ASP.NET Interview Prep E 2 Series ASP.NET Interview Prep
ASP.NET Server Controls
E2 Series ASP.NET Interview Prep
1. What is the difference between HTML controls and Web Server controls?
HTML Server Controls Web Server Controls
They follow the HTML‐centric object model.
They provide a rich object model that provides type‐safe programming capabilities. They also provide a set of properties and methods that can change the look and behavior of the controls.
They have no mechanism of identifying the capabilities of the client browser accessing the current page.
They can detect the target browser's capabilities and render them accordingly.
By default, events are processed on client side.
They are always processed on server‐side.
HTML controls do not support customizations using templates.
For some controls, you can define your own layout using templates.
Note: ASP.NET provides a feature called ‘template’ that allows the separation of control data from its presentation.
They have ability to handle events in client script.
Although events occur on client‐side, they are processed on the server‐side after the page is submitted.
2. When is it advisable to use HTML / Web Sever controls?
Use HTML server controls when,
You are migrating existing ASP / HTML pages to ASP.NET Controls have associated custom client‐side JavaScript Web form functionality is required while working with HTML pages If large amount of client‐side (JavaScript) already exists Use Web Server Controls when,
Web Server Control except in special cases specified above. Use of these would avail facilities like object‐oriented programming model, automatic state
ASP.NET Server Controls
E2 Series ASP.NET Interview Prep
management, and rich look‐and‐feel like AdRotator, Calendar, or highly customizable data display controls like data binding controls in ASP.NET etc.
3. Why is action attribute removed while converting an HTML page to ASP.NET page?
The Action attribute of HTML <Form> tag points to the URL on the server to which the form data is sent. In ASP.NET, a web page submits to itself by default. Hence this attribute becomes ineffective when an HTML page is converted to ASP.NET page. If specified, it is ignored.
4. What is AdRotator control?
Web applications are used for generating more sales through targeted advertisements. The AdRotator Web Server Control randomizes the displayed ad each time the page is refreshed. The AdRotator control is associated with a data source, which is normally an XML file or a database table or custom logic (handler for the AdCreated event). The data source contains advertisement graphics reference, link, and alternate text etc. A numeric value named Impressions controls the priority of the ads displayed. When one clicks the ad, he/she is redirected to a target URL using the NavigateUrl value specified in the ad file.
5. What are navigation controls in ASP.NET?
Navigation controls make the navigation (i.e. moving from one page to the other inside a web application) easy for the user. These controls store all the links in a hierarchical or drop‐down structure to facilitate easy navigation. There are three navigation controls in ASP.NET namely, SiteMapPath, Menu and TreeView.
6. Which control can be used to provide breadcrumb navigation?
Breadcrumb is a navigation‐aid which provides links back to each of the previous page the user has navigated so as to get to the current page. This improves usability of the page and navigation becomes easier.
ASP.NET Server Controls
E2 Series ASP.NET Interview Prep
In ASP.NET SiteMapPath control can be used to provide breadcrumb navigation. Typical breadcrumb may look like as shown below:
State Management and Caching
E2 Series ASP.NET Interview Prep
1. What are advantages and limitations of session state?
Following are the advantages of session state:
1. ASP.NET session state provides a way to persist variable values across pages while the user is in session with the server.
2. Session state can work in case of single process, multi‐process, or multi‐processor (or computer) type of deployments.
3. Data placed in the session state survives IIS restarts.
Limitations of session state are as below:
1. Session state variables keep on occupying memory until explicitly removed/ replaced which may degrade web server performance.
2. Large datasets when stored in session may adversely affect web server performance as the load increases.
3. By default, session state is stored in the memory of the worker process. It can be lost after 20 minutes of inactivity (default expiration value)
2. Does ASP.NET support cookieless sessions?
Web application use cookies in session management to store session ids. Disabling cookies poses an issue. ASP.NET overcomes this issue by enabling cookieless session through settings in a web.config file as follows.
