Exam Analysis_ Syllabus & Papers.

md 8/15/2023

Unit 1: Language Preliminaries (8 Hrs.)

1. Differentiate between struct and enum. Why do we need to handle the exception? Illustrate with an
example with your own customized exception.
2. Explain the procedure for building, running, and deploying .NET core applications. Write a program to
show the possibility of SQL injection attack.
3. What are the advantages of stateless HTTP in ASP.NET core application? Create a method to insert a
record (3, “John , 12000”) onto the table Employee having fields Employeeld(int), Name varchar(200),
Salary(int) using Entity Framework.

Unit 2: Introduction to ASP.NET (3 Hrs.) 4. Define open redirect attacks. Discuss about docker and
containerization.

5. Differentiate between .NET and ASP.NET frameworks. How do you test the .NET core applications?

Unit 3: HTTP and ASP.NET Core (3 Hrs.) 6. Explain about request and response message format with
example.

Unit 4: Creating ASP.NET core MVC applications (10 Hrs.) 7. Why do we need to validate the form? How can
you use react for this?

8. Define data model and data context. What does URL routing mean?
9. Give an example to manage the session state.
10. How can you prevent SQL injection attack? Explain with an example.

Unit 5: Working with Database (6 Hrs.) 11. Write an ADO. Net application to read the data from the existing
table MOVIE(id, name, genre), where genre is “comedy”.

Unit 6: State Management on ASP.NET Core Application (4 Hrs.) 12. What is the purpose of web form?
Write a program to demonstrate the concept of collection and generics.

Unit 7: Client-side Development in ASP.NET Core (4 Hrs.) 13. Define HTTP. Explain the MVC pattern.

Unit 8: Securing in ASP.NET Core Application (5 Hrs.) 14. How to you assign roles, claims and policies?
Explain with an example.

Unit 9: Hosting and Deploying ASP.NET Core Application (2 Hrs.) 15. Explain the process to deploy the
core application.

Additional Short Notes: 16. LINQ 17. Open Redirected Attack 18. Query String 19. Lambda Expression 20.
Containerization using Docker 21. Delegates and Events 22. Tag helper 23. Razor syntax

Group A (10 marks question)

Question 1: What is the purpose of web form? Write a program to demonstrate the concept of
collection and generics.

Web forms in ASP.NET provide a powerful way to create interactive and user-friendly web applications. A web
form is a container for controls like textboxes, buttons, and dropdown lists that allow users to input data and
interact with the application. The main purpose of web forms is to create a user interface that enables users to
input and manipulate data, and then process that data on the server.

1/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

Now, let's delve into demonstrating the concept of collections and generics in C#:

Collections are essential data structures used to store and manipulate groups of objects. One common type of
collection in C# is the List collection. Lists provide dynamic sizing, allowing elements to be added or removed
as needed. Here's an example of how to use a List to store and display a collection of integers:

using System;
using System.Collections.Generic;

namespace CollectionAndGenericsExample
{
class Program
{
static void Main(string[] args)
{
List<int> numbers = new List<int>();
numbers.Add(10);
numbers.Add(20);
numbers.Add(30);

Console.WriteLine("Numbers in the list:");

foreach (int num in numbers)
{
Console.WriteLine(num);
}
}
}
}

Generics in C# provide a way to create classes, methods, or interfaces that work with different data types while
maintaining type safety. In the example above, List<int> is a generic type that specifies that the list will
contain integers. This ensures type safety at compile-time.

Question 2: Explain the uses of cookies. What types of vulnerabilities can occur in a web application?
Show the case of a Cross-site Scripting attack.

Cookies are small pieces of data stored on the client's browser. They are used to store user-specific
information or session data across multiple requests. Cookies have various uses in web applications, such as:

Session Management: Cookies can be used to maintain user sessions, allowing users to navigate
between pages without re-authenticating.
Personalization: Cookies can store user preferences or customization settings, providing a
personalized experience.
Tracking: Cookies can track user behavior, such as which pages they visit or items they add to a
shopping cart.
Remember Me: Cookies can remember user login information to enable automatic login on
subsequent visits.

