IIS gives you a choice for four different authentication methods:

Anonymous, basic digest and windows integrated

If you select anonymous authentication, IIS doesn't perform any authentication, Any one is allowed to access the ASP.NET application.

If you select basic authentication, users must provide a windows username and password to connect. How ever this information is sent over the network in clear text, which makes basic authentication very much insecure over the internet.

If you select digest authentication, users must still provide a windows user name and password to connect. However the password is hashed before it is sent across the network. Digest authentication requires that all users be running Internet Explorer 5 or later and that windows accounts to stored in active directory.

If you select windows integrated authentication, passwords never cross the network. Users must still have a username and password, but the application uses either the Kerberos or challenge/response protocols authenticate the user. Windows-integrated authentication requires that all users be running internet explorer 3.01 or later Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is a solution to network security problems. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise

Passport authentication
Passport authentication lets you to use Microsoft's passport service to authenticate users of your application. If your users have signed up with passport, and you configure the authentication mode of the application to the passport authentication, all authentication duties are off-loaded to the passport servers.
Passport uses an encrypted cookie mechanism to indicate authenticated users. If users have already signed into passport when they visit your site, they'll be considered authenticated by ASP.NET. Otherwise they'll be redirected to the passport servers to log in. When they are successfully log in, they'll be redirected back to your site
To use passport authentication you have to download the Passport Software Development Kit (SDK) and install it on your server. The SDK can be found at http://msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps. It includes full details of implementing passport authentication in your own applications.
Forms authentication
Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application. The following applies if you choose forms authentication.
  • When a user requests a page for the application, ASP.NET checks for the presence of a special session cookie. If the cookie is present, ASP.NET assumes the user is authenticated and processes the request.
  • If the cookie isn't present, ASP.NET redirects the user to a web form you provide
You can carry out whatever authentication, checks you like in your form. When the user is authenticated, you indicate this to ASP.NET by setting a property, which creates the special cookie to handle subsequent requests.

What are the various ways of authentication techniques in ASP.NET?

Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider:
  • <authentication mode="windows">
  • <authentication mode="passport">
  • <authentication mode="forms">
  • Custom authentication where you might install an ISAPI filter in IIS that compares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptable address. In that case, you would set the authentication mode to none to prevent any of the .net authentication providers from being triggered.

Can you explain in brief how the ASP.NET authentication process works?

ASP.NET does not run by itself it runs inside the process of IIS. So there are two authentication layers which exist in ASP.NET system. First authentication happens at the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file. Below is how the whole process works:-
  • IIS first checks to make sure the incoming request comes from an IP address that is allowed access to the domain. If not it denies the request.
  • Next IIS performs its own user authentication if it is configured to do so. By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per – application basis with in IIS.
  • If the request is passed to ASP.net with an authenticated user, ASP.net checks to see whether impersonation is enabled. If impersonation is enabled, ASP.net acts as though it were the authenticated user. If not ASP.net acts with its own configured account.
  • Finally the identity from step 3 is used to request resources from the operating system. If ASP.net authentication can obtain all the necessary resources it grants the users request otherwise it is denied. Resources can include much more than just the ASP.net page itself you can also use .Net's code access
    security features to extend this authorization step to disk files, Registry keys
    and other resources.

What is impersonation in ASP.NET ?

By default, ASP.NET executes in the security context of a restricted user account on the local machine. Sometimes you need to access network resources such as a file on a shared drive, which requires additional permissions. One way to overcome this restriction is to use impersonation. With impersonation, ASP.NET can execute the request using the identity of the client who is making the request, or ASP.NET can impersonate a specific account you specify in web.config.

What's difference between Authentication and authorization?

This can be a tricky question. These two concepts seem altogether similar but there is wide range of difference. Authentication is verifying the identity of a user and authorization is process where we check does this identity have access rights to the system. In short we can say the following authentication is the process of obtaining some sort of credentials from the users and using those credentials to verify the user's identity. Authorization is the process of allowing an authenticated user access to resources. Authentication is always precedes to Authorization; even if your application lets anonymous users connect and use the application, it still authenticates them as being anonymous.

What's difference between Server.Transfer and response.Redirect ?

Following are the major differences between them:-
  • Response.Redirect sends message to the browser saying it to move to some different page.While server.transfer does not send any message to the browser but rather redirects the user directly from the server itself. So in server.transfer there is no round trip while response.redirect has a round trip and hence puts a load on server.
  • Using Server.Transfer you can not redirect to a different from the server itself. Example If your server is www.yahoo.com you can use server.transfer to move to www.microsoft.com but yes you can move to www.yahoo.com/travels , i.e. within websites. This cross server redirect is possible only using Response.redirect.
  • With server.transfer you can preserve your information. It has a parameter called as "preserveForm". So the existing query string etc. will be able in the calling page. In response.redirect you can maintain the state. You can but has lot of drawbacks.

What's a SESSION and APPLICATION object ?

Session object store information between HTTP request for a particular user.While application object are global across users.

 

 

 

 

--------------------------------------------------------------

Asp 2.0 Interview Questions In .Net

  1. In ASP.Net 2.0 Login controls if you want to have your own database for login info how do you do that?
Create Table User with fields (UserID Primary Key, UserName,Password),Roles(RoleID Primary Key,RoleName) and UserRoles(id Primary Key, UserID Foreigh Key,RoleID Foreign Key).Populate the above tables with data. You can authenticate users based on roles from now by simply configuring web.config file.
  1. What are the main differences between Asp.net 1.1 and Asp.net 2.0
ASP.NET 2.0 introduces a lot of new features. Some of this features aim to simplify the problems faced using the earlier versions and some features are introduced to provide lot of new facilities. The most important features that are incorporated in ASP.NET 2.0 are:
    • Master Page:
Master pages are introduced to remove one of the most important deficiencies of earlier version of ASP.NET. One thing that has become apparent in the earlier version of ASP.NET is the lack of architecture for applying a consistent look and feel. In earlier version of ASP.NET whenever a developer wants to replicate a common functionality of a web page in other pages, the most possible options he uses is creating a user control and then replicate the functionality in other pages. ASP.NET 2.0 aims to solve this problem by introducing the concept of Master pages. First the developer needs to define a master page containing the content that he wants to appear on other pages and then use the ContentPlaceHolder controls to define the locations where the sub pages can plug in the content of their own.
    • PreCompilation:
By default, ASP.NET web pages and code files are compiled dynamically when a first request is made to the page. After the initial compilation, the compiled pages is cached; the cache is used to satisfy the subsequent requests for the same page. Even though this approach is flexible, when the page is requested for the first time, it requires a bit of extra time to compile the code. You can avoid this overhead by leveraging a new feature known as precompilation; by using this feature, you can compile an ASP.NET web site before making the web site available to the users.
    • Sharing code in the application:
In earlier version of ASP.NET, if you were to reference a reusable component from your dot net application, you had to compile the assembly and place it in the bin folder (or place it in the GAC) of the web application. But now with ASP.NET 2.0, creating a reusable component is very simple and straightforward. All you need to do is to create a component in a pre-defined subdirectory called code. Any component placed in this directory will be automatically compiled at runtime into a single assembly. This assembly is automatically referenced and will be available to all the page in the site.
    • Themes and Skins:
ASP.NET 2.0 introduces the concepts of Themes and Skins by means of which the look and feel of the web pages can be enhanced to a great extent to make them visually catchy and attractive. A skin is a set of visual attributes applied to a control type. A theme is a collection of skins. There are a lot of predefined themes in ASP.NET 2.0. One can use it by using the following line of code:
< @ Page Theme="SmokeAndGlass" %> The page directive's Them attribute declaratively applies a theme to a page. Themes can also be applied programmatically using the page class's Theme property
  1. what are the new features in ASP.NET 2.0?
ASP.NET is a programming framework built on the common language runtime that can be used on a server to build powerful Web applications. The first version of ASP.NET offered several important advantages over previous Web development models. ASP.NET 2.0 improves upon that foundation by adding support for several new and exciting features in the areas of developer productivity, administration and management, extensibility, and performance
    1. New Server Controls:
ASP.NET 2.0 introduces many new server controls that enable powerful declarative support for data access, login security, wizard navigation, menus, treeviews, portals, and more. Many of these controls take advantage of core application services in ASP.NET for scenarios like data access, membership and roles, and personalization.
    1. Master Pages:
This feature provides the ability to define common structure and interface elements for your site, such as a page header, footer, or navigation bar, in a common location called a "master page", to be shared by many pages in your site. In one simple place you can control the look, feel, and much of functionality for an entire Web site. This improves the maintainability of your site and avoids unnecessary duplication of code for shared site structure or behavior.
    1. Themes and Skins.
The themes and skins features in ASP.NET 2.0 allow for easy customization of your site's look-and-feel. You can define style information in a common location called a "theme", and apply that style information globally to pages or controls in your site. Like Master Pages, this improves the maintainability of your site and avoid unnecessary duplication of code for shared styles.
    1. Personalization
Using the new personalization services in ASP.NET 2.0 you can easily create customized experiences within Web applications. The Profile object enables developers to easily build strongly-typed, sticky data stores for user accounts and build highly customized, relationship based experiences. At the same time, a developer can leverage Web Parts and the personalization service to enable Web site visitors to completely control the layout and behavior of the site, with the knowledge that the site is completely customized for them. Personalizaton scenarios are now easier to build than ever before and require significantly less code and effort to implement.
    1. Localization.
Enabling globalization and localization in Web sites today is difficult, requiring large amounts of custom code and resources. ASP.NET 2.0 and Visual Studio 2005
provide tools and infrastructure to easily build Localizable sites including the ability to auto-detect incoming locale's and display the appropriate locale based UI. Visual Studio 2005 includes built-in tools to dynamically generate resource files and localization references. Together, building localized applications becomes a simple and integrated part of the development experience.
    1. Administration and Management
New tools like Configuration API, ASP.NET MMC Admin Tool, Pre-compilation Tool, Health Monitoring and Tracing have been introduced.
  1. Do I need IIS to run Web applications?
If you are using Visual Studio, you can use the ASP.NET Development Server built into Visual Studio to test your pages. The server functions as a local Web server, running ASP.NET Web pages in a manner virtually identical to how they run in IIS. To deploy a Web application, you need to copy it to a computer running IIS version 5 or 6.
  1. Can I upgrade my existing ASP.NET 1.x website to ASP.NET 2.0?
Yes. You can either login to the Customer Control panel and select ASP.NET 2.0 for your website.
  1. Can I run my ASP.NET 2.0 applications on my local machine to test my pages?
If you are using Visual Studio, you can use the ASP.NET Development Server built into Visual Studio to test your pages. The server functions as a local Web server, running ASP.NET Web pages in a manner virtually identical to how they run on a Web server. Once testing is completed you can upload your pages to our servers.
  1. Can I hide the source code for my page?
Server-side code is processed on the server and is not sent to the browser, so users cannot see it. However, client script is not protected; any client script that you add to your page or that is injected into the page by server processing is visible to users. If you are concerned about protecting your source code on the server, you can precompile your site and deploy the compiled version.
  1. Are old projects created in Visual Studio .NET 2002 or 2003 supported in Visual Studio 2005?
Old projects will continue to run without change. In Visual Studio 2005, if you open a project created in Visual Studio .NET 2002 or 2003, the project is converted to the new project layout used in Visual Studio 2005. As part of the conversion, pages that use the old code-behind model are converted to use the new code-behind model. You cannot create pages using the old code-behind model in Visual Studio 2005.
----------------------------------------------------------------------------------------------------------

