ASP.

net Questions

http://www.ittestpapers.com/articles/761/1/ASPNet-Interview-Questions1-25/Page1.html

1.Describe the role of inetinfo.exe, aspnet_isapi.dll and aspnet_wp.exe in the page loading
process ?

Ans : inetinfo.exe is the Microsoft IIS server running, handling ASP.NET requests among other
things. When an ASP.NET request is received (usually a file with .aspx extension), the ISAPI
filter aspnet_isapi.dll takes care of it by passing the request to the actual worker process
aspnet_wp.exe.

2. What’s the difference between Response.Write() and Response.Output.Write()?

Ans : Response.Output.Write() allows you to write formatted output.

3. What methods are fired during the page load?

Ans : Init() - when the page is instantiated
Load() - when the page is loaded into server memory
PreRender() - the brief moment before the page is displayed to the user as HTML
Unload() - when page finishes loading.

4. When during the page processing cycle is ViewState available?

Ans : After the Init() and before the Page_Load(), or OnLoad() for a control.

5. What namespace does the Web page belong in the .NET Framework class hierarchy?
Ans : System.Web.UI.Page

6. Where do you store the information about the user’s locale?

Ans : System.Web.UI.Page.Culture

7. What’s the difference between Codebehind="MyCode.aspx.cs" and Src="MyCode.aspx.cs"?

Ans : CodeBehind is relevant to Visual Studio.NET only.

8. What’s a bubbled event?

Ans : When you have a complex control, like DataGrid, writing an event processing routine for
each object (cell, button, row, etc.) is quite tedious. The controls can bubble up their event
handlers, allowing the main DataGrid event handler to take care of its constituents.

9. Suppose you want a certain ASP.NET function executed on MouseOver for a certain button.
Where do you add an event handler?

Ans : Add an OnMouseOver attribute to the button. Example:

btnSubmit.Attributes.Add("onmouseover","someClientCodeHere();");

10. What data types do the RangeValidator control support?

Ans : Integer, String, and Date.1. Explain the differences between Server-side and Client-side
code?

Ans : Server-side code executes on the server. Client-side code executes in the client's browser.

12. What type of code (server or client) is found in a Code-Behind class?

Ans : The answer is server-side code since code-behind is executed on the server. However,
during the code-behind's execution on the server, it can render client-side code such
as JavaScript to be processed in the clients browser. But just to be clear, code-behind executes
on the server, thus making it server-side code.

13. Should user input data validation occur server-side or client-side? Why?

Ans : All user input data validation should occur on the server at a minimum. Additionally,
client-side validation can be performed where deemed appropriate and feasable to provide a
richer, more responsive experience for the user.

14. What is the difference between Server.Transfer and Response.Redirect? Why would I
choose one over the other?

Ans : Server.Transfer transfers page processing from one page directly to the next page
without making a round-trip back to the client's browser. This provides a faster response with
a little less overhead on the server. Server.Transfer does not update the clients url history list
or current url. Response.Redirect is used to redirect the user's browser to another page or site.
This perform as a trip back to the client where the client's browser is redirected to the new
page. The user's browser history list is updated to reflect the new address.

15. Can you explain the difference between an ADO.NET Dataset and an ADO Recordset?

Valid answers are:

· A DataSet can represent an entire relational database in memory, complete with tables,
relations, and views.

· A DataSet is designed to work without any continuing connection to the original data source.

· Data in a DataSet is bulk-loaded, rather than being loaded on demand.

· There's no concept of cursor types in a DataSet.

· DataSets have no current record pointer You can use For Each loops to move through the
data.

· You can store many edits in a DataSet, and write them to the original data source in a single
operation.

· Though the DataSet is universal, other objects in ADO.NET come in different versions for
different data sources.

16. What is the Global.asax used for?

Ans : The Global.asax (including the Global.asax.cs file) is used to implement application and
session level events.

17. What are the Application_Start and Session_Start subroutines used for?

Ans : This is where you can set the specific variables for the Application and Session objects.

18. Can you explain what inheritance is and an example of when you might use it?

Ans : When you want to inherit (use the functionality of) another class. Example: With a base
class named Employee, a Manager class could be derived from the Employee base class.
19. Whats an assembly?

Ans : Assemblies are the building blocks of the .NET framework.

20. Describe the difference between inline and code behind.

Ans : Inline code written along side the html in a page. Code-behind is code written in a
separate file and referenced by the .aspx page

21. Explain what a diffgram is, and a good use for one?

Ans : The DiffGram is one of the two XML formats that you can use to render DataSet object
contents to XML. A good use is reading database data to an XML file to be sent to a Web
Service.

22. Whats MSIL, and why should my developers need an appreciation of it if at all?

Ans : MSIL is the Microsoft Intermediate Language. All .NET compatible languages will get
converted to MSIL. MSIL also allows the .NET Framework to JIT compile the assembly on the
installed computer.

23. Which method do you invoke on the DataAdapter control to load your generated dataset
with data?

Ans : The Fill() method.

24. Can you edit data in the Repeater control?

Ans : No, it just reads the information from its data source.

25. Which template must you provide, in order to display data in a Repeater control?

Ans : ItemTemplate

51. Where do you add an event handler? It's the Attributesproperty, the Add function inside
that property. e.g. btnSubmit.Attributes.Add("onMouseOver","someClientCode();")
52. What data type does the RangeValidator control support?
Integer,String and Date.

53. What are the different types of caching?

Caching is a technique widely used in computing to increase performance by
keeping frequently accessed or expensive data in memory. In context of web application,
caching is used to retain the pages or data across HTTP requests and reuse them without the
expense of recreating them. ASP.NET has 3 kinds of caching strategies Output Caching,
Fragment Caching, Data Caching.

Output Caching: Caches the dynamic output generated by a request. Some times it is useful to
cache the output of a website even for a minute, which will result in a better performance. For
caching the whole page the page should have OutputCache directive.<%@ OutputCache
Duration="60" VaryByParam="state" %>

Fragment Caching: Caches the portion of the page generated by the request. Some times it is
not practical to cache the entire page, in such cases we can cache a portion of page<%@
OutputCache Duration="120" VaryByParam="CategoryID;SelectedID"%>

Data Caching: Caches the objects programmatically. For data caching asp.net provides a
cache object for eg: cache["States"] = dsStates;

54. What do you mean by authentication and authorization? Authentication is the process of
validating a user on the credentials (username and password) and authorization performs
after authentication. After Authentication a user will be verified for performing the various
tasks, Its access is limited it is known as authorization.