However, along with their benefits, cookies can also introduce security vulnerabilities. One such vulnerability is
Cross-site Scripting (XSS), where malicious scripts are injected into web pages viewed by other users. This can
2/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

lead to unauthorized access, data theft, and other malicious activities.

For instance, consider a scenario where an attacker injects a malicious script into a web page's input field.
When another user views this page, the script executes in their browser, potentially stealing their session
cookies or personal data.

To prevent XSS attacks, developers must validate and sanitize user input, encode output data, and implement
security mechanisms like Content Security Policy (CSP) to control which scripts can run.

Question 3: Describe any two hosting models for core application. Design a client-side validation
application using jQuery for taking input data from a student in the Library Management System,
assuming your own assumptions.

Two hosting models for ASP.NET Core applications are:

1. In-process Hosting Model: In this model, the application runs within the same process as the IIS
(Internet Information Services) worker process. It provides better performance since there's no
communication overhead between the application and the server.

2. Out-of-process Hosting Model: In this model, the application runs in a separate process from the IIS
worker process. It provides higher isolation and robustness, allowing the application to continue
running even if the IIS worker process crashes.

Now, let's design a client-side validation application using jQuery for the Library Management System:

Assumptions:

The Library Management System has a student registration form with fields such as name, student ID,
email, and book selection.
We want to use client-side validation to ensure data integrity before submitting the form to the server.

Here's a simplified example of how you could implement client-side validation using jQuery:

<!DOCTYPE html>
<html>
<head>
<title>Library Management System</title>
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script>
$(document).ready(function () {
$("#submitBtn").click(function () {
var name = $("#name").val();
var studentId = $("#studentId").val();
var email = $("#email").val();
var bookSelection = $("#bookSelection").val();

if (
name === "" ||
studentId === "" ||
email === "" ||
bookSelection === ""
) {
3/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

alert("All fields are required!");

return false; // Prevent form submission
}

// Additional validation logic can be added here

return true; // Allow form submission

});
});
</script>
</head>
<body>
<h1>Student Registration</h1>
<form action="submit-form.php" method="post">
Name: <input type="text" id="name" /><br />
Student ID: <input type="text" id="studentId" /><br />
Email: <input type="email" id="email" /><br />
Book Selection:
<select id="bookSelection">
<option value="">Select a book</option>
<option value="book1">Book 1</option>
<option value="book2">Book 2</option>
<!-- Additional book options --></select
><br />
<input type="submit" value="Submit" id="submitBtn" />
</form>
</body>
</html>

In this example, when the "Submit" button is clicked, the jQuery code validates that all fields are filled out
before allowing the form to be submitted to the server. This helps ensure that the data entered by the student
is valid and complete before it is sent for further processing.

Please let me know if you need further clarification or details, Sir.

PROMPT:

continue for all questions

RESPONSE:

Of course, Sir. I'll continue to provide detailed answers for the remaining questions:

Group B (5 marks questions)

Question 4: How do you assign roles, claims, and policies? Explain with an example.

In ASP.NET Core, roles, claims, and policies are used for implementing authorization and access control. Roles
define specific roles that a user can have, claims represent specific pieces of information about the user, and
policies are sets of requirements that a user must meet to access a resource.

For example, let's say we have an e-commerce application where users can be customers or administrators.
We'll assign roles, claims, and policies to manage access:
4/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

1. Roles: We define roles like "Customer" and "Administrator". A user can have one or more roles assigned
to them. For instance, an administrator may have both roles, while a customer has only the "Customer"
role.

2. Claims: Claims are used to provide additional information about a user. For example, we can assign a
claim to an administrator indicating they have special privileges to manage products. Claims are stored
in tokens and can be checked to make access decisions.

3. Policies: Policies combine roles and claims into higher-level authorization rules. For instance, we can
define a policy that allows access to a specific admin panel only if the user has the "Administrator" role
and the "CanManageProducts" claim.

Here's an example of how we might use these concepts in ASP.NET Core:

// Startup.cs

public void ConfigureServices(IServiceCollection services)

{
// Role-based authorization
services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireRole("Administrator"));
});

// Claims-based authorization
services.AddAuthorization(options =>
{
options.AddPolicy("ManageProductsPolicy", policy =>
policy.RequireClaim("CanManageProducts"));
});

// Add other services...