  1. When was ASP.NET released?
ASP.NET is a part of the .NET framework which was released as a software platform in 2002.
  1. What is CLR?
Common Language Runtime (CLR) is a run-time environment that manages the execution of .NET code and provides services like memory management, debugging, security, etc.
  1. In Visual Studio .NET, how do I create a new ASP.NET application for an existing ASP.NET project?
First create an IIS application using the IIS MMC. Then in Visual Studio .NET, use the "New Project In Existing Folder" project template (at the end of the template list). It will first ask you for the project name (use the same one you created for the IIS application). Click OK button. Then enter in physical folder location.
  1. What is the Difference between HTML controls and ASP.net Controls?
HTML controls are run on client side, where as ASP.net controls runs on server side and for execute on client side, they generate HTML controls.
  1. Can a .NET web application consume Java web service ?
Yes.Actually Webservices are independent to language. it depends on WSDL and SOAP. so any one can develope the Webservices anddisclose the wsdl and users can cosume the webservices.wsdl and soap both are xml based.. and all languages having xml parsing capability and access to http protocol will be able to work with Webservices
  1. how to click or select a row in gridview using c# code?
We should use the Currency CurrencyManager cmGrid = (CurrencyManager)this.BindingContext[gridview.DataSource, gridview.DataMember]; cmGrid.Position = iIndex;
  1. What is IPostBack? How to use it?
Ispostback event is generated by the web controls to alert the server to take respected action of the event generated. When the button is clicked then click event is generated which further cause ispostback event & it alerts the server to take respected action during postback event.
  1. ColumnMapping belongs to which namespaces?
ColumnMapping belongs to System.Data
  1. Can you give an example of when it would be appropriate to use a web service as opposed to a non-serviced .NET component
when there is no .Net framework installed in one of the communicating applications
  1. In order to get assembly info whcih namespace we should import?
system.reflection
  1. Which method do you invoke on the DataAdapter control to load your generated dataset with data?
dataadapter.fill(dataset object)
  1. Enumerate the types of Directives?
o    @ Page directive
o    @ Assembly directive
o    @ Import directive
o    @ Reference directive
o    @ Implements directive
o    @ OutputCache directive
o    @ Register directive 
  1. What is a DataReader?
A DataReader is a read-only stream of data returned from the database as the query executes. It only contains one row of data in memory at a time and is restricted to navigating forward only in the results one record at a time. The DataReader does support access to multiple result sets, but only one at a time and in the order retrieved. Just as in the original version of ADO, the data is no longer available through the DataReader once the connection to the data source is closed, which means a DataReader requires a connection to the database throughout its usage. Output parameters or return values are only available through the DataReader once the connection is closed.
  1. Why DataReader Useful?
Data Reader is Read only version Data Set,Each record is returned as a Data Reader Object,ExecuteReader method acts directly on the database connection. There are two versions of the data reader object: OleDbDataReader and SqlDataReader
  1. Differnce B/w DataReader and DataSet
The Dataset is an core of disconnected architecture.Disconnected architecture means once you have retriveed the data from the database the connect of the datasource is dropped.The disconnected data become very commonlyThe dataset for the disconnected data from the Dataset object.The DataReader is an readonly ,forward only stream from the database.While using the datareader can improve the application performance reduce the system overhead because only one buffer row at a time in memory.
--------------------------------------------------------------------------

What is view state and use of it?
The current property settings of an ASP.NET page and those of any ASP.NET server controls contained within the page. ASP.NET can detect when a form is requested for the first time versus when the form is posted (sent to the server), which allows you to program accordingly.

What are user controls and custom controls?
Custom controls:

A control authored by a user or a third-party software vendor that does not belong to the .NET Framework class library. This is a generic term that includes user controls. A custom server control is used in Web Forms (ASP.NET pages). A custom client control is used in Windows Forms applications.

User Controls:
In ASP.NET: A user-authored server control that enables an ASP.NET page to be re-used as a server control. An ASP.NET user control is authored declaratively and persisted as a text file with an .ascx extension. The ASP.NET page framework compiles a user control on the fly to a class that derives from the System.Web.UI.UserControl class.

What are the validation controls?
A set of server controls included with ASP.NET that test user input in HTML and Web server controls for programmer-defined requirements. Validation controls perform input checking in server code. If the user is working with a browser that supports DHTML, the validation controls can also perform validation using client script.

What's the difference between Response.Write() andResponse.Output.Write()?
The latter one allows you to write formattedoutput.

What methods are fired during the page load? Init()
When the page is instantiated, Load() - when the page is loaded into server memory,PreRender () - the brief moment before the page is displayed to the user as HTML, Unload() - when page finishes loading.

Where does the Web page belong in the .NET Framework class hierarchy?
System.Web.UI.Page

Where do you store the information about the user's locale?
System.Web.UI.Page.Culture

What's the difference between Codebehind="MyCode.aspx.cs" and Src="MyCode.aspx.cs"?
CodeBehind is relevant to Visual Studio.NET only.

What's a bubbled event?
When you have a complex control, likeDataGrid, writing an event processing routine for each object (cell, button,row, etc.) is quite tedious. The controls can bubble up their eventhandlers, allowing the main DataGrid event handler to take care of its constituents.
Suppose you want a certain ASP.NET function executed on MouseOver over a certain button.

Where do you add an event handler?
It's the Attributesproperty, the Add function inside that property.
e.g. btnSubmit.Attributes.Add("onMouseOver","someClientCode();")

What data type does the RangeValidator control support?
Integer,String and Date.

What are the different types of caching?
Caching is a technique widely used in computing to increase performance by keeping frequently accessed or expensive data in memory. In context of web application, caching is used to retain the pages or data across HTTP requests and reuse them without the expense of recreating them.ASP.NET has 3 kinds of caching strategiesOutput CachingFragment CachingData

CachingOutput Caching: Caches the dynamic output generated by a request. Some times it is useful to cache the output of a website even for a minute, which will result in a better performance. For caching the whole page the page should have OutputCache directive.<%@ OutputCache Duration="60" VaryByParam="state" %>
Fragment Caching: Caches the portion of the page generated by the request. Some times it is not practical to cache the entire page, in such cases we can cache a portion of page<%@ OutputCache Duration="120" VaryByParam="CategoryID;SelectedID"%>
Data Caching: Caches the objects programmatically. For data caching asp.net provides a cache object for eg: cache["States"] = dsStates;

What do you mean by authentication and authorization?
Authentication is the process of validating a user on the credentials (username and password) and authorization performs after authentication. After Authentication a user will be verified for performing the various tasks, It access is limited it is known as authorization.