55. What are different types of directives in .NET?

@Page: Defines page-specific attributes used by the ASP.NET page parser and compiler. Can
be included only in .aspx files <%@ Page AspCompat="TRUE" language="C#" %>

@Control:Defines control-specific attributes used by the ASP.NET page parser and

compiler. Can be included only in .ascx files. <%@ Control Language="VB"
EnableViewState="false" %>
@Import: Explicitly imports a namespace into a page or user control. The Import directive
cannot have more than one namespace attribute. To import multiple namespaces, use
multiple @Import directives. <% @ Import Namespace="System.web" %>

@Implements: Indicates that the current page or user control implements the specified .NET
framework interface.<%@ Implements Interface="System.Web.UI.IPostBackEventHandler" %>

@Register: Associates aliases with namespaces and class names for concise notation in custom
server control syntax.<%@ Register Tagprefix="Acme" Tagname="AdRotator"
Src="AdRotator.ascx" %>

@Assembly: Links an assembly to the current page during compilation, making all the
assembly's classes and interfaces available for use on the page. <%@ Assembly
Name="MyAssembly" %> <%@Assembly Src="MySource.vb" %>

@OutputCache: Declaratively controls the output caching policies of an ASP.NET page or a

user control contained in a page<%@ OutputCache Duration="#ofseconds" Location="Any |
Client | Downstream | Server | None" Shared="True | False" VaryByControl="controlname"
VaryByCustom="browser | customstring" VaryByHeader="headers"
VaryByParam="parametername" %>

@Reference: Declaratively indicates that another user control or page source file should
be dynamically compiled and linked against the page in which this directive is declared.

56. How do I debug an ASP.NET application that wasn't written with Visual Studio.NET and
that doesn't use code-behind?
Start the DbgClr debugger that comes with the .NET Framework SDK, open the file containing
the code you want to debug, and set your breakpoints. Start the ASP.NET application.
Go back to DbgClr, choose Debug Processes from the Tools menu, and select aspnet_wp.exe
from the list of processes. (If aspnet_wp.exe doesn't appear in the list,check the "Show system
processes" box.) Click the Attach button to attach to aspnet_wp.exe and begin debugging.
Be sure to enable debugging in the ASPX file before debugging it with DbgClr. You can
enable tell ASP.NET to build debug executables by placing a
<%@ Page Debug="true" %> statement at the top of an ASPX file or a <COMPILATION
debug="true" />statement in a Web.config file.
57. Can a user browsing my Web site read my Web.config or Global.asax files? No. The
<HTTPHANDLERS>section of Machine.config, which holds the master configuration settings
for ASP.NET, contains entries that map ASAX files, CONFIG files, and selected other file types
to an HTTP handler named HttpForbiddenHandler, which fails attempts to retrieve the
associated file. You can modify it by editing Machine.config or including an section in a local
Web.config file.

58. What's the difference between Page.RegisterClientScriptBlock and

Page.RegisterStartupScript? RegisterClientScriptBlock is for returning blocks of client-side
script containing functions. RegisterStartupScript is for returning blocks of client-script not
packaged in functions-in other words, code that's to execute when the page is loaded. The
latter positions script blocks near the end of the document so elements on the page that the
script interacts are loaded before the script runs.<%@ Reference Control="MyControl.ascx" %>

59. Is it necessary to lock application state before accessing it?

Only if you're performing a multistep update and want the update to be treated as an atomic
operation. Here's an example:
Application.Lock ();
Application["ItemsSold"] = (int) Application["ItemsSold"] + 1;
Application["ItemsLeft"] = (int) Application["ItemsLeft"] - 1;
Application.UnLock ();

By locking application state before updating it and unlocking it afterwards, you ensure that
another request being processed on another thread doesn't read application state at exactly
the wrong time and see an inconsistent view of it. If I update session state, should I lock it, too?
Are concurrent accesses by multiple requests executing on multiple threads a concern with
session state? Concurrent accesses aren't an issue with session state, for two reasons. One, it's
unlikely that two requests from the same user will overlap. Two, if they do overlap, ASP.NET
locks down session state during request processing so that two threads can't touch it at once.
Session state is locked down when the HttpApplication instance that's processing the request
fires an AcquireRequestState event and unlocked when it fires a ReleaseRequestState event.
Do ASP.NET forms authentication cookies provide any protection against replay attacks? Do
they, for example, include the client's IP address or anything else that would distinguish the
real client from an attacker?
No. If an authentication cookie is stolen, it can be used by an attacker. It's up to you to
prevent this from happening by using an encrypted communications channel (HTTPS).
Authentication cookies issued as session cookies, do, however,include a time-out valid that
limits their lifetime. So a stolen session cookie can only be used in replay attacks as long as the
ticket inside the cookie is valid. The default time-out interval is 30 minutes.You can change
that by modifying the timeout attribute accompanying the <forms> element in Machine.config
or a local Web.config file. Persistent authentication cookies do not time-out and therefore are a
more serious security threat if stolen.

60. How do I send e-mail from an ASP.NET application?

MailMessage message = new MailMessage ();

message.From = <email>;
message.To = <email>;
message.Subject = "Scheduled Power Outage";
message.Body = "Our servers will be down tonight.";
SmtpMail.SmtpServer = "localhost";
SmtpMail.Send (message);

MailMessage and SmtpMail are classes defined in the .NET Framework Class Library's
System.Web.Mail namespace. Due to a security change made to ASP.NET just before it
shipped, you need to set SmtpMail's SmtpServer property to "localhost" even though
"localhost" is the default. In addition, you must use the IIS configuration applet to enable
localhost (127.0.0.1) to relay messages through the local SMTP service.