<sessionState mode="InProc" cookieless="true" timeout="20" />
In the above example, mode = "InProc" indicates session object is stored in the server's memory, timeout="20" specifies that the session timeout is 20 minutes and cookieless="true" a Boolean attribute that indicates a cookieless session. The developer does not have to change anything in the application code.
3. Give a real world scenario to illustrate why it is essential to disable browser’s back button in some web applications.
State Management and Caching
E2 Series ASP.NET Interview Prep
A web browser's back button provides ease of navigation. However, using a web browser's back button can produce unexpected results to an extent of even crashing a web application.
For example, consider a web application for customer feedback. Once the form is submitted, the response is stored in a database. If user presses back button, the entire data would be resubmitted and either an error will be generated like duplicate feedbackID or the feedback data would be stored again wrongly as one more record. Same issue can be faced with shopping carts. To avoid this, back button from the browser tool bar is disabled and applications provide their own back button as part of the page so that such inconsistencies can be dealt with.
4. Explain how a browser’s back button can be disabled in ASP.NET web applications?
Following code disables browser page caching when placed in page_load event.
Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetExpires(Now.AddSeconds(-1)); Response.Cache.SetNoStore(); Response.AppendHeader("Pragma", "no-cache");
This code when executed at page loading time ensures that a "Page has expired" warning is displayed when user tries to go back to the previous page.
There is another solution which is more reliable ‐ comparing the time stamps of session and ‘view state’ in addition to disabling the caching. If they match, control is transferred to the page that displays page expired message.
5. What is caching in ASP.NET?
Caching is a process of storing frequently used data for quicker access. The data which is generated by executing a complex logic or does not change very frequently is stored in memory in the form of ready‐to‐use object rather than doing processing every time. Complex DataSet object or a frequently used report or a web page are good candidates to exploit the caching mechanism for improving the performance and scalability of the web application.
ASP.NET Security
E2 Series ASP.NET Interview Prep
1. What is Forms authentication? What are its pros and cons?
Forms authentication presents a user an HTML form for credentials. Once user submits the form, the request is authenticated and web server generates a cookie that serves as authentication ticket for subsequent requests to any protected resources. If the request does not carry authentication ticket, the user is redirected to the login page, instead of the requested resource.
Following are the pros and cons of Forms authentication:
Pros
1. It allows implementing custom authentication mechanism that reads user credentials from data stores other than SQL Server like Oracle or XML files.
2. It can be used for achieving personalization features.
3. Supports user management based on roles.
Cons
1. Authentication ticket is vulnerable to tampering or spoofing type of security attacks, unless used with SSL/TLS.
2. Is only applicable for resources mapped to Aspnet_isapi.dll and not applicable to resources like .html or .gif.
2. What is Passport authentication? What are its pros and cons?
Passport authentication type uses an external authentication service from Microsoft called Passport. Passport is a centralized repository of user information. The user has to be signed up with Microsoft's Passport Service. Passport uses an encrypted cookie mechanism to identify and indicate authenticated users. If the users have already been signed into passport when they visit the application page, ASP.NET will consider them as authenticated. Otherwise, the users will be redirected to Passport servers for login. This authentication mechanism supports what is called as single‐signon (SSO) for using the same credentials to access member sites. For example, Hotmail uses Passport Service to authenticate users.
Following are the pros and cons of Passport authentication:
ASP.NET Security
E2 Series ASP.NET Interview Prep
Pros
1. It supports Single Sign‐On (SSO) across multiple web domains. 2. It is compatible with all browsers. 3. It is more secure as it is built on cryptography technologies.
Cons
1. Places an external dependency for the authentication process. 2. To implement Passport, the site must be registered with the Passport
service, accept the license agreement and install the Passport SDK prior to use.
3. What is Windows authentication? What are its pros and cons?
Windows authentication relies on IIS for authentication. IIS does authentication in any one of the ways including Basic, Digest, or Integrated Windows Authentication. ASP.NET makes use of this identity. If a user attempts to access a page and is not authenticated, he is shown a dialog box that accepts username and password. This is a better authentication mechanism (that uses existing user accounts) for applications which are used inside an organization.