What are different types of directives in .NET?
@Page
: Defines page-specific attributes used by the ASP.NET page parser and compiler. Can be included only in .aspx files <%@ Page AspCompat="TRUE" language="C#" %>
@Control:Defines control-specific attributes used by the ASP.NET page parser and compiler. Can be included only in .ascx files. <%@ Control Language="VB" EnableViewState="false" %>
@Import: Explicitly imports a namespace into a page or user control. The Import directive cannot have more than one namespace attribute. To import multiple namespaces, use multiple @Import directives. <% @ Import Namespace="System.web" %>
@Implements: Indicates that the current page or user control implements the specified .NET framework interface.<%@ Implements Interface="System.Web.UI.IPostBackEventHandler" %>
@Register: Associates aliases with namespaces and class names for concise notation in custom server control syntax.<%@ Register Tagprefix="Acme" Tagname="AdRotator" Src="AdRotator.ascx" %>
@Assembly: Links an assembly to the current page during compilation, making all the assembly's classes and interfaces available for use on the page. <%@ Assembly Name="MyAssembly" %><%@ Assembly Src="MySource.vb" %>
@OutputCache: Declaratively controls the output caching policies of an ASP.NET page or a user control contained in a page<%@ OutputCache Duration="#ofseconds" Location="Any | Client | Downstream | Server | None" Shared="True | False" VaryByControl="controlname" VaryByCustom="browser | customstring" VaryByHeader="headers" VaryByParam="parametername" %>
@Reference: Declaratively indicates that another user control or page source file should be dynamically compiled and linked against the page in which this directive is declared.

How do I debug an ASP.NET application that wasn't written with Visual Studio.NET and that doesn't use code-behind?
Start the DbgClr debugger that comes with the .NET Framework SDK, open the file containing the code you want to debug, and set your breakpoints. Start the ASP.NET application. Go back to DbgClr, choose Debug Processes from the Tools menu, and select aspnet_wp.exe from the list of processes. (If aspnet_wp.exe doesn't appear in the list,check the "Show system processes" box.) Click the Attach button to attach to aspnet_wp.exe and begin debugging.
Be sure to enable debugging in the ASPX file before debugging it with DbgClr. You can enable tell ASP.NET to build debug executables by placing a
<%@ Page Debug="true" %> statement at the top of an ASPX file or a <COMPILATION debug="true" />statement in a Web.config file.

Can a user browsing my Web site read my Web.config or Global.asax files?
No. The <HTTPHANDLERS>section of Machine.config, which holds the master configuration settings for ASP.NET, contains entries that map ASAX files, CONFIG files, and selected other file types to an HTTP handler named HttpForbiddenHandler, which fails attempts to retrieve the associated file. You can modify it by editing Machine.config or including an section in a local Web.config file.

What's the difference between Page.RegisterClientScriptBlock and Page.RegisterStartupScript?
RegisterClientScriptBlock is for returning blocks of client-side script containing functions. RegisterStartupScript is for returning blocks of client-script not packaged in functions-in other words, code that's to execute when the page is loaded. The latter positions script blocks near the end of the document so elements on the page that the script interacts are loaded before the script runs.<%@ Reference Control="MyControl.ascx" %>

ASP.NET FAQs Part 5

What is the difference between repeater over datalist and datagrid?
The Repeater class is not derived from the WebControl class, like the DataGrid and DataList. Therefore, the Repeater lacks the stylistic properties common to both the DataGrid and DataList. What this boils down to is that if you want to format the data displayed in the Repeater, you must do so in the HTML markup.
The Repeater control provides the maximum amount of flexibility over the HTML produced. Whereas the DataGrid wraps the DataSource contents in an HTML < table >, and the DataList wraps the contents in either an HTML < table > or < span > tags (depending on the DataList's RepeatLayout property), the Repeater adds absolutely no HTML content other than what you explicitly specify in the templates.
While using Repeater control, If we wanted to display the employee names in a bold font we'd have to alter the "ItemTemplate" to include an HTML bold tag, Whereas with the DataGrid or DataList, we could have made the text appear in a bold font by setting the control's ItemStyle-Font-Bold property to True.
The Repeater's lack of stylistic properties can drastically add to the development time metric. For example, imagine that you decide to use the Repeater to display data that needs to be bold, centered, and displayed in a particular font-face with a particular background color. While all this can be specified using a few HTML tags, these tags will quickly clutter the Repeater's templates. Such clutter makes it much harder to change the look at a later date. Along with its increased development time, the Repeater also lacks any built-in functionality to assist in supporting paging, editing, or editing of data. Due to this lack of feature-support, the Repeater scores poorly on the usability scale.

However, The Repeater's performance is slightly better than that of the DataList's, and is more noticeably better than that of the DataGrid's. Following figure shows the number of requests per second the Repeater could handle versus the DataGrid and DataList
Can we handle the error and redirect to some pages using web.config?
Yes, we can do this, but to handle errors, we must know the error codes; only then we can take the user to a proper error message page, else it may confuse the user.
CustomErrors Configuration section in web.config file:
The default configuration is:
< customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" >
< error statusCode="404" redirect="Notfound.aspx" / >
< /customErrors >
If mode is set to Off, custom error messages will be disabled. Users will receive detailed exception error messages.
If mode is set to On, custom error messages will be enabled.
If mode is set to RemoteOnly, then users will receive custom errors, but users accessing the site locally will receive detailed error messages.
Add an < error > tag for each error you want to handle. The error tag will redirect the user to the Notfound.aspx page when the site returns the 404 (Page not found) error.


[Example]

There is a page MainForm.aspx
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Dim str As System.Text.StringBuilder
str.Append("hi") ' Error Line as str is not instantiated
Response.Write(str.ToString)
End Sub

[Web.Config]
< customErrors mode="On" defaultRedirect="Error.aspx"/ >
' a simple redirect will take the user to Error.aspx [user defined] error file.

< customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" >
< error statusCode="404" redirect="Notfound.aspx" / >
< /customErrors >
'This will take the user to NotFound.aspx defined in IIS.

How do you implement Paging in .Net?
The DataGrid provides the means to display a group of records from the data source (for example, the first 10), and then navigate to the "page" containing the next 10 records, and so on through the data.
Using Ado.Net we can explicit control over the number of records returned from the data source, as well as how much data is to be cached locally in the DataSet.
1.Using DataAdapter.fill method give the value of 'Maxrecords' parameter
(Note: - Don't use it because query will return all records but fill the dataset based on value of 'maxrecords' parameter).
2.For SQL server database, combines a WHERE clause and a ORDER BY clause with TOP predicate.
3.If Data does not change often just cache records locally in DataSet and just take some records from the DataSet to display.

What is the difference between Server.Transfer and Response.Redirect?
Server.Transfer() : client is shown as it is on the requesting page only, but the all the content is of the requested page. Data can be persist across the pages using Context.Item collection, which is one of the best way to transfer data from one page to another keeping the page state alive.
Response.Dedirect() :client knows the physical location (page name and query string as well). Context.Items loses the persistence when navigate to destination page. In earlier versions of IIS, if we wanted to send a user to a new Web page, the only option we had was Response.Redirect. While this method does accomplish our goal, it has several important drawbacks. The biggest problem is that this method causes each page to be treated as a separate transaction. Besides making it difficult to maintain your transactional integrity, Response.Redirect introduces some additional headaches. First, it prevents good encapsulation of code. Second, you lose access to all of the properties in the Request object. Sure, there are workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the client, which, on high-volume sites, causes scalability problems. As you might suspect, Server.Transfer fixes all of these problems. It does this by performing the transfer on the server without requiring a roundtrip to the client.
Response.Redirect sends a response to the client browser instructing it to request the second page. This requires a round-trip to the client, and the client initiates the Request for the second page. Server.Transfer transfers the process to the second page without making a round-trip to the client. It also transfers the HttpContext to the second page, enabling the second page access to all the values in the HttpContext of the first page.

Can you create an app domain?
Yes, We can create user app domain by calling on of the following overload static methods of the System.AppDomain class
1. Public static AppDomain CreateDomain(String friendlyName)
2. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo)
3. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info)
4. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, String appBasePath, String appRelativeSearchPath, bool shadowCopyFiles)


What are the various security methods which IIS Provides apart from .NET ?

The various security methods which IIS provides are
a) Authentication Modes
b) IP Address and Domain Name Restriction
c) DNS Lookups DNS Lookups
d) The Network ID and Subnet Mask
e) SSL


What is Web Gardening? How would using it affect a design?