61. What are VSDISCO files? VSDISCO files are DISCO files that support dynamic discovery of
Web services. If you place the following VSDISCO file in a directory on your Web server, for
example, it returns references to all ASMX and DISCO files in the host directory and any
subdirectories not noted in <exclude> elements:

<?xml version="1.0" ?>

<dynamicDiscovery
 xmlns="urn:schemas-dynamicdiscovery:disco.2000-03-17">
<exclude path="_vti_cnf" />
<exclude path="_vti_pvt" />
<exclude path="_vti_log" />
<exclude path="_vti_script" />
<exclude path="_vti_txt" />
</dynamicDiscovery>

62. How does dynamic discovery work? ASP.NET maps the file name extension VSDISCO to
an HTTP handler that scans the host directory and subdirectories for ASMX and DISCO files
and returns a dynamically generated DISCO document. A client who requests a VSDISCO file
gets back what appears to be a static DISCO document.
Note that VSDISCO files are disabled in the release version of ASP.NET. You can reenable
them by uncommenting the line in the <httpHandlers> section of Machine.config that maps
*.vsdisco to System.Web.Services.Discovery.DiscoveryRequestHandler and granting the
ASPNET user account permission to read the IIS metabase. However, Microsoft is actively
discouraging the use of VSDISCO files because they could represent a threat to Web server
security.

63. Is it possible to prevent a browser from caching an ASPX page? Just call SetNoStore on the
HttpCachePolicy object exposed through the Response object's Cache property, as
demonstrated here:

<%@ Page Language="C#" %>

<html>
<body>
<%
Response.Cache.SetNoStore ();
Response.Write (DateTime.Now.ToLongTimeString ());
%>
</body>
</html>
SetNoStore works by returning a Cache-Control: private, no-store header in the HTTP
response. In this example, it prevents caching of a Web page that shows the current time.

64. What does AspCompat="true" mean and when should I use it?
AspCompat is an aid in migrating ASP pages to ASPX pages. It defaults to false but should be
set to true in any ASPX file that creates apartment-threaded COM objects--that is, COM objects
registered ThreadingModel=Apartment. That includes all COM objects written with Visual
Basic 6.0. AspCompat should also be set to true (regardless of threading model) if the page
creates COM objects that access intrinsic ASP objects such as Request and Response. The
following directive sets AspCompat to true:

<%@ Page AspCompat="true" %>

Setting AspCompat to true does two things. First, it makes intrinsic ASP objects available to
the COM components by placing unmanaged wrappers around the equivalent ASP.NET
objects. Second, it improves the performance of calls that the page places to apartment-
threaded COM objects by ensuring that the page (actually, the thread that processes the
request for the page) and the COM objects it creates share an apartment. AspCompat="true"
forces ASP.NET request threads into single-threaded apartments (STAs). If those threads
create COM objects marked ThreadingModel=Apartment, then the objects are created in the
same STAs as the threads that created them. Without AspCompat="true," request threads run
in a multithreaded apartment (MTA) and each call to an STA-based COM object incurs a
performance hit when it's marshaled across apartment boundaries.

Do not set AspCompat to true if your page uses no COM objects or if it uses COM objects that
don't access ASP intrinsic objects and that are registered ThreadingModel=Free or
ThreadingModel=Both.

65. Explain the differences between Server-side and Client-side code?

Server side scripting means that all the script will be executed by the server and interpreted
as needed. ASP doesn't have some of the functionality like sockets, uploading, etc. For these
you have to make a custom components usually in VB or VC++. Client side scripting means
that the script will be executed immediately in the browser such as form field validation, clock,
email validation, etc. Client side scripting is usually done in VBScript or JavaScript. Download
time, browser compatibility, and visible code - since JavaScript and VBScript code is included
in the HTML page, then anyone can see the code by viewing the page source. Also a possible
security hazards for the client computer.

66. What type of code (server or client) is found in a Code-Behind class?

C#

67. Should validation (did the user enter a real date) occur server-side or client-side? Why?
Client-side validation because there is no need to request a server side date when you could
obtain a date from the client machine.

68. What are ASP.NET Web Forms? How is this technology different than what is available
though ASP?
Web Forms are the heart and soul of ASP.NET. Web Forms are the User Interface (UI) elements
that give your Web applications their look and feel. Web Forms are similar to Windows Forms
in that they provide properties, methods, and events for the controls that are placed onto
them. However, these UI elements render themselves in the appropriate markup language
required by the request, e.g. HTML. If you use Microsoft Visual Studio .NET, you will also get
the familiar drag-and-drop interface used to create your UI for your Web application.

69. What is the difference between Server.Transfer and Response.Redirect? Why would I
choose one over the other?
In earlier versions of IIS, if we wanted to send a user to a new Web page, the only option we
had was Response.Redirect. While this method does accomplish our goal, it has several
important drawbacks. The biggest problem is that this method causes each page to be treated
as a separate transaction. Besides making it difficult to maintain your transactional integrity,
Response.Redirect introduces some additional headaches. First, it prevents good encapsulation
of code. Second, you lose access to all of the properties in the Request object. Sure, there are
workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the
client, which, on high-volume sites, causes scalability problems.
As you might suspect, Server.Transfer fixes all of these problems. It does this by performing
the transfer on the server without requiring a roundtrip to the client.

70. How can you provide an alternating color scheme in a Repeater control?
AlternatingItemTemplate Like the ItemTemplate element, but rendered for every other row
(alternating items) in the Repeater control. You can specify a different appearance for the
AlternatingItemTemplate element by setting its style properties.
71. Which template must you provide, in order to display data in a Repeater control?
ItemTemplate

72. What event handlers can I include in Global.asax?

Application_Start,Application_End, Application_AcquireRequestState,
Application_AuthenticateRequest, Application_AuthorizeRequest, Application_BeginRequest,
Application_Disposed, Application_EndRequest, Application_Error,
Application_PostRequestHandlerExecute, Application_PreRequestHandlerExecute,
Application_PreSendRequestContent, Application_PreSendRequestHeaders,
Application_ReleaseRequestState, Application_ResolveRequestCache,
Application_UpdateRequestCache, Session_Start,Session_End
You can optionally include "On" in any of method names. For example, you can name a
BeginRequest event handler.Application_BeginRequest or Application_OnBeginRequest.You
can also include event handlers in Global.asax for events fired by custom HTTP modules.Note
that not all of the event handlers make sense for Web Services (they're designed for ASP.NET
applications in general, whereas .NET XML Web Services are specialized instances of an
ASP.NET app). For example, the Application_AuthenticateRequest and
Application_AuthorizeRequest events are designed to be used with ASP.NET Forms
authentication.

