Professional Documents
Culture Documents
• Forms authentication can be easily implemented using login controls without writing
any code.
• Login control performs functions like prompting for user credentials, validating them
and issuing authentication just as the FormsAuthentication class.
• However, all that’s needs to be dne is to drag and drop the use control from the tool
box to have these checks performed implicitly.
• The FormsAuthentication class is used in the background for the authentication ticket
and ASP.NET membership is used to validate the user credentials.
Login control provides form authentication. If we implement for authentication through form
authentication then we do it through code. On the other hand, login control allows the easy
implementation on the basis of form authentication without writing much of code. Underneath
the control, the class used for login control is also FormAuthentication class. So instead of
creating your own set of user credential validations and issuing of authentication ticket, it is
simpler to use a normal login control.
• Fragment caching refers to the caching of individual user controls within a Web
Form.
• Each user control can have independent cache durations and implementations of
how the caching behavior is to be applied.
• Fragment caching is useful when you need to cache only a subset of a page.
• Navigation bars, header, and footers are good candidates for fragment caching.
Fragment caching allows to cache specific portions of the page rather than the whole page. It
is done by implementing the page in different parts by creating everything in form of user
controls and caching each user control individually.
When there is a need to keep the business logic separate from the User Interface or when
there is some class which is big enough to have multiple number of developers implement the
methods in it, the class can be separated and written in different files as partial class.
//syntax for C#
Public partial class MyPartialClass1
{
//code
}
ASP.NET - What is partial classess in .net? - June 04, 2009 at 18:00 PM by Shuchi
Gauri
Partial classes allow us to divide the class definition into multiple files (physically). Logically,
all the partial classes are treated as a single file by the compiler.
http:// localhost/form.aspx?param1=career¶m2=ride
This html addresses use QueryString property to pass values between pages.
The above code is a submit button event handler and it sends the values of the query string to
the second page.
The following code demonstrates how to retrieve these valus on the second page:
private void Page_Load(object sender, System.EventArgs e)
{
this.form2TextField1.Text = Request.QueryString["Param1"];
this. form2TextField2.Text = Request.QueryString["Param2"];
}
You can also use the following method to retrieve the parameters in the string:
What is a ViewState?
• If a site happens to not maintain a ViewState, then if a user has entered some
information in a large form with many input fields and the page is refreshes, then the
values filled up in the form are lost.
• The same situation can also occur on submitting the form. If the validations return an
error, the user has to refill the form.
• Thus, submitting a form clears up all form values as the site does not maintain any
state called ViewState.
• In ASP .NET, the ViewState of a form is maintained with a built-in state management
technique keeps the state of the controls during subsequent postbacks by a particular
user.
• The ViewState indicates the status of the page when submitted to the server. The
status is defined through a hidden field placed on each page with a <form
runat="server"> control.
<input type="hidden" name="__VIEWSTATE" value="CareerRide">
• The ViewState option can be disabled by including the directive <%@ Page
EnableViewState="false"%> at the top of an .aspx page
• If a ViewState of a certain control has to be disabled, then set
EnableViewState="false".
ASP.NET - What is ViewState? Explain its benefits and limitations - May 08, 2009 at
17:40 PM by Shuchi Gauri
Advantages:
i) No server resources.
ii) Viewstate ensures security because it stores the data in encrypted format.
iii) Viewstates are simple. They are used by enabling or disabling the viewstate properties.
iv) It is based on the wish of developer that they want to implement it at the page level or at
control level.
Disadvantages:
i) If large amount of data is stored on the page, then page load might cause a problem.
ii) Does not track across pages. Viewstate information does not automatically transfer from
page to page.
What is Viewstate?
Viewstate is the mechanism that automatically saves the values of the page's items just
before rendering the page. It stores items added to a page’s ViewState property as hidden
fields on the page.
With the ‘src’ attribute, the source code files are deployed and are compiled by the JIT as
needed.
Though the code is available to everyone with an access to the server (NOT anyone on the
web), this method is preferred as it does away with the compilation of the DLLs.
‘CodeBehind’ attribute just has the VS.NET associate the code file with the aspx file. This is
necessary since VS.NET automates the pre-compiling that is harder by hand.
Due to this the ‘Src’ attribute is done away with having only a DLL to be deployed enhancing
the protection level even though it can be decompiled.
ASP.NET - Difference between src and Code-Behind. - June 04, 2009 at 15:00 PM
by Shuchi Gauri
Src: is a way mention the name of the code-behind class to dynamically compile on the
request for a page.
Code-behind: is the logic written behind the UI design file. It specifies the name of the
compiled file that contains the class. Code-behind attribute is only used for.Net.
A URL (Uniform Resource Locator) is the address of some resource on the Web. A resource
is nothing but a page of a site. There are other type of resources than Web pages, but that's
the easiest conceptually.
ASP.NET - What is the difference between URL and URI? - June 04, 2009 at 15:00 PM
by Shuchi Gauri
URI - Uniform Resource Identifier: it’s a string and its responsibility is to identify a resource by
meta-information. It gives information about only one resource.