The Web Garden Model
The Web garden model is configurable through the section of the machine.config file. Notice that the section is the only configuration section that cannot be placed in an application-specific web.config file. This means that the Web garden mode applies to all applications running on the machine. However, by using the node in the machine.config source, you can adapt machine-wide settings on a per-application basis.

Two attributes in the section affect the Web garden model. They are webGarden and cpuMask. The webGarden attribute takes a Boolean value that indicates whether or not multiple worker processes (one per each affinitized CPU) have to be used. The attribute is set to false by default. The cpuMask attribute stores a DWORD value whose binary representation provides a bit mask for the CPUs that are eligible to run the ASP.NET worker process. The default value is -1 (0xFFFFFF), which means that all available CPUs can be used. The contents of the cpuMask attribute is ignored when the webGarden attribute is false. The cpuMask attribute also sets an upper bound to the number of copies of aspnet_wp.exe that are running.
Web gardening enables multiple worker processes to run at the same time. However, you should note that all processes will have their own copy of application state, in-process session state, ASP.NET cache, static data, and all that is needed to run applications. When the Web garden mode is enabled, the ASP.NET ISAPI launches as many worker processes as there are CPUs, each a full clone of the next (and each affinitized with the corresponding CPU). To balance the workload, incoming requests are partitioned among running processes in a round-robin manner. Worker processes get recycled as in the single processor case. Note that ASP.NET inherits any CPU usage restriction from the operating system and doesn't include any custom semantics for doing this.
All in all, the Web garden model is not necessarily a big win for all applications. The more stateful applications are, the more they risk to pay in terms of real performance. Working data is stored in blocks of shared memory so that any changes entered by a process are immediately visible to others. However, for the time it takes to service a request, working data is copied in the context of the process. Each worker process, therefore, will handle its own copy of working data, and the more stateful the application, the higher the cost in performance. In this context, careful and savvy application benchmarking is an absolute must.
Changes made to the section of the configuration file are effective only after IIS is restarted. In IIS 6, Web gardening parameters are stored in the IIS metabase; the webGarden and cpuMask attributes are ignored.
What is view state?.where it stored?.can we disable it?
The web is state-less protocol, so the page gets instantiated, executed, rendered and then disposed on every round trip to the server. The developers code to add "statefulness" to the page by using Server-side storage for the state or posting the page to itself. When require to persist and read the data in control on webform, developer had to read the values and store them in hidden variable (in the form), which were then used to restore the values. With advent of .NET framework, ASP.NET came up with ViewState mechanism, which tracks the data values of server controls on ASP.NET webform. In effect,ViewState can be viewed as "hidden variable managed by ASP.NET framework!". When ASP.NET page is executed, data values from all server controls on page are collected and encoded as single string, which then assigned to page's hidden atrribute "< input type=hidden >", that is part of page sent to the client.

ViewState value is temporarily saved in the client's browser.ViewState can be disabled for a single control, for an entire page orfor an entire web application. The syntax is:
Disable ViewState for control (Datagrid in this example)
< asp:datagrid EnableViewState="false" ... / >

Disable ViewState for a page, using Page directive
< %@ Page EnableViewState="False" ... % >

Disable ViewState for application through entry in web.config
< Pages EnableViewState="false" ... / >

ASP.NET FAQs Part 4

When you're running a component within ASP.NET, what process is it running within on Windows XP? Windows 2000? Windows 2003?
On Windows 2003 (IIS 6.0) running in native mode, the component is running within the w3wp.exe process associated with the application pool which has been configured for the web application containing the component.
On Windows 2003 in IIS 5.0 emulation mode, 2000, or XP, it's running within the IIS helper process whose name I do not remember, it being quite a while since I last used IIS 5.0.
What does aspnet_regiis -i do ?
Aspnet_regiis.exe is The ASP.NET IIS Registration tool allows an administrator or installation program to easily update the script maps for an ASP.NET application to point to the ASP.NET ISAPI version associated with the tool. The tool can also be used to display the status of all installed versions of ASP. NET, register the ASP.NET version coupled with the tool, create client-script directories, and perform other configuration operations.

When multiple versions of the .NET Framework are executing side-by-side on a single computer, the ASP.NET ISAPI version mapped to an ASP.NET application determines which version of the common language runtime is used for the application.

The tool can be launched with a set of optional parameters. Option "i" Installs the version of ASP.NET associated with Aspnet_regiis.exe and updates the script maps at the IIS metabase root and below. Note that only applications that are currently mapped to an earlier version of ASP.NET are affected

What is a PostBack?
The process in which a Web page sends data back to the same page on the server.

What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?
ViewState is the mechanism ASP.NET uses to keep track of server control state values that don't otherwise post back as part of the HTTP form. ViewState Maintains the UI State of a Page
ViewState is base64-encoded.
It is not encrypted but it can be encrypted by setting EnableViewStatMAC="true" & setting the machineKey validation type to 3DES. If you want to NOT maintain the ViewState, include the directive < %@ Page EnableViewState="false" % > at the top of an .aspx page or add the attribute EnableViewState="false" to any control.

What is the < machinekey > element and what two ASP.NET technologies is it used for?
Configures keys to use for encryption and decryption of forms authentication cookie data and view state data, and for verification of out-of-process session state identification.There fore 2 ASP.Net technique in which it is used are Encryption/Decryption & Verification
What three Session State providers are available in ASP.NET 1.1? What are the pros and cons of each?
ASP.NET provides three distinct ways to store session data for your application: in-process session state, out-of-process session state as a Windows service, and out-of-process session state in a SQL Server database. Each has it advantages.
1.In-process session-state mode
Limitations:
* When using the in-process session-state mode, session-state data is lost if aspnet_wp.exe or the application domain restarts.
* If you enable Web garden mode in the < processModel > element of the application's Web.config file, do not use in-process session-state mode. Otherwise, random data loss can occur.
Advantage:
* in-process session state is by far the fastest solution. If you are storing only small amounts of volatile data in session state, it is recommended that you use the in-process provider.

2. The State Server simply stores session state in memory when in out-of-proc mode. In this mode the worker process talks directly to the State Server
3. SQL mode, session states are stored in a SQL Server database and the worker process talks directly to SQL. The ASP.NET worker processes are then able to take advantage of this simple storage service by serializing and saving (using .NET serialization services) all objects within a client's Session collection at the end of each Web request
Both these out-of-process solutions are useful primarily if you scale your application across multiple processors or multiple computers, or where data cannot be lost if a server or process is restarted.

What is the difference between HTTP-Post and HTTP-Get?
As their names imply, both HTTP GET and HTTP POST use HTTP as their underlying protocol. Both of these methods encode request parameters as name/value pairs in the HTTP request.
The GET method creates a query string and appends it to the script's URL on the server that handles the request.
The POST method creates a name/value pairs that are passed in the body of the HTTP request message.

Name and describe some HTTP Status Codes and what they express to the requesting client.
When users try to access content on a server that is running Internet Information Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that indicates the status of the request. This status code is recorded in the IIS log, and it may also be displayed in the Web browser or FTP client. The status code can indicate whether a particular request is successful or unsuccessful and can also reveal the exact reason why a request is unsuccessful. There are 5 groups ranging from 1xx - 5xx of http status codes exists.
101 - Switching protocols.
200 - OK. The client request has succeeded
302 - Object moved.
400 - Bad request.
500.13 - Web server is too busy.

Explain < @OutputCache% > and the usage of VaryByParam, VaryByHeader.
OutputCache is used to control the caching policies of an ASP.NET page or user control. To cache a page @OutputCache directive should be defined as follows < %@ OutputCache Duration="100" VaryByParam="none" % >
VaryByParam: A semicolon-separated list of strings used to vary the output cache. By default, these strings correspond to a query string value sent with GET method attributes, or a parameter sent using the POST method. When this attribute is set to multiple parameters, the output cache contains a different version of the requested document for each specified parameter. Possible values include none, *, and any valid query string or POST parameter name.
VaryByHeader: A semicolon-separated list of HTTP headers used to vary the output cache. When this attribute is set to multiple headers, the output cache contains a different version of the requested document for each specified header.

ASP.NET Faqs Part 3

Which template must you provide, in order to display data in a Repeater control?
You have to use the ItemTemplate to Display data. Syntax is as follows,
< ItemTemplate >
< div class ="rItem" >
< img src="images/<%# Container.DataItem("ImageURL")%>" hspace="10" />
< b > <% # Container.DataItem("Title")%>
< /div >
< ItemTemplate >

How can you provide an alternating color scheme in a Repeater control?
Using the AlternatintItemTemplate

What property must you set, and what method must you call in your code, in order to bind the data from some data source to the Repeater control?
Set the DataMember property to the name of the table to bind to. (If this property is not set, by default the first table in the dataset is used.)
DataBind method, use this method to bind data from a source to a server control. This method is commonly used after retrieving a data set through a database query.