73. What is different b/w webconfig.xml & Machineconfig.xml

Web.config & machine.config both are configuration files.Web.config contains settings specific
to an application where as machine.config contains settings to a computer. The Configuration
system first searches settings in machine.config file & then looks in application configuration
files.Web.config, can appear in multiple directories on an ASP.NET Web application server.
Each Web.config file applies configuration settings to its own directory and all child directories
below it. There is only Machine.config file on a web server.

If I'm developing an application that must accomodate multiple security levels though secure
login and my ASP.NET web appplication is spanned across three web-servers (using round-
robbin load balancing) what would be the best approach to maintain login-in state for the
users?
Use the state server or store the state in the database. This can be easily done through simple
setting change in the web.config.
<SESSIONSTATE
StateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1; user id=sa; password="
cookieless="false"
timeout="30"
/>

You can specify mode as “stateserver” or “sqlserver”.

Where would you use an iHTTPModule, and what are the limitations of any approach you
might take in implementing one
"One of ASP.NET's most useful features is the extensibility of the HTTP pipeline, the path that
data takes between client and server. You can use them to extend your ASP.NET applications
by adding pre- and post-processing to each HTTP request coming into your application. For
example, if you wanted custom authentication facilities for your application, the best technique
would be to intercept the request when it comes in and process the request in a custom HTTP
module.

74. How do you turn off cookies for one page in your site?
Since no Page Level directive is present, I am afraid that cant be done.

75. How do you create a permanent cookie?

Permanent cookies are available until a specified expiration date, and are stored on the hard
disk.So Set the 'Expires' property any value greater than DataTime.MinValue with respect to
the current datetime. If u want the cookie which never expires set its Expires property equal to
DateTime.maxValue.

76. Which method do you use to redirect the user to another page without performing a round
trip to the client?
Server.Transfer and Server.Execute

77. What property do you have to set to tell the grid which page to go to when using the Pager
object?
CurrentPageIndex

78. Should validation (did the user enter a real date) occur server-side or client-side? Why? It
should occur both at client-side and Server side.By using expression validator control with the
specified expression ie.. the regular expression provides the facility of only validatating the
date specified is in the correct format or not. But for checking the date where it is the real data
or not should be done at the server side, by getting the system date ranges and checking the
date whether it is in between that range or not.

79. What does the "EnableViewState" property do? Why would I want it on or off? Enable
ViewState turns on the automatic state management feature that enables server controls to re-
populate their values on a round trip without requiring you to write any code. This feature is
not free however, since the state of a control is passed to and from the server in a hidden form
field. You should be aware of when ViewState is helping you and when it is not. For example,
if you are binding a control to data on every round trip, then you do not need the control to
maintain it's view state, since you will wipe out any re-populated data in any case. ViewState
is enabled for all server controls by default. To disable it, set the EnableViewState property of
the control to false.

80. What is the difference between Server.Transfer and Response.Redirect? Why would I
choose one over the other? Server.Transfer() : client is shown as it is on the requesting page
only, but the all the content is of the requested page. Data can be persist accros the pages using
Context.Item collection, which is one of the best way to transfer data from one page to another
keeping the page state alive.

Response.Dedirect() :client know the physical location (page name and query string as well).
Context.Items loses the persisitance when nevigate to destination page. In earlier versions of
IIS, if we wanted to send a user to a new Web page, the only option we had was
Response.Redirect. While this method does accomplish our goal, it has several important
drawbacks. The biggest problem is that this method causes each page to be treated as a
separate transaction. Besides making it difficult to maintain your transactional integrity,
Response.Redirect introduces some additional headaches. First, it prevents good encapsulation
of code. Second, you lose access to all of the properties in the Request object. Sure, there are
workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the
client, which, on high-volume sites, causes scalability problems. As you might suspect,
Server.Transfer fixes all of these problems. It does this by performing the transfer on the server
without requiring a roundtrip to the client.
81. Can you give an example of when it would be appropriate to use a web service as opposed
to a non-serviced .NET component?

Communicating through a Firewall When building a distributed application with

100s/1000s of users spread over multiple locations, there is always the problem of
communicating between client and server because of firewalls and proxy servers.
Exposing your middle tier components as Web Services and invoking the directly from
a Windows UI is a very valid option.

Application Integration When integrating applications written in various languages

and running on disparate systems. Or even applications running on the same platform
that have been written by separate vendors.

Business-to-Business Integration This is an enabler for B2B intergtation which

allows one to expose vital business processes to authorized supplier and customers.
An example would be exposing electronic ordering and invoicing, allowing customers
to send you purchase orders and suppliers to send you invoices electronically.

Software Reuse This takes place at multiple levels. Code Reuse at the Source code
level or binary componet-based resuse. The limiting factor here is that you can reuse
the code but not the data behind it. Webservice overcome this limitation. A scenario
could be when you are building an app that aggregates the functionality of serveral
other Applicatons. Each of these functions could be performed by individual apps, but
there is value in perhaps combining the the multiple apps to present a unifiend view
in a Portal or Intranet.

When not to use Web Services: Single machine Applicatons When the apps are
running on the same machine and need to communicate with each other use a native
API. You also have the options of using component technologies such as COM or .NET
Componets as there is very little overhead.

Homogeneous Applications on a LAN If you have Win32 or Winforms apps that

want to communicate to their server counterpart. It is much more efficient to use
DCOM in the case of Win32 apps and .NET Remoting in the case of .NET Apps
82. Can you give an example of what might be best suited to place in the Application_Start and
Session_Start subroutines?
The Application_Start event is guaranteed to occur only once throughout the lifetime of the
application. It's a good place to initialize global variables. For example, you might want to
retrieve a list of products from a database table and place the list in application state or the
Cache object. SessionStateModule exposes both Session_Start and Session_End events.

83. What are the advantages and disadvantages of viewstate?

The primary advantages of the ViewState feature in ASP.NET are:

1. Simplicity. There is no need to write possibly complex code to store form data between page
submissions.
2. Flexibility. It is possible to enable, configure, and disable ViewState on a control-by-control
basis, choosing to persist the values of some fields but not others.

There are, however a few disadvantages that are worth pointing out:

1. Does not track across pages. ViewState information does not automatically transfer from
page to page. With the session
approach, values can be stored in the session and accessed from other pages. This is not
possible with ViewState, so storing
data into the session must be done explicitly.