}

// Controller action

[Authorize(Roles = "Administrator")]
public IActionResult AdminPanel()
{
// Only administrators can access this action
return View();
}

Question 5: What types of problems lead to SQL injection attack? Discuss any two types of ASP.Net
host models.

5/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

SQL injection occurs when malicious SQL queries are injected into user-provided input. This can happen when
input is not properly sanitized or validated. Two common types of SQL injection attacks are:

1. Classic SQL Injection: In this attack, an attacker provides malicious input that is concatenated with SQL
queries. For example, consider a login form where a user enters their username and password. An
attacker could input something like ' OR '1'='1 as the password, causing the query to always return
true, granting unauthorized access.

2. Blind SQL Injection: In this attack, the attacker doesn't directly see the results of the injected query.
Instead, they infer information based on the application's behavior. For example, they might inject a
query that causes a delay, and if the application's response is slower, they deduce that their injection
was successful.

Now, let's discuss the two ASP.NET Core host models:

1. In-process Hosting: In this model, the application runs within the same process as the hosting server
(e.g., IIS). It offers better performance as there's no communication overhead between the application
and the server. However, if the application crashes, it can bring down the entire server.

2. Out-of-process Hosting: Here, the application runs in a separate process from the hosting server. This
provides better isolation and robustness. If the application crashes, the server remains unaffected.
However, there is slightly more communication overhead between the application and the server.

Question 6: What does a single-page application mean? Discuss server-side strategies.

A single-page application (SPA) is a type of web application that interacts with the user by dynamically
rewriting the current page, rather than loading entire new pages from the server. SPAs provide a smoother
user experience by reducing page reloads and providing a more desktop-like feel.

Server-side strategies for SPAs involve rendering some parts of the page on the server while also allowing
client-side scripting to handle dynamic updates. One approach is:

1. Server-Side Rendering (SSR): In SSR, the initial HTML is generated on the server and sent to the client.
This improves initial load times and ensures content is accessible to search engines. After that, the
client-side script takes over for dynamic updates. ASP.NET Core supports SSR through frameworks like
Angular Universal or React Server-side Rendering.

Another approach that is not server-side, but rather a combination of client-side and server-side strategies:

2. Isomorphic Apps: These apps use the same codebase for both client-side and server-side rendering.
The initial HTML is generated on the server, and the client-side script takes over from there. This
ensures consistency between client and server views.

It's important to choose the right strategy based on your application's requirements and goals.

Question 7: Write an ADO.NET application to read the data from the existing table MOVIE(id, name,
genre), where genre is “comedy”.

Here's how you can write an ADO.NET application to read data from a SQL Server table named MOVIE where
the genre is "comedy":

6/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

using System;
using System.Data.SqlClient;

namespace AdoNetExample
{
class Program
{
static void Main(string[] args)
{
string connectionString = "Your_Connection_String_Here";
string sqlQuery = "SELECT id, name FROM MOVIE WHERE genre =
'comedy'";

using (SqlConnection connection = new

SqlConnection(connectionString))
{
connection.Open();

using (SqlCommand command = new SqlCommand(sqlQuery,

connection))
{
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
int id = reader.GetInt32(0);
string name = reader.GetString(1);

Console.WriteLine($"Movie ID: {id}, Name:

{name}");
}
}
}
}
}
}
}

Please replace "Your_Connection_String_Here" with the actual connection string for your SQL Server
database.

Question 8: Differentiate between .NET and ASP.NET frameworks. How do you test the .NET core
applications?

.NET is a development platform that provides a runtime environment for executing applications. It includes a
framework for building various types of applications, including web, desktop, mobile, and more. .NET
Framework (previously known as just .NET) primarily targets Windows environments.

ASP.NET is a subset of the .NET framework specifically designed for building web applications. It provides
libraries, tools, and frameworks for creating dynamic web pages, web services, and more.

7/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

Testing .NET Core Applications: To test .NET Core applications, you can use various testing frameworks and
tools, such as:

1. xUnit.net: A popular testing framework that provides a simple and extensible approach to writing unit
tests.