What method do you use to explicitly kill a user s session?
You can dump (Kill) the session yourself by calling the method Session.Abandon.
ASP.NET automatically deletes a user's Session object, dumping its contents, after it has been idle for a configurable timeout interval. This interval, in minutes, is set in the <SESSIONSTATE>section of the web.config file. The default is 20 minutes.
How do you turn off cookies for one page in your site?
Use Cookie.Discard property, Gets or sets the discard flag set by the server. When true, this property instructs the client application not to save the Cookie on the user's hard disk when a session ends.

Which two properties are on every validation control?
We have two common properties for every validation controls
1. Control to Validate,
2. Error Message.

What tags do you need to add within the asp:datagrid tags to bind columns manually?
< asp:DataGrid id="dgCart" AutoGenerateColumns="False" CellPadding="4" Width="448px" runat="server" >
< Columns >
< asp:ButtonColumn HeaderText="SELECT" Text="SELECT" CommandName="select" >< /asp:ButtonColumn >
< asp:BoundColumn DataField="ProductId" HeaderText="Product ID" >< /asp:BoundColumn >
< asp:BoundColumn DataField="ProductName" HeaderText="Product Name" >< /asp:BoundColumn >
< asp:BoundColumn DataField="UnitPrice" HeaderText="UnitPrice" >< /asp:BoundColumn >
< /Columns >
< /asp:DataGrid >
How do you create a permanent cookie?
Permanent cookies are the ones that are most useful. Permanent cookies are available until a specified expiration date, and are stored on the hard disk. The location of cookies differs with each browser, but this doesn't matter, as this is all handled by your browser and the server. If you want to create a permanent cookie called Name with a value of Nigel, which expires in one month, you'd use the following code
Response.Cookies ("Name") = "Nigel"
Response.Cookies ("Name"). Expires = DateAdd ("m", 1, Now ())

What tag do you use to add a hyperlink column to the DataGrid?
< asp:HyperLinkColumn > </ asp:HyperLinkColumn>
Which method do you use to redirect the user to another page without performing a round trip to the client?
Server.transfer
What is the transport protocol you use to call a Web service SOAP ?
HTTP Protocol

Explain role based security ?
Role Based Security lets you identify groups of users to allow or deny based on their role in the organization.In Windows NT and Windows XP, roles map to names used to identify user groups. Windows defines several built-in groups, including Administrators, Users, and Guests.To allow or deny access to certain groups of users, add the <ROLES>element to the authorization list in your Web application's Web.config file.e.g.
<AUTHORIZATION>< authorization >
< allow roles="Domain Name\Administrators" / > < !-- Allow Administrators in domain. -- >
< deny users="*" / > < !-- Deny anyone else. -- >
< /authorization >

How do you register JavaScript for webcontrols ?
You can register javascript for controls using <CONTROL -name>Attribtues.Add(scriptname,scripttext) method.
When do you set "<IDENTITY impersonate="true" />" ?
Identity is a webconfig declaration under System.web, which helps to control the application Identity of the web applicaton. Which can be at any level(Machine,Site,application,subdirectory,or page), attribute impersonate with "true" as value specifies that client impersonation is used.

What are different templates available in Repeater,DataList and Datagrid ?
Templates enable one to apply complicated formatting to each of the items displayed by a control.Repeater control supports five types of templates.HeaderTemplate controls how the header of the repeater control is formatted.ItemTemplate controls the formatting of each item displayed.AlternatingItemTemplate controls how alternate items are formatted and the SeparatorTemplate displays a separator between each item displyed.FooterTemplate is used for controlling how the footer of the repeater control is formatted.The DataList and Datagrid supports two templates in addition to the above five.SelectedItem Template controls how a selected item is formatted and EditItemTemplate controls how an item selected for editing is formatted.
What is ViewState ? and how it is managed ?
ASP.NET ViewState is a new kind of state service that developers can use to track UI state on a per-user basis. Internally it uses an an old Web programming trick-roundtripping state in a hidden form field and bakes it right into the page-processing framework.It needs less code to write and maintain state in your Web-based forms.
What is web.config file ?
Web.config file is the configuration file for the Asp.net web application. There is one web.config file for one asp.net application which configures
the particular application. Web.config file is written in XML with specific tags having specific meanings.It includes databa which includes
connections,Session States,Error Handling,Security etc.
For example :

< configuration >
< appSettings >
< add key="ConnectionString"
value="server=localhost;uid=sa;pwd=;database=MyDB" / >
< /appSettings >
< /configuration >


What is advantage of viewstate and what are benefits?
When a form is submitted in classic ASP, all form values are cleared. Suppose you have submitted a form with a lot of information and the server comes back with an error. You will have to go back to the form and correct the information. You click the back button, and what happens.......ALL form values are CLEARED, and you will have to start all over again! The site did not maintain your ViewState.With ASP .NET, the form reappears in the browser window together with all form values.This is because ASP .NET maintains your ViewState. The ViewState indicates the status of the page when submitted to the server.

What tags do you need to add within the asp:datagrid tags to bind columns manually?
Set AutoGenerateColumns Property to false on the datagrid tag and then use Column tag and an ASP:databound tag
< asp:DataGrid runat="server" id="ManualColumnBinding" AutoGenerateColumns="False" >
< Columns >
< asp:BoundColumn HeaderText="Column1" DataField="Column1"/ >
< asp:BoundColumn HeaderText="Column2" DataField="Column2"/ >
< /Columns >
< /asp:DataGrid >
<asp:DataGrid id=ManualColumnBinding runat="server" AutoGenerateColumns="False">
<COLUMNS> <asp:BoundColumn HeaderText="Column2" DataField="Column2"></asp:BoundColumn>
</asp:DataGrid>Which property on a Combo Box do you set with a column name, prior to setting the DataSource, to display data in the combo box?
DataTextField and DataValueField

Which control would you use if you needed to make sure the values in two different controls matched?
CompareValidator is used to ensure that two fields are identical.
What is validationsummary server control?where it is used?.
The ValidationSummary control allows you to summarize the error messages from all validation controls on a Web page in a single location. The summary can be displayed as a list, a bulleted list, or a single paragraph, based on the value of the DisplayMode property. The error message displayed in the ValidationSummary control for each validation control on the page is specified by the ErrorMessage property of each validation control. If the ErrorMessage property of the validation control is not set, no error message is displayed in the ValidationSummary control for that validation control. You can also specify a custom title in the heading section of the ValidationSummary control by setting the HeaderText property.
You can control whether the ValidationSummary control is displayed or hidden by setting the ShowSummary property. The summary can also be displayed in a message box by setting the ShowMessageBox property to true.

What is the sequence of operation takes place when a page is loaded?
BeginTranaction - only if the request is transacted
Init - every time a page is processed
LoadViewState - Only on postback
ProcessPostData1 - Only on postback
Load - every time
ProcessData2 - Only on Postback
RaiseChangedEvent - Only on Postback
RaisePostBackEvent - Only on Postback
PreRender - everytime
BuildTraceTree - only if tracing is enabled
SaveViewState - every time
Render - Everytime
End Transaction - only if the request is transacted
Trace.EndRequest - only when tracing is enabled
UnloadRecursive - Every request

Difference between asp and asp.net?.
"ASP (Active Server Pages) and ASP.NET are both server side technologies for building web sites and web applications, ASP.NET is Managed compiled code - asp is interpreted. and ASP.net is fully Object oriented. ASP.NET has been entirely re-architected to provide a highly productive programming experience based on the .NET Framework, and a robust infrastructure for building reliable and scalable web
applications."

Name the validation control available in asp.net?.
RequiredField, RangeValidator,RegularExpression,Custom validator,compare Validator
What are the various ways of securing a web site that could prevent from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,

What is the difference between in-proc and out-of-proc?
An inproc is one which runs in the same process area as that of the client giving tha advantage of speed but the disadvantage of stability becoz if it crashes it takes the client application also with it.Outproc is one which works outside the clients memory thus giving stability to the client, but we have to compromise a bit on speed.

ASP.NET FAQs Part 2

What is different b/w webconfig.xml & Machineconfig.xml
Web.config & machine.config both are configuration files.Web.config contains settings specific to an application where as machine.config contains settings to a computer. The Configuration system first searches settings in machine.config file & then looks in application configuration files.Web.config, can appear in multiple directories on an ASP.NET Web application server. Each Web.config file applies configuration settings to its own directory and all child directories below it. There is only Machine.config file on a web server.
If I'm developing an application that must accomodate multiple security levels though secure login and my ASP.NET web appplication is spanned across three web-servers (using round-robbin load balancing) what would be the best approach to maintain login-in state for the users?
Use the state server or store the state in the database. This can be easily done through simple setting change in the web.config.
<SESSIONSTATE
StateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1; user id=sa; password="
cookieless="false"
timeout="30"
/>

You can specify mode as "stateserver" or "sqlserver".
Where would you use an iHTTPModule, and what are the limitations of any approach you might take in implementing one
"One of ASP.NET's most useful features is the extensibility of the HTTP pipeline, the path that data takes between client and server. You can use them to extend your ASP.NET applications by adding pre- and post-processing to each HTTP request coming into your application. For example, if you wanted custom authentication facilities for your application, the best technique would be to intercept the request when it comes in and process the request in a custom HTTP module.