2. ViewState is not suitable for transferring data for back-end systems. That is, data still has to
be transferred to the back
end using some form of data object.

84. Describe session handling in a webfarm, how does it work and what are the limits?
ASP.NET Session supports storing of session data in 3 ways, i] in In-Process ( in the same
memory that ASP.NET uses) , ii] out-of-process using Windows NT Service )in separate
memory from ASP.NET ) or iii] in SQL Server (persistent storage). Both the Windows Service
and SQL Server solution support a webfarm scenario where all the web-servers can be
configured to share common session state store.

1. Windows Service : We can start this service by Start | Control Panel | Administrative Tools
| Services | . In that we service names ASP.NET State Service. We can start or stop service by
manually or configure to start automatically. Then we have to configure our web.config file

<CONFIGURATION><configuration>
<system.web>
<SessionState
mode = “StateServer”
stateConnectionString = “tcpip=127.0.0.1:42424”
stateNetworkTimeout = “10”
sqlConnectionString=”data source = 127.0.0.1; uid=sa;pwd=”
cookieless =”Flase”
timeout= “20” />
</system.web>
</configuration> </SYSTEM.WEB>
</CONFIGURATION>
Here ASP.Net Session is directed to use Windows Service for state management on local server
(address : 127.0.0.1 is TCP/IP loop-back address). The default port is 42424. we can configure
to any port but for that we have to manually edit the registry.
Follow these simple steps
- In a webfarm make sure you have the same config file in all your web servers.
- Also make sure your objects are serializable.
- For session state to be maintained across different web servers in the webfarm, the
application path of the web-site in the IIS Metabase should be identical in all the web-servers
in the webfarm.

85. Which template must you provide, in order to display data in a Repeater control?
You have to use the ItemTemplate to Display data. Syntax is as follows,
< ItemTemplate >
< div class =”rItem” >
< img src=”images/<%# Container.DataItem(“ImageURL”)%>” hspace=”10” />
< b > <% # Container.DataItem(“Title”)%>
< /div >
< ItemTemplate >
How can you provide an alternating color scheme in a Repeater control?
Using the AlternatintItemTemplate

86. What property must you set, and what method must you call in your code, in order to bind
the data from some data source to the Repeater control? Set the DataMember property to the
name of the table to bind to. (If this property is not set, by default the first table in the dataset is
used.) DataBind method, use this method to bind data from a source to a server control. This
method is commonly used after retrieving a data set through a database query.

87. What method do you use to explicitly kill a user s session?

You can dump (Kill) the session yourself by calling the method Session.Abandon.

ASP.NET automatically deletes a user's Session object, dumping its contents, after it has been
idle for a configurable timeout interval. This interval, in minutes, is set in the
<SESSIONSTATE>section of the web.config file. The default is 20 minutes.

88. How do you turn off cookies for one page in your site?
Use Cookie.Discard property, Gets or sets the discard flag set by the server. When true, this
property instructs the client application not to save the Cookie on the user's hard disk when a
session ends.

89. Which two properties are on every validation control?

We have two common properties for every validation controls
1. Control to Validate,
2. Error Message.

90. What tags do you need to add within the asp:datagrid tags to bind columns manually?

< asp:DataGrid id="dgCart" AutoGenerateColumns="False" CellPadding="4" Width="448px"

runat="server" >
< Columns >
< asp:ButtonColumn HeaderText="SELECT" Text="SELECT" CommandName="select" ><
/asp:ButtonColumn >
< asp:BoundColumn DataField="ProductId" HeaderText="Product ID" > <
/asp:BoundColumn >
< asp:BoundColumn DataField="ProductName" HeaderText="Product Name" ><
/asp:BoundColumn >
< asp:BoundColumn DataField="UnitPrice" HeaderText="UnitPrice" > </asp:BoundColumn >
< /Columns >
< /asp:DataGrid >

91. How do you create a permanent cookie? Permanent cookies are the ones that are most
useful. Permanent cookies are available until a specified expiration date, and are stored on the
hard disk. The location of cookies differs with each browser, but this doesn’t matter, as this is
all handled by your browser and the server. If you want to create a permanent cookie called
Name with a value of Nigel, which expires in one month, you’d use the following code
Response.Cookies ("Name") = "Nigel" Response.Cookies ("Name"). Expires = DateAdd ("m", 1,
Now ())

92. What tag do you use to add a hyperlink column to the DataGrid?
< asp:HyperLinkColumn > </ asp:HyperLinkColumn>

93. Which method do you use to redirect the user to another page without performing a round
trip to the client?
Server.transfer

94. What is the transport protocol you use to call a Web service SOAP ?
HTTP Protocol

95. Explain role based security ? Role Based Security lets you identify groups of users to allow
or deny based on their role in the organization.In Windows NT and Windows XP, roles map to
names used to identify user groups. Windows defines several built-in groups, including
Administrators, Users, and Guests.To allow or deny access to certain groups of users, add the
<ROLES>element to the authorization list in your Web application's Web.config file.e.g.

<AUTHORIZATION>< authorization >

< allow roles="Domain Name\Administrators" / > < !-- Allow Administrators in domain. --
>
< deny users="*" / > < !-- Deny anyone else. -- >
< /authorization >
96. How do you register JavaScript for webcontrols ?
You can register javascript for controls using <CONTROL -name>Attribtues.
Add(scriptname,scripttext) method.

97. When do you set "<IDENTITY impersonate="true" />" ?

Identity is a webconfig declaration under System.web, which helps to control the application
Identity of the web applicaton. Which can be at any
level(Machine,Site,application,subdirectory,or page), attribute impersonate with "true" as
value specifies that client impersonation is used.

98. What are different templates available in Repeater,DataList and Datagrid ? Templates
enable one to apply complicated formatting to each of the items displayed by a
control.Repeater control supports five types of templates.HeaderTemplate controls how the
header of the repeater control is formatted.ItemTemplate controls the formatting of each item
displayed.AlternatingItemTemplate controls how alternate items are formatted and the
SeparatorTemplate displays a separator between each item displyed.FooterTemplate is used
for controlling how the footer of the repeater control is formatted.The DataList and Datagrid
supports two templates in addition to the above five.SelectedItem Template controls how a
selected item is formatted and EditItemTemplate controls how an item selected for editing is
formatted.