2. NUnit: Another widely used testing framework for unit testing in .NET Core.

3. MSTest: Microsoft's own testing framework, included with Visual Studio, suitable for unit testing and
integration testing.

4. Moq: A mocking framework for creating mock objects during unit testing.

5. Test-driven development (TDD): This approach involves writing tests before writing the actual code. It
ensures that the code meets the specified requirements and helps in maintaining code quality.

By using these testing frameworks and practices, you can write and execute various types of tests, such as unit
tests, integration tests, and end-to-end tests, to ensure the reliability and correctness of your .NET Core
applications.

Question 9: Define HTTP. Explain the MVC pattern.

HTTP (Hypertext Transfer Protocol): HTTP is the protocol used for transferring data over the internet. It is
the foundation of data communication on the World Wide Web. When you enter a web address in your
browser, the browser uses HTTP to request resources from a web server, and the server responds with the
requested data, usually in the form of web pages.

MVC (Model-View-Controller) Pattern: MVC is a design pattern used in software development to separate
an application's concerns into three main components:

1. Model: Represents the data and business logic of the application. It handles data storage, retrieval, and
manipulation.

2. View: Represents the user interface. It's responsible for displaying the data to the user and handling
user interactions.

3. Controller: Acts as an intermediary between the Model and View. It processes user input, updates the
Model, and interacts with the View to display the appropriate information.

In the context of ASP.NET, the MVC pattern is used for structuring web applications. ASP.NET MVC allows
developers to create well-organized, maintainable, and testable code by separating concerns and providing a
clear architecture for building web applications.

Question 10: What does dependency injection and IOC container mean? Explain.

Dependency Injection (DI): Dependency Injection is a design pattern that promotes loose coupling between
components in a software system. It involves injecting dependencies (i.e., objects or services that a class relies
on) into a class from external sources, rather than the class creating them itself. This improves testability,
reusability, and maintainability of the code.

Inversion of Control (IoC) Container: An IoC container is a software framework that manages the lifecycle of
objects and their dependencies. It automates the process of creating, initializing, and injecting dependencies

8/9
Exam Analysis_ Syllabus & Papers.md 8/15/2023

into classes. Developers configure the container with the necessary bindings between classes and interfaces,
and the container takes care of providing instances as needed.

For example, in ASP.NET Core, the built-in IoC container manages the injection of services into controllers,
middleware, and other components. This allows you to focus on writing business logic without worrying about
creating and managing instances of dependencies.

Question 11: What is a tag helper? Discuss razor syntax with an example.

Tag Helper: Tag Helpers are a feature in ASP.NET Core MVC that allow developers to create HTML elements
with server-side logic. They enhance the readability of views by embedding server-side code within HTML
tags. Tag Helpers are used to generate dynamic HTML elements and attributes, making it easier to work with
server-side data in views.

Razor Syntax and Example: Razor is a markup syntax used in ASP.NET Core to embed server-side code
within views. Here's an example of using Razor syntax and a Tag Helper to display a list of items:

<ul>
@foreach (var item in Model.Items) {
<li>@item.Name</li>
}
</ul>

In this example, the @ symbol denotes Razor code. The foreach loop iterates over Model.Items and
dynamically generates a list item for each item's name using the item.Name property.

Question 12: Write short notes on (any two):

Lambda Expression: A Lambda Expression is a concise way to define anonymous methods or functions in C#.
It provides a way to write inline code that can be used as delegates, making code more compact and
readable. For example:

Func<int, int> square = x => x * x;

int result = square(5); // result is 25

Containerization using Docker: Docker is a platform that allows you to package, distribute, and run
applications and their dependencies in isolated environments called containers. Containerization helps ensure
consistent environments for application deployment across different systems.

Delegates and Events: Delegates are C# objects that hold references to methods, allowing method calls to be
treated as objects. They enable the implementation of callback mechanisms and event handling. Events are a
higher-level abstraction built on top of delegates, providing a way to notify subscribers when a certain action
or state change occurs. They are commonly used for event-driven programming in GUI applications and other
scenarios.

If you have any further questions or need more elaboration, Sir, please feel free to ask.

9/9