How do you turn off cookies for one page in your site?
Since no Page Level directive is present, I am afraid that cant be done.

How do you create a permanent cookie?
Permanent cookies are available until a specified expiration date, and are stored on the hard disk.So Set the 'Expires' property any value greater than DataTime.MinValue with respect to the current datetime. If u want the cookie which never expires set its Expires property equal to DateTime.maxValue.
Which method do you use to redirect the user to another page without performing a round trip to the client?
Server.Transfer and Server.Execute
What property do you have to set to tell the grid which page to go to when using the Pager object?
CurrentPageIndex

Should validation (did the user enter a real date) occur server-side or client-side? Why?
It should occur both at client-side and Server side.By using expression validator control with the specified expression ie.. the regular expression provides the facility of only validatating the date specified is in the correct format or not. But for checking the date where it is the real data or not should be done at the server side, by getting the system date ranges and checking the date whether it is in between that range or not.
What does the "EnableViewState" property do? Why would I want it on or off?
Enable ViewState turns on the automatic state management feature that enables server controls to re-populate their values on a round trip without requiring you to write any code. This feature is not free however, since the state of a control is passed to and from the server in a hidden form field. You should be aware of when ViewState is helping you and when it is not. For example, if you are binding a control to data on every round trip, then you do not need the control to maintain it's view state, since you will wipe out any re-populated data in any case. ViewState is enabled for all server controls by default. To disable it, set the EnableViewState property of the control to false.

What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other?
Server.Transfer() : client is shown as it is on the requesting page only, but the all the content is of the requested page. Data can be persist accros the pages using Context.Item collection, which is one of the best way to transfer data from one page to another keeping the page state alive.
Response.Dedirect() :client know the physical location (page name and query string as well). Context.Items loses the persisitance when nevigate to destination page. In earlier versions of IIS, if we wanted to send a user to a new Web page, the only option we had was Response.Redirect. While this method does accomplish our goal, it has several important drawbacks. The biggest problem is that this method causes each page to be treated as a separate transaction. Besides making it difficult to maintain your transactional integrity, Response.Redirect introduces some additional headaches. First, it prevents good encapsulation of code. Second, you lose access to all of the properties in the Request object. Sure, there are workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the client, which, on high-volume sites, causes scalability problems. As you might suspect, Server.Transfer fixes all of these problems. It does this by performing the transfer on the server without requiring a roundtrip to the client.

Can you give an example of when it would be appropriate to use a web service as opposed to a non-serviced .NET component?
  • Communicating through a Firewall When building a distributed application with 100s/1000s of users spread over multiple locations, there is always the problem of communicating between client and server because of firewalls and proxy servers. Exposing your middle tier components as Web Services and invoking the directly from a Windows UI is a very valid option.
  • Application Integration When integrating applications written in various languages and running on disparate systems. Or even applications running on the same platform that have been written by separate vendors.
  • Business-to-Business Integration This is an enabler for B2B intergtation which allows one to expose vital business processes to authorized supplier and customers. An example would be exposing electronic ordering and invoicing, allowing customers to send you purchase orders and suppliers to send you invoices electronically.
  • Software Reuse This takes place at multiple levels. Code Reuse at the Source code level or binary componet-based resuse. The limiting factor here is that you can reuse the code but not the data behind it. Webservice overcome this limitation. A scenario could be when you are building an app that aggregates the functionality of serveral other Applicatons. Each of these functions could be performed by individual apps, but there is value in perhaps combining the the multiple apps to present a unifiend view in a Portal or Intranet.
  • When not to use Web Services: Single machine Applicatons When the apps are running on the same machine and need to communicate with each other use a native API. You also have the options of using component technologies such as COM or .NET Componets as there is very little overhead.
  • Homogeneous Applications on a LAN If you have Win32 or Winforms apps that want to communicate to their server counterpart. It is much more efficient to use DCOM in the case of Win32 apps and .NET Remoting in the case of .NET Apps
Can you give an example of what might be best suited to place in the Application_Start and Session_Start subroutines?
The Application_Start event is guaranteed to occur only once throughout the lifetime of the application. It's a good place to initialize global variables. For example, you might want to retrieve a list of products from a database table and place the list in application state or the Cache object. SessionStateModule exposes both Session_Start and Session_End events.
What are the advantages and disadvantages of viewstate?
The primary advantages of the ViewState feature in ASP.NET are:
1. Simplicity. There is no need to write possibly complex code to store form data between page submissions.
2. Flexibility. It is possible to enable, configure, and disable ViewState on a control-by-control basis, choosing to persist the values of some fields but not others.

There are, however a few disadvantages that are worth pointing out:
1. Does not track across pages. ViewState information does not automatically transfer from page to page. With the session
approach, values can be stored in the session and accessed from other pages. This is not possible with ViewState, so storing
data into the session must be done explicitly.

2. ViewState is not suitable for transferring data for back-end systems. That is, data still has to be transferred to the back
end using some form of data object.

Describe session handling in a webfarm, how does it work and what are the limits?
ASP.NET Session supports storing of session data in 3 ways, i] in In-Process ( in the same memory that ASP.NET uses) , ii] out-of-process using Windows NT Service )in separate memory from ASP.NET ) or iii] in SQL Server (persistent storage). Both the Windows Service and SQL Server solution support a webfarm scenario where all the web-servers can be configured to share common session state store.

1. Windows Service :
We can start this service by Start | Control Panel | Administrative Tools | Services | . In that we service names ASP.NET State Service. We can start or stop service by manually or configure to start automatically. Then we have to configure our web.config file


<CONFIGURATION><configuration>
<system.web>
<SessionState
mode = "StateServer"
stateConnectionString = "tcpip=127.0.0.1:42424"
stateNetworkTimeout = "10"
sqlConnectionString="data source = 127.0.0.1; uid=sa;pwd="
cookieless ="Flase"
timeout= "20" />
</system.web>
</configuration> </SYSTEM.WEB>
</CONFIGURATION>
Here ASP.Net Session is directed to use Windows Service for state management on local server (address : 127.0.0.1 is TCP/IP loop-back address). The default port is 42424. we can configure to any port but for that we have to manually edit the registry.
Follow these simple steps
- In a webfarm make sure you have the same config file in all your web servers.
- Also make sure your objects are serializable.
- For session state to be maintained across different web servers in the webfarm, the application path of the web-site in the IIS Metabase should be identical in all the web-servers in the webfarm.

ASP.NET FAQs part 1

Is it necessary to lock application state before accessing it?
Only if you're performing a multistep update and want the update to be treated as an atomic operation. Here's an example:
Application.Lock ();
Application["ItemsSold"] = (int) Application["ItemsSold"] + 1;
Application["ItemsLeft"] = (int) Application["ItemsLeft"] - 1;
Application.UnLock ();
By locking application state before updating it and unlocking it afterwards, you ensure that another request being processed on another thread doesn't read application state at exactly the wrong time and see an inconsistent view of it. If I update session state, should I lock it, too? Are concurrent accesses by multiple requests executing on multiple threads a concern with session state?
Concurrent accesses aren't an issue with session state, for two reasons. One, it's unlikely that two requests from the same user will overlap. Two, if they do overlap, ASP.NET locks down session state during request processing so that two threads can't touch it at once. Session state is locked down when the HttpApplication instance that's processing the request fires an AcquireRequestState event and unlocked when it fires a ReleaseRequestState event.

Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do they, for example, include the client's IP address or anything else that would distinguish the real client from an attacker?
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to prevent this from happening by using an encrypted communications channel (HTTPS). Authentication cookies issued as session cookies, do, however,include a time-out valid that limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change that by modifying the timeout attribute accompanying the <forms> element in Machine.config or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a more serious security threat if stolen.

How do I send e-mail from an ASP.NET application?