99. What is ViewState ? and how it is managed ?

ASP.NET ViewState is a new kind of state service that developers can use to track UI state on
a per-user basis. Internally it uses an an old Web programming trick-roundtripping state in a
hidden form field and bakes it right into the page-processing framework.It needs less code to
write and maintain state in your Web-based forms.

100. What is web.config file ? Web.config file is the configuration file for the Asp.net web
application. There is one web.config file for one asp.net application which configures the
particular application. Web.config file is written in XML with specific tags having specific
meanings.It includes databa which includes connections,Session States,Error
Handling,Security etc. For example :

< configuration >

< appSettings >
< add key="ConnectionString"
value="server=localhost;uid=sa;pwd=;database=MyDB" / >
< /appSettings >
< /configuration >

101. What is advantage of viewstate and what are benefits?

When a form is submitted in classic ASP, all form values are cleared. Suppose you have
submitted a form with a lot of information and the server comes back with an error. You will
have to go back to the form and correct the information. You click the back button, and what
happens.......ALL form values are CLEARED, and you will have to start all over again! The site
did not maintain your ViewState.With ASP .NET, the form reappears in the browser window
together with all form values.This is because ASP .NET maintains your ViewState. The
ViewState indicates the status of the page when submitted to the server.

102. What tags do you need to add within the asp:datagrid tags to bind columns manually? Set
AutoGenerateColumns Property to false on the datagrid tag and then use Column tag and an
ASP:databound tag

< asp:DataGrid runat="server" id="ManualColumnBinding" AutoGenerateColumns="False" >

< Columns >
< asp:BoundColumn HeaderText="Column1" DataField="Column1"/ >
< asp:BoundColumn HeaderText="Column2" DataField="Column2"/ >
< /Columns >
< /asp:DataGrid >
<asp:DataGrid id=ManualColumnBinding runat="server" AutoGenerateColumns="False">
<COLUMNS> <asp:BoundColumn HeaderText="Column2"
DataField="Column2"></asp:BoundColumn>
</asp:DataGrid>

103. Which property on a Combo Box do you set with a column name, prior to setting the
DataSource, to display data in the combo box? DataTextField and DataValueField

104. Which control would you use if you needed to make sure the values in two different
controls matched? CompareValidator is used to ensure that two fields are identical.

105. What is validationsummary server control?where it is used?.

The ValidationSummary control allows you to summarize the error messages from all
validation controls on a Web page in a single location. The summary can be displayed as a list,
a bulleted list, or a single paragraph, based on the value of the DisplayMode property. The
error message displayed in the ValidationSummary control for each validation control on the
page is specified by the ErrorMessage property of each validation control. If the ErrorMessage
property of the validation control is not set, no error message is displayed in the
ValidationSummary control for that validation control. You can also specify a custom title in
the heading section of the ValidationSummary control by setting the HeaderText property.
You can control whether the ValidationSummary control is displayed or hidden by setting the
ShowSummary property. The summary can also be displayed in a message box by setting the
ShowMessageBox property to true.

106. What is the sequence of operation takes place when a page is loaded?
BeginTranaction - only if the request is transacted
Init - every time a page is processed
LoadViewState - Only on postback
ProcessPostData1 - Only on postback
Load - every time
ProcessData2 - Only on Postback
RaiseChangedEvent - Only on Postback
RaisePostBackEvent - Only on Postback
PreRender - everytime
BuildTraceTree - only if tracing is enabled
SaveViewState - every time
Render - Everytime
End Transaction - only if the request is transacted
Trace.EndRequest - only when tracing is enabled
UnloadRecursive - Every request

107. Difference between asp and asp.net?.

"ASP (Active Server Pages) and ASP.NET are both server side technologies for building web
sites and web applications, ASP.NET is Managed compiled code - asp is interpreted. and
ASP.net is fully Object oriented. ASP.NET has been entirely re-architected to provide a highly
productive programming experience based on the .NET Framework, and a robust
infrastructure for building reliable and scalable web
applications."
108. Name the validation control available in asp.net?.
RequiredField, RangeValidator,RegularExpression,Custom validator,compare Validator

109. What are the various ways of securing a web site that could prevent from hacking etc .. ?
1) Authentication/Authorization
2) Encryption/Decryption
3) Maintaining web servers outside the corporate firewall. etc.,

110. What is the difference between in-proc and out-of-proc?

An inproc is one which runs in the same process area as that of the client giving tha advantage
of speed but the disadvantage of stability becoz if it crashes it takes the client application also
with it.Outproc is one which works outside the clients memory thus giving stability to the
client, but we have to compromise a bit on speed.

111. When you’re running a component within ASP.NET, what process is it running within on
Windows XP? Windows 2000? Windows 2003? On Windows 2003 (IIS 6.0) running in native
mode, the component is running within the w3wp.exe process associated with the application
pool which has been configured for the web application containing the component.

On Windows 2003 in IIS 5.0 emulation mode, 2000, or XP, it's running within the IIS helper
process whose name I do not remember, it being quite a while since I last used IIS 5.0.

112. What does aspnet_regiis -i do ? Aspnet_regiis.exe is The ASP.NET IIS Registration tool
allows an administrator or installation program to easily update the script maps for an
ASP.NET application to point to the ASP.NET ISAPI version associated with the tool. The tool
can also be used to display the status of all installed versions of ASP. NET, register the
ASP.NET version coupled with the tool, create client-script directories, and perform other
configuration operations.
When multiple versions of the .NET Framework are executing side-by-side on a single
computer, the ASP.NET ISAPI version mapped to an ASP.NET application determines which
version of the common language runtime is used for the application.

The tool can be launched with a set of optional parameters. Option "i" Installs the version of
ASP.NET associated with Aspnet_regiis.exe and updates the script maps at the IIS metabase
root and below. Note that only applications that are currently mapped to an earlier version of
ASP.NET are affected
113. What is a PostBack?
The process in which a Web page sends data back to the same page on the server.