Following are the pros and cons of Windows authentication: Pros
1. Authenticates using Windows accounts, without having to write any custom authentication code.
2. Suitable for intranet applications which can leverage existing user accounts in Active directory or local database.
Cons
1. May require the use and management of individual Windows user accounts.
2. It is not suitable for web application targeted for public consumption at large.
4. What is impersonation in ASP.NET?
ASP.NET Security mechanism includes a feature named ‘impersonation’ which is an ability to control the identity under which code is executed. This feature
ASP.NET Security
E2 Series ASP.NET Interview Prep
empowers ASP.NET to execute code in the context of an authenticated and authorized client. By default, impersonation is disabled and all the code is executed using the same user account as the ASP.NET process, which is typically the ASPNET account in case of IIS 5.0 or Network Service Account (IIS 6.0).
Sometimes, a page may access a network resource such as a file on a shared drive, which requires additional permissions. Here, ASP.NET impersonation comes to the rescue. With impersonation, ASP.NET can execute the request using the identity of the client who is making the request, or ASP.NET can impersonate a specific account specified in web.config.
A minimal configuration required to enable impersonation for an application might look similar to the following example:
<identity impersonate="true"/>
To impersonate a specific user for all the requests on all pages of an ASP.NET application, you can specify the username and password attributes in the <identity> tag of the web.config file for that application as shown below:
<identity impersonate="true" userName="TestDomain\Robert" password="p@ssw0rd"/>
This enables the entire application to run as TestDomain\Robert, regardless of the identity of the request, as long as the password is correct.
5. What is the default user account under which an ASP.NET web application runs on a web server?
On Microsoft Windows 2000, Windows XP Professional (and IIS 5.0), ASP.NET worker process runs with an identity (user account) of local ASPNET account. On a Web server running Microsoft Windows Server 2003 and Internet Information Services (IIS) 6.0, the ASP.NET process runs in the application pool under the Network service account by default.
ASP.NET Ajax
E2 Series ASP.NET Interview Prep
1. How can a script be dynamically added to an ASP.NET page?
A script can be dynamically added to an ASP.NET page by using ClientSideScriptManager class.
2. What are ASP.NET AJAX extensions?
ASP.NET AJAX extensions provide script‐based (through web service proxy script) access to the ASP.NET framework services like Authentication and Profile which are exposed as web services. Microsoft AJAX library provides JavaScript proxy methods that enable browser‐based web applications to use these services without the need for postbacks. The proxy scripts are packaged inside the Sys.Services namespace. These services are disabled by default; developer needs to enable them explicitly.
3. What are the various types of AJAX client‐side components?
ASP.NET AJAX library provides the base client object types: Behavior, Component and Control classes to create client components that provide rich behaviors in the browser without postbacks. These components can be classified as below:
1. Behaviors ‐ These components extend the basic behavior of existing DOM elements by adding AJAX functionality to these elements.
2. Components ‐ These are the components that do not have any visual appearance when the page runs in the browser. For example Timer control
3. Controls ‐ These are visual elements which represent a custom ASP.NET AJAX client control.
4. What is ASP.NET AJAX Control Toolkit?
The ASP.NET AJAX Control Toolkit is an open‐source project based on the ASP.NET AJAX framework. It is a joint effort between Microsoft and the ASP.NET AJAX community that provides a powerful infrastructure to write reusable, customizable and extensible ASP.NET AJAX extenders and controls that can be used out of the box to create interactive and highly responsive web UIs.
ASP.NET Ajax
E2 Series ASP.NET Interview Prep
This toolkit provides more than 30 controls that enable creating rich, interactive web pages. This control toolkit is available as a separate download from Codeplex site.