MailMessage message = new MailMessage ();
message.From = <email>;
message.To = <email>;
message.Subject = "Scheduled Power Outage";
message.Body = "Our servers will be down tonight.";
SmtpMail.SmtpServer = "localhost";
SmtpMail.Send (message);

MailMessage and SmtpMail are classes defined in the .NET Framework Class Library's System.Web.Mail namespace. Due to a security change made to ASP.NET just before it shipped, you need to set SmtpMail's SmtpServer property to "localhost" even though "localhost" is the default. In addition, you must use the IIS configuration applet to enable localhost (127.0.0.1) to relay messages through the local SMTP service.
What are VSDISCO files?
VSDISCO files are DISCO files that support dynamic discovery of Web services. If you place the following VSDISCO file in a directory on your Web server, for example, it returns references to all ASMX and DISCO files in the host directory and any subdirectories not noted in <exclude> elements:
<?xml version="1.0" ?>
<dynamicDiscovery
xmlns="urn:schemas-dynamicdiscovery:disco.2000-03-17">
<exclude path="_vti_cnf" />
<exclude path="_vti_pvt" />
<exclude path="_vti_log" />
<exclude path="_vti_script" />
<exclude path="_vti_txt" />
</dynamicDiscovery>

How does dynamic discovery work?
ASP.NET maps the file name extension VSDISCO to an HTTP handler that scans the host directory and subdirectories for ASMX and DISCO files and returns a dynamically generated DISCO document. A client who requests a VSDISCO file gets back what appears to be a static DISCO document.
Note that VSDISCO files are disabled in the release version of ASP.NET. You can reenable them by uncommenting the line in the <httpHandlers> section of Machine.config that maps *.vsdisco to System.Web.Services.Discovery.DiscoveryRequestHandler and granting the ASPNET user account permission to read the IIS metabase. However, Microsoft is actively discouraging the use of VSDISCO files because they could represent a threat to Web server security.

Is it possible to prevent a browser from caching an ASPX page?
Just call SetNoStore on the HttpCachePolicy object exposed through the Response object's Cache property, as demonstrated here:

<%@ Page Language="C#" %>
<html>
<body>
<%
Response.Cache.SetNoStore ();
Response.Write (DateTime.Now.ToLongTimeString ());
%>
</body>
</html>

SetNoStore works by returning a Cache-Control: private, no-store header in the HTTP response. In this example, it prevents caching of a Web page that shows the current time.
What does AspCompat="true" mean and when should I use it?
AspCompat is an aid in migrating ASP pages to ASPX pages. It defaults to false but should be set to true in any ASPX file that creates apartment-threaded COM objects--that is, COM objects registered ThreadingModel=Apartment. That includes all COM objects written with Visual Basic 6.0. AspCompat should also be set to true (regardless of threading model) if the page creates COM objects that access intrinsic ASP objects such as Request and Response. The following directive sets AspCompat to true:

<%@ Page AspCompat="true" %>
Setting AspCompat to true does two things. First, it makes intrinsic ASP objects available to the COM components by placing unmanaged wrappers around the equivalent ASP.NET objects. Second, it improves the performance of calls that the page places to apartment- threaded COM objects by ensuring that the page (actually, the thread that processes the request for the page) and the COM objects it creates share an apartment. AspCompat="true" forces ASP.NET request threads into single-threaded apartments (STAs). If those threads create COM objects marked ThreadingModel=Apartment, then the objects are created in the same STAs as the threads that created them. Without AspCompat="true," request threads run in a multithreaded apartment (MTA) and each call to an STA-based COM object incurs a performance hit when it's marshaled across apartment boundaries.
Do not set AspCompat to true if your page uses no COM objects or if it uses COM objects that don't access ASP intrinsic objects and that are registered ThreadingModel=Free or ThreadingModel=Both.
Explain the differences between Server-side and Client-side code?
Server side scripting means that all the script will be executed by the server and interpreted as needed. ASP doesn't have some of the functionality like sockets, uploading, etc. For these you have to make a custom components usually in VB or VC++. Client side scripting means that the script will be executed immediately in the browser such as form field validation, clock, email validation, etc. Client side scripting is usually done in VBScript or JavaScript. Download time, browser compatibility, and visible code - since JavaScript and VBScript code is included in the HTML page, then anyone can see the code by viewing the page source. Also a possible security hazards for the client computer.
What type of code (server or client) is found in a Code-Behind class?
C#

Should validation (did the user enter a real date) occur server-side or client-side? Why?
Client-side validation because there is no need to request a server side date when you could obtain a date from the client machine.
What are ASP.NET Web Forms? How is this technology different than what is available though ASP?
Web Forms are the heart and soul of ASP.NET. Web Forms are the User Interface (UI) elements that give your Web applications their look and feel. Web Forms are similar to Windows Forms in that they provide properties, methods, and events for the controls that are placed onto them. However, these UI elements render themselves in the appropriate markup language required by the request, e.g. HTML. If you use Microsoft Visual Studio .NET, you will also get the familiar drag-and-drop interface used to create your UI for your Web application.
What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other?
In earlier versions of IIS, if we wanted to send a user to a new Web page, the only option we had was Response.Redirect. While this method does accomplish our goal, it has several important drawbacks. The biggest problem is that this method causes each page to be treated as a separate transaction. Besides making it difficult to maintain your transactional integrity, Response.Redirect introduces some additional headaches. First, it prevents good encapsulation of code. Second, you lose access to all of the properties in the Request object. Sure, there are workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the client, which, on high-volume sites, causes scalability problems.
As you might suspect, Server.Transfer fixes all of these problems. It does this by performing the transfer on the server without requiring a roundtrip to the client.

How can you provide an alternating color scheme in a Repeater control?
AlternatingItemTemplate Like the ItemTemplate element, but rendered for every other row (alternating items) in the Repeater control. You can specify a different appearance for the AlternatingItemTemplate element by setting its style properties.
Which template must you provide, in order to display data in a Repeater control?
ItemTemplate

What event handlers can I include in Global.asax?
Application_Start,Application_End, Application_AcquireRequestState, Application_AuthenticateRequest, Application_AuthorizeRequest, Application_BeginRequest, Application_Disposed, Application_EndRequest, Application_Error, Application_PostRequestHandlerExecute, Application_PreRequestHandlerExecute,
Application_PreSendRequestContent, Application_PreSendRequestHeaders, Application_ReleaseRequestState, Application_ResolveRequestCache, Application_UpdateRequestCache, Session_Start,Session_End
You can optionally include "On" in any of method names. For example, you can name a BeginRequest event handler.Application_BeginRequest or Application_OnBeginRequest.You can also include event handlers in Global.asax for events fired by custom HTTP modules.Note that not all of the event handlers make sense for Web Services (they're designed for ASP.NET applications in general, whereas .NET XML Web Services are specialized instances of an ASP.NET app). For example, the Application_AuthenticateRequest and Application_AuthorizeRequest events are designed to be used with ASP.NET Forms authentication.

-------------------------------------------------------------------------


  1. What's the difference between Response.Write() andResponse.Output.Write()?
Response.Output.Write() allows you to write formatted output.
  1. What methods are fired during the page load?
Init() - when the page is instantiated
Load() - when the page is loaded into server memory
PreRender() - the brief moment before the page is displayed to the user as HTML
Unload() - when page finishes loading.
  1. When during the page processing cycle is ViewState available?
After the Init() and before the Page_Load(), or OnLoad() for a control.
  1. What namespace does the Web page belong in the .NET Framework class hierarchy?
System.Web.UI.Page
  1. Where do you store the information about the user's locale?
CodeBehind is relevant to Visual Studio.NET only.
  1. What's the difference between Codebehind="MyCode.aspx.cs" andSrc="MyCode.aspx.cs"?
CodeBehind is relevant to Visual Studio.NET only.
  1. What is the Global.asax used for?
The Global.asax (including the Global.asax.cs file) is used to implement application and session level events.
  1. What are the Application_Start and Session_Start subroutines used for?
This is where you can set the specific variables for the Application and Session objects.
  1. Whats an assembly?
Assemblies are the building blocks of the .NET framework;
  1. Whats MSIL, and why should my developers need an appreciation of it if at all?
MSIL is the Microsoft Intermediate Language. All .NET compatible languages will get converted to MSIL. MSIL also allows the .NET Framework to JIT compile the assembly on the installed computer.
  1. Which method do you invoke on the DataAdapter control to load your generated dataset with data?
The Fill() method.
  1. Can you edit data in the Repeater control?
No, it just reads the information from its data source.
  1. Which template must you provide, in order to display data in a Repeater control?
ItemTemplate.
  1. Name two properties common in every validation control?
ControlToValidate property and Text property.
  1. What base class do all Web Forms inherit from?
The Page class.
  1. What is the difference between Server.Transfer and Response.Redirect? Why would I choose one over the other?
Server.Transfer transfers page processing from one page directly to the next page without making a round-trip back to the client's browser. This provides a faster response with a little less overhead on the server. Server.Transfer does not update the clients url history list or current url. Response.Redirect is used to redirect the user's browser to another page or site. This performas a trip back to the client where the client's browser is redirected to the new page. The user's browser history list is updated to reflect the new address
  1. What is ViewState?
ViewState allows the state of objects (serializable) to be stored in a hidden field on the page. ViewState is transported to the client and back to the server, and is not stored on the server or any other external source. ViewState is used the retain the state of server-side objects between postabacks.
  1. What is the lifespan for items stored in ViewState?
Item stored in ViewState exist for the life of the current page. This includes postbacks (to the same page).
  1. What does the "EnableViewState" property do? Why would I want it on or off?
It allows the page to save the users input on a form across postbacks. It saves the server-side values for a given control into ViewState, which is stored as a hidden value on the page before sending the page to the clients browser. When the page is posted back to the server the server control is recreated with the state stored in viewstate.
  1. What are the different types of Session state management options available with ASP.NET?
ASP.NET provides In-Process and Out-of-Process state management. In-Process stores the session in memory on the web server. This requires the a "sticky-server" (or no load-balancing) so that the user is always reconnected to the same web server. Out-of-Process Session state management stores data in an external data source. The external data source may be either a SQL Server or a State Server service. Out-of-Process state management requires that all objects stored in session are serializable.
------------------------------------------------------------------------------------