114. What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState? ViewState is
the mechanism ASP.NET uses to keep track of server control state values that don't otherwise
post back as part of the HTTP form. ViewState Maintains the UI State of a Page
ViewState is base64-encoded. It is not encrypted but it can be encrypted by setting
EnableViewStatMAC="true" & setting the machineKey validation type to 3DES. If you want to
NOT maintain the ViewState, include the directive < %@ Page EnableViewState="false" % > at
the top of an .aspx page or add the attribute EnableViewState="false" to any control.

115. What is the < machinekey > element and what two ASP.NET technologies is it used for?
Configures keys to use for encryption and decryption of forms authentication cookie data and
view state data, and for verification of out-of-process session state identification.There fore 2
ASP.Net technique in which it is used are Encryption/Decryption & Verification

116. What three Session State providers are available in ASP.NET 1.1? What are the pros and
cons of each? ASP.NET provides three distinct ways to store session data for your application:
in-process session state, out-of-process session state as a Windows service, and out-of-process
session state in a SQL Server database. Each has it advantages.

1.In-process session-state mode

Limitations:
* When using the in-process session-state mode, session-state data is lost if aspnet_wp.exe or
the application domain restarts.
* If you enable Web garden mode in the < processModel > element of the application's
Web.config file, do not use in-process session-state mode. Otherwise, random data loss can
occur.
Advantage:
* in-process session state is by far the fastest solution. If you are storing only small amounts of
volatile data in session state, it is recommended that you use the in-process provider.

2. The State Server simply stores session state in memory when in out-of-proc mode. In this
mode the worker process talks directly to the State Server
3. SQL mode, session states are stored in a SQL Server database and the worker process talks
directly to SQL. The ASP.NET worker processes are then able to take advantage of this simple
storage service by serializing and saving (using .NET serialization services) all objects within a
client's Session collection at the end of each Web request
Both these out-of-process solutions are useful primarily if you scale your application across
multiple processors or multiple computers, or where data cannot be lost if a server or process
is restarted.

117. What is the difference between HTTP-Post and HTTP-Get?

As their names imply, both HTTP GET and HTTP POST use HTTP as their underlying
protocol. Both of these methods encode request parameters as name/value pairs in the HTTP
request.
The GET method creates a query string and appends it to the script's URL on the server that
handles the request.
The POST method creates a name/value pairs that are passed in the body of the HTTP request
message.

118. Name and describe some HTTP Status Codes and what they express to the requesting
client. When users try to access content on a server that is running Internet Information
Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that
indicates the status of the request. This status code is recorded in the IIS log, and it may also be
displayed in the Web browser or FTP client. The status code can indicate whether a particular
request is successful or unsuccessful and can also reveal the exact reason why a request is
unsuccessful. There are 5 groups ranging from 1xx - 5xx of http status codes exists.

101 - Switching protocols.

200 - OK. The client request has succeeded

302 - Object moved.

400 - Bad request.

50013 - Web server is too busy.

119. Explain < @OutputCache% > and the usage of VaryByParam, VaryByHeader.
OutputCache is used to control the caching policies of an ASP.NET page or user control. To
cache a page @OutputCache directive should be defined as follows < %@ OutputCache
Duration="100" VaryByParam="none" %>

VaryByParam: A semicolon-separated list of strings used to vary the output cache. By default,
these strings correspond to a query string value sent with GET method attributes, or a
parameter sent using the POST method. When this attribute is set to multiple parameters, the
output cache contains a different version of the requested document for each specified
parameter. Possible values include none, *, and any valid query string or POST parameter
name.

VaryByHeader: A semicolon-separated list of HTTP headers used to vary the output cache.
When this attribute is set to multiple headers, the output cache contains a different version of
the requested document for each specified header.

120. What is the difference between repeater over datalist and datagrid?The Repeater class is
not derived from the WebControl class, like the DataGrid and DataList. Therefore, the
Repeater lacks the stylistic properties common to both the DataGrid and DataList. What this
boils down to is that if you want to format the data displayed in the Repeater, you must do so
in the HTML markup. The Repeater control provides the maximum amount of flexibility over
the HTML produced. Whereas the DataGrid wraps the DataSource contents in an HTML <
table >, and the DataList wraps the contents in either an HTML < table > or < span > tags
(depending on the DataList's RepeatLayout property), the Repeater adds absolutely no HTML
content other than what you explicitly specify in the templates. While using Repeater control,
If we wanted to display the employee names in a bold font we'd have to alter the
"ItemTemplate" to include an HTML bold tag, Whereas with the DataGrid or DataList, we
could have made the text appear in a bold font by setting the control's ItemStyle-Font-Bold
property to True. The Repeater's lack of stylistic properties can drastically add to the
development time metric. For example, imagine that you decide to use the Repeater to display
data that needs to be bold, centered, and displayed in a particular font-face with a particular
background color. While all this can be specified using a few HTML tags, these tags will
quickly clutter the Repeater's templates. Such clutter makes it much harder to change the look
at a later date. Along with its increased development time, the Repeater also lacks any built-in
functionality to assist in supporting paging, editing, or editing of data. Due to this lack of
feature-support, the Repeater scores poorly on the usability scale.
However, The Repeater's performance is slightly better than that of the DataList's, and is more
noticeably better than that of the DataGrid's. Following figure shows the number of requests
per second the Repeater could handle versus the DataGrid and DataList

121. Can we handle the error and redirect to some pages using web.config?

Yes, we can do this, but to handle errors, we must know the error codes; only then we can take
the user to a proper error message page, else it may confuse the user.
CustomErrors Configuration section in web.config file:
The default configuration is:
< customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" >
< error statusCode="404" redirect="Notfound.aspx" / >
< /customErrors >
If mode is set to Off, custom error messages will be disabled. Users will receive detailed
exception error messages.
If mode is set to On, custom error messages will be enabled.
If mode is set to RemoteOnly, then users will receive custom errors, but users accessing the site
locally will receive detailed error messages.
Add an < error > tag for each error you want to handle. The error tag will redirect the user to
the Notfound.aspx page when the site returns the 404 (Page not found) error.

[Example]

There is a page MainForm.aspx

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs)

Handles MyBase.Load
'Put user code to initialize the page here
Dim str As System.Text.StringBuilder
str.Append("hi") ' Error Line as str is not instantiated
Response.Write(str.ToString)
End Sub

[Web.Config]
< customErrors mode="On" defaultRedirect="Error.aspx"/ >
' a simple redirect will take the user to Error.aspx [user defined] error file.