5. What are AJAX extender controls?
Microsoft ‘AJAX extender control’ enhances the client functionality of ASP.NET Web Server Controls, such as TextBox, Button and Panel. Extender control is associated with the ASP.NET server controls by setting the TargetControlID property of the extender control to the ID of the server control being extended.
For example, one wants to display a confirmation dialog before a page is submitted on a click of a Button. This can be achieved by associating the Button with an extender control named ConfirmButtonExtender. Now before submitting to the server, a confirmation dialog will be displayed. It is like extending the functionality of the Button.
6. What are the different ways to create controls that implement AJAX features on the client?
The Microsoft AJAX library provides the base client object types: Component, Control and Behavior classes which can be extended to provide rich client functionality.
1. Creating custom non ‐ visual client components
These components derive from Sys.Component and typically have no UI representation.
2. Creating Custom AJAX Client Controls
These controls are derived from the Control base class, which is a descendant of the Component base class. This control represents a DOM element as a client object and extends a markup representation or provides additional functionality for the element.
3. Extending the controls by adding custom behavior
A behavior is a component that extends functionality of a ‘DOM element’ that it is associated with. These objects are created by using Sys.UI.Behavior class. For example, a watermark for an existing text box can be created by using a behavior that is attached to the text box.
ASP.NET MVC Framework
E2 Series ASP.NET Interview Prep
1. What are MVC ‘Controller Actions’?
A controller exposes methods called ‘controller actions’. It is a method on a controller that is invoked when a particular request is sent via browser. For example, imagine that you make a request for the following URL:
http://www.seed.com/Course/Details
In this case, the Details method is called on (say) the CourseController class. This Details method is a ‘controller action’. A controller action is a public method of a controller class. Any public method that you add to a controller class is exposed as a controller action automatically. Please note that a method used as a controller action cannot be overloaded.
2. What are ‘Action Results’?
A controller action returns an ‘action result’ in response to a request. All of these ‘action results’ inherit from ActionResult class. In most cases, a ‘controller action’ returns a ViewResult.
These ‘action results’ are of several types including:
1. ViewResult ‐ Represents HTML and other markup.
2. EmptyResult ‐ Indicates no result.
3. RedirectResult ‐ Redirects to a new URL.
4. JsonResult ‐ Indicates a JavaScript Object Notation (JSON) result that can be used in an AJAX based application.
5. JavaScriptResult ‐ Returns a JavaScript script.
6. ContentResult ‐ Returns a text result.
7. FileContentResult ‐ Represents a downloadable file (with the binary content).
8. FilePathResult ‐ Represents the downloadable file with the fully qualified path.
9. FileStreamResult ‐ Represents a downloadable file (with a file stream).
ASP.NET MVC Framework
E2 Series ASP.NET Interview Prep
3. How is Model implemented in ASP.NET MVC application?
In an ASP.NET MVC application, a Model is responsible for business logic and processing of business data. Often model objects retrieve data or store data from a data store. For example, Products object reads information from a database, operates on it, and then saves updated information back to a Products table in a database. ASP.NET MVC models may be implemented using Microsoft ADO.NET Entity Framework, NHibernate, ADO.NET classes or in‐memory collections.
4. What are views in ASP.NET MVC?
ASP.NET MVC Views are the components that render the application's User Interface (UI). Typically, this UI is created from the model data. In MVC application, the view only displays information; the controller is responsible for processing it further. An example of a View is an edit view/screen of a Products table that displays text boxes, drop‐down lists, and check boxes based on the current state of a Product object.
5. What is Razor?
Quite often ASP.NET Web pages have C# or VB code blocks interspersed in the HTML markup. This hampers readability and in turn maintainability of code. Razor is a C# based markup syntax instead of C# or VB code block with delimiters <%= %>. It comes with inteli‐sense and can be unit tested. Razor file extension is .cshtml for C# language, and .vbhtm for Visual Basic.
Here is a simple code snippet to demonstrate its syntax:
<ul id= “Course”> @foreach(var mCourse in Course) { <li> @ mCourse.CourseName ([email protected]) </li> } </ul>