Basic use of Session in ASP.NET (C#):

STORE:
DataSet ds = GetDataSet(whatever parameters); Session["mydataset")=ds; RETRIEVE: DataSet ds = (DataSet)Session["mydataset"];

Storage location

* InProc - session kept as live objects in web server (aspnet_wp.exe). Use "cookieless" configuration in web.config to "munge" the sessionId onto the URL (solves cookie/domain/path RFC problems too!)
* StateServer - session serialized and stored in memory in a separate process (aspnet_state.exe). State Server can run on another machine
* SQLServer - session serialized and stored in SQL server

Performance

* InProc - Fastest, but the more session data, the more memory is consumed on the web server, and that can affect performance.
* StateServer - When storing data of basic types (e.g. string, integer, etc), in one test environment it's 15% slower than InProc. However, the cost of serialization/deserialization can affect performance if you're storing lots
of objects. You have to do performance testing for your own scenario.
* SQLServer - When storing data of basic types (e.g. string, integer, etc), in one test environment it's 25% slower than InProc. Same warning about serialization as in StateServer.


Performance tips for Out-of-Proc (OOP) modes

If you're using OOP modes (State Server or SQL Server), one of your major cost is the serialization/deserialization of objects in your session state. ASP.NET performs the serialization/deserialization of certain "basic" types using an optimized internal method. "Basic" types include numeric types of all sizes (e.g. Int, Byte, Decimal, ... etc), String, DateTime, TimeSpan, Guid, IntPtr and UIntPtr.

If you have a session variable (e.g. an ArrayList object) that is not one of the "basic" types, ASP.NET will serialize/deserialize it using the BinaryFormatter, which is relatively slower.

For performance sake it is better to store all session state data using one of the "basic" types listed above. For example, if you want to store two things, Name and Address, in session state, you can either

(a) store them using two String session variables, or
(b) create a class with two String members, and store that class object in a session
variable. Performance wise, you should go with option (a).


Robustness

* InProc - Session state will be lost if the worker process (aspnet_wp.exe) recycles, or if the appdomain restarts. It's because session state is stored in the memory space of an appdomain. For details, see KB324772.
* StateServer - Solve the session state loss problem in InProc mode. Allows a webfarm to store session on a central server. Single point of failure at the State Server.
* SQLServer - Similar to StateServer. Moreover, session state data can survive a SQL server restart, and you can also take advantage of SQL server failover cluster, after you've followed instructions in KB 311029.


Caveats

InProc - It won't work in web garden mode, because in that mode multiple aspnet_wp.exe will be running on the same machine. Switch to StateServer or SQLServer when using web garden. Also Session_End event is supported only in InProc mode.

StateServer

* - In a web farm, make sure you have the same in all your web servers. See KB 313091 on how to do it.
* - Also, make sure your objects are serializable. See KB 312112 for details.
* - For session state to be maintained across different web servers in the web farm, the Application Path of the website (For example \LM\W3SVC\2) in the IIS Metabase should be identical in all the web servers in the web farm. See KB 325056 for details

SQLServer


- If you specify integrated security in the connection string (e.g. "trusted_connection=true", or "integrated security=sspi"), it won't work if you also turn on impersonation in asp.net. Unfortunately, this bug
isn't reported in KB yet. (There is a QFE fix for it.)
- Also, make sure your objects are serializable. See KB 312112 for details.
- For session state to be maintained across different web servers in the web farm, the Application Path of the website (For example \LM\W3SVC\2) in the IIS Metabase should be identical in all the web servers in the web farm.
See KB 325056 for details.


Q: Session states works on some web servers but not on others.
A: Maybe machine name problem. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q316112 .
Q: Why isn't Session_End fired when I call Session_Abandon?
A: First of all, Session_End event is supported only in InProc mode. In order for Session_End to be fired, your session state has to exist first. That means you have to store some data in the session state and has completed at least one request.
Q: Why are my Session variables lost frequently when using InProc mode?
A: Probably because of application recycle. See http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316148
Q: Why does the SessionID remain the same after the Session times out or abandoned?
A:Even though the session state expires after the indicated timeout period, the session ID lasts as long as the browser session. What this implies is that the same session ID can represent multiple sessions over time where the instance of the browser remain the same.
Q: Why does the SessionID changes in every request?
A: This may happen if your application has never stored anything in the session state. In this case, a new session state (with a new ID) is created in every request, but is never saved because it contains nothing.
However, there are two exceptions to this same session ID behavior:
- If the user has used the same browser instance to request another page that uses the session state, you will get the same session ID every time. For details, see "Why does the SessionID remain the same after the Session times out?"
- If the Session_OnStart event is used, ASP.NET will save the session state even when it is empty.
Q: Can I share session state between ASP.NET and ASP pages?
A: Yes! Here is our article on how to do this in either direction using two "intermediate" pages. And here is an article on how to do it with SQL Server.
Q: What kinds of object can I store in session state?
A: It depends on which mode you are using:
- If you are using InProc mode, objects stored in session state are actually live objects, and so you can store whatever object you have created.
- If you are using State Server or SQL Server mode, objects in the session state will be serialized and deserialized when a request is processed. So make sure your objects are serializable and their classes must be marked as so. If not, the session state will not be saved successfully. In v1, there is a bug which makes the problem happen unnoticed. See this KB for more info:
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;q312112
Q: How come Response.Redirect and Server.Transfer is not working in Session_End?
A: Session_End is fired internally by the server, based on an internal timer. Thus, there is no HttpRequest associted when that happens. That is why Response.Redirect or Server.Transferdoes not make sense and will not work.
Q: Do I have a valid HttpContext in Session_End?
A: No, because this event is not associated with any request.
Q: Will my session state be saved when my page hit an error?
No. Unless you call Server.ClearError in your exception handler.
Q: How do I use session state with web services?
A: The extra trick needed is on the caller side. You have to save and store the cookies used by the web service. See the MSDN documentation on HttpWebClientProtocol.CookieContainer property.
However, please note if you're using proxy object to call a web service from your page, the web service and your page cannot share the same session state due to architecture limitation.
This can be done if you call your web service through redirect.
Q: I am writing my own HttpHandler. Why is session state not working?
A: Your HttpHandler has to implement the "marker" interface IRequiresSessionState or IReadOnlySessionState in order to use session state.
Q: I am using a webfarm, and I lost session state when directed to some web servers.
A: For session state to be maintained across different web servers in the web farm, the Application Path of the website (For example \LM\W3SVC\2) in the IIS Metabase should be identical in all the web servers in the web farm.
See KB 325056 for details.
Q: Why isn't session state availabe in the Application_OnAcquireRequestState (or other) event handler?
A: Session state is available only after the HttpApplication.AcquireRequestState event is called. For details, see: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhandlingpublicevents.asp
Q: If using "cookieless", how can I redirect from a HTTP page to an HTTPS page?
A: Try this:
String originalUrl = "/fxtest3/sub/foo2.aspx";
String modifiedUrl = "https://localhost" + Response.ApplyAppPathModifier(originalUrl);
Response.Redirect(modifiedUrl);
NOTE: Fully qualified URLs in the response.redirect, server.transfer, and FORM action
tags cannot be used with cookiless sessions. Here is an example of a fully qualified
URL: http://www.eggheadcafe.com/default.asp More info here:
Q: What isn't Session available in my event handler in global.asax?
A: It depends on which event you're handling. Session is available only after AcquireRequestState event.
Q: Does session state have a locking mechanism that serialize the access to state?
Session state implements a reader/writer locking mechanism:
- A page (or frame) that has session state write access (e.g. <%@ Page EnableSessionState="True" %>) will hold a writer lock on the session until the request finishes.
- A page (or frame) that has session state read access (e.g. <%@ Page EnableSessionState="ReadOnly" %>) will hold a reader lock on the session until the request finishes.
- Reader lock will block a writer lock; Reader lock will NOT block reader lock; Writer lock will block all reader and writer lock.
- That's why if two frames both have session state write access, one frame has to wait for the other to finish first.








No comments:

Post a Comment

Search for