< customErrors mode="RemoteOnly" defaultRedirect="Customerror.aspx" >

< error statusCode="404" redirect="Notfound.aspx" / >
< /customErrors >
'This will take the user to NotFound.aspx defined in IIS.

122. How do you implement Paging in .Net?

The DataGrid provides the means to display a group of records from the data source (for
example, the first 10), and then navigate to the "page" containing the next 10 records, and so on
through the data.

Using Ado.Net we can explicit control over the number of records returned from the data
source, as well as how much data is to be cached locally in the DataSet.

1.Using DataAdapter.fill method give the value of 'Maxrecords' parameter (Note: - Don't use it
because query will return all records but fill the dataset based on value of 'maxrecords'
parameter).

2.For SQL server database, combines a WHERE clause and a ORDER BY clause with TOP
predicate.

3.If Data does not change often just cache records locally in DataSet and just take some records
from the DataSet to display.

123. What is the difference between Server.Transfer and Response.Redirect? Server.Transfer() :

client is shown as it is on the requesting page only, but the all the content is of the requested
page. Data can be persist across the pages using Context.Item collection, which is one of the
best way to transfer data from one page to another keeping the page state alive.

Response.Dedirect() :client knows the physical location (page name and query string as well).
Context.Items loses the persistence when navigate to destination page. In earlier versions of
IIS, if we wanted to send a user to a new Web page, the only option we had was
Response.Redirect. While this method does accomplish our goal, it has several important
drawbacks. The biggest problem is that this method causes each page to be treated as a
separate transaction. Besides making it difficult to maintain your transactional integrity,
Response.Redirect introduces some additional headaches. First, it prevents good encapsulation
of code. Second, you lose access to all of the properties in the Request object. Sure, there are
workarounds, but they're difficult. Finally, Response.Redirect necessitates a round trip to the
client, which, on high-volume sites, causes scalability problems. As you might suspect,
Server.Transfer fixes all of these problems. It does this by performing the transfer on the server
without requiring a roundtrip to the client.
Response.Redirect sends a response to the client browser instructing it to request the second
page. This requires a round-trip to the client, and the client initiates the Request for the second
page. Server.Transfer transfers the process to the second page without making a round-trip to
the client. It also transfers the HttpContext to the second page, enabling the second page access
to all the values in the HttpContext of the first page.

124. Can you create an app domain?

Yes, We can create user app domain by calling on of the following overload static methods of
the System.AppDomain class
1. Public static AppDomain CreateDomain(String friendlyName)
2. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo)
3. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo,
AppDomainSetup info)
4. Public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, String
appBasePath, String appRelativeSearchPath, bool shadowCopyFiles)

125. What are the various security methods which IIS Provides apart from .NET ?

The various security methods which IIS provides are

a) Authentication Modes
b) IP Address and Domain Name Restriction
c) DNS Lookups DNS Lookups
d) The Network ID and Subnet Mask
e) SSL
126. What is Web Gardening? How would using it affect a design?

The Web Garden Model: The Web garden model is configurable through the section of the
machine.config file. Notice that the section is the only configuration section that cannot be
placed in an application-specific web.config file. This means that the Web garden mode applies
to all applications running on the machine. However, by using the node in the machine.config
source, you can adapt machine-wide settings on a per-application basis.

Two attributes in the section affect the Web garden model. They are webGarden and cpuMask.
The webGarden attribute takes a Boolean value that indicates whether or not multiple worker
processes (one per each affinitized CPU) have to be used. The attribute is set to false by default.
The cpuMask attribute stores a DWORD value whose binary representation provides a bit
mask for the CPUs that are eligible to run the ASP.NET worker process. The default value is -1
(0xFFFFFF), which means that all available CPUs can be used. The contents of the cpuMask
attribute is ignored when the webGarden attribute is false. The cpuMask attribute also sets an
upper bound to the number of copies of aspnet_wp.exe that are running.

Web gardening enables multiple worker processes to run at the same time. However, you
should note that all processes will have their own copy of application state, in-process session
state, ASP.NET cache, static data, and all that is needed to run applications. When the Web
garden mode is enabled, the ASP.NET ISAPI launches as many worker processes as there are
CPUs, each a full clone of the next (and each affinitized with the corresponding CPU). To
balance the workload, incoming requests are partitioned among running processes in a round-
robin manner. Worker processes get recycled as in the single processor case. Note that
ASP.NET inherits any CPU usage restriction from the operating system and doesn't include
any custom semantics for doing this.

All in all, the Web garden model is not necessarily a big win for all applications. The more
stateful applications are, the more they risk to pay in terms of real performance. Working data
is stored in blocks of shared memory so that any changes entered by a process are immediately
visible to others. However, for the time it takes to service a request, working data is copied in
the context of the process. Each worker process, therefore, will handle its own copy of working
data, and the more stateful the application, the higher the cost in performance. In this context,
careful and savvy application benchmarking is an absolute must.
Changes made to the section of the configuration file are effective only after IIS is restarted. In
IIS 6, Web gardening parameters are stored in the IIS metabase; the webGarden and cpuMask
attributes are ignored.

127. What is view state?.where it stored?.can we disable it?

The web is state-less protocol, so the page gets instantiated, executed, rendered and then
disposed on every round trip to the server. The developers code to add "statefulness" to the
page by using Server-side storage for the state or posting the page to itself. When require to
persist and read the data in control on webform, developer had to read the values and store
them in hidden variable (in the form), which were then used to restore the values. With advent
of .NET framework, ASP.NET came up with ViewState mechanism, which tracks the data
values of server controls on ASP.NET webform. In effect,ViewState can be viewed as "hidden
variable managed by ASP.NET framework!". When ASP.NET page is executed, data values
from all server controls on page are collected and encoded as single string, which then
assigned to page's hidden atrribute "< input type=hidden >", that is part of page sent to the
client.

ViewState value is temporarily saved in the client's browser.ViewState can be disabled for a
single control, for an entire page orfor an entire web application. The syntax is:

Disable ViewState for control (Datagrid in this example)

< asp:datagrid EnableViewState="false" ... / >

Disable ViewState for a page, using Page directive

< %@ Page EnableViewState="False" ... % >

Disable ViewState for application through entry in web.config

< Pages EnableViewState="false" ... / >