URL - Uniform Resource Locator: identifies the resource on the net and tells it is obtainable
using what protocols.
Previously, in ASP.NET, the pages and the code used to be compiled dynamically and then
cached so as to make the requests to access the page extremely efficient. In ASP.NET 2.0,
the pre-compilation feature is used with which an entire site is precompiled before it is made
available to users.
There is a pre-defined folder structure for enabling the pre-compilation feature:
ASP.NET - What is the Pre-Compilation feature of ASP.NET 2.0? - June 04, 2009 at
15:00 PM by Shuchi Gauri
It is a process where things that can be handled before compilation are prepared in order to
reduce the deployment time, response time, increase safety. It’s main aim to boost
performance.
During development, it allows you to make changes to the web pages and reuse it using the
same web browser to validate the changes without compiling the entire website.
During deployment, it generates the entire website folder structure in the destination. All the
static files are copied to the folder and bin directory would later on contain the compiled dll.
Custom controls are user defined controls. They can be created by grouping existing controls,
by deriving the control from System.Web.UI.WebControls.WebControl or by enhancing the
functionality of any other custom control. Custom controls are complied into DLL’s and thus
can be referenced by as any other web server control.
It's a way in CLR to maintain a boundary between various applications to ensure that they do
not interfere in working of any other application. CLR acts as a mini operating system where a
single process may have various application domains.
Explain the two different types of remote object creation mode in .NET.
SAO Server Activated Object (call mode): lasts the lifetime of the server. They are
activated as SingleCall/Singleton objects. It makes objects stateless. A SingleCall object gets
created for each request by client and A Singleton object is created once on the server and is
shared by all the clients.
CAO (Client Activated Objects): CAO creates stateful objects. The object creation request
is based on the request by client side. Therefore, the lifetime is based on client and not
server. Single instance of object is created for every call.
1. Server
2. Client: This connects to the hosted remoting object
3. Common Interface between client and the server .i.e. the channel
a. When a client object wants to create an instance of the server object, the remoting system
at the client creates a proxy of the server object. The proxy object is at the client but behaves
exactly like the remote object i.e. the server object.
b. The proxy passes the call information to the remoting system on the client. Client remoting
system then sends the information to the remoting system on the server which then invokes
the actual method on the server object. The remoting system on the server then passes the
result information back to the client remoting system.
c. The client remoting system returns the results to the client object through the proxy
Singleton architecture is to be used when all the applications have to use or share same data.
The LeaseTime property protects the object so that the garbage collector does not destroy it
as remoting objects are beyond the scope of the garbage collector. Every object created has
a default leasetime for which it will be activated. Once the leasetime expires, the object is
eligible again for garbage collector and is eventually destroyed. Default value is 5 minutes.
Even though the leasetime of an object has expired, there still may be clients who would still
need the remoting object on the server. In such cases the leasemanager keeps a track of
such clients and asks them if they need the object and are ready to extend or sponsor the
object to extend its existence. This is done through SponsorshipTime property, which is then
based on the sponsor.
The RenewOnCallTime property defines the duration for which a remoting object's lease is
extended if a sponsor is found. The default value is 2 minutes.
The LeaseManager class has a property PollTime, which defines the frequency at which the
LeaseManager polls the leases. Default is 10 seconds
The remoting parameters can be specified through both programming and in config files. All
the settings defined in config files are placed under <system.runtime.remoting>
Marshaling is a process of transforming or serializing data from one application domain and
exporting it to another application domain.
• Marshal by value: a copy of an object is created by the server and is passed and
used by the client.
• Marshal by reference: the client creates a proxy to access the object.
ObjRef is a searializable object returned by Marshal() that knows about location of the remote
object, host name, port number, and object name.
• Client communicates to UDI node to retrieve a list of available web services that the
client has access to.
• Every service listed has a URI pointing to the service's DISCO or WSDL document,
which is needed to access the webservice and its 'webmethod" methods.
• After interpreting the DISCO document, follow the URI for the WSDL document
related to the chosen webservice.
• Client then adds and parses the WSDL document and creates a proxy object which
can then communicate with Webservice and access its "webmethod" methods
Creation:
• a. Create a new website by selecting "ASP.NET Web Site" and giving it a suitable
name.
• b. service.cs file appears inside the solution with a default webmethod named as
"HelloWorld()"
• c. Right click on the webservice project and add a web reference instead of adding a
normal reference.
• d. A window appears that displays a list of webservices knows to the solution.
• e. Click on "Webservices in this solution"
• f. a search progress bar appears and
• g. Select the service that appears in the list
• h. progress bar appears once again.
• i. web method appears on the screen
• j. Click on "Add reference" button. This would add localhost
• k. solution would have App_WebReference folder
Consumption or Usage:
Caching Object: The lifetime of cache is throughout the lifetime of an application or is based
upon timeouts
What is Scavenging?
A process where items are removed from cache in order to free the memory based on their
priority. A property called "CacheItemPriority" is used to figure out the priority of each item
inside the cache. This priority property is set when an item is added to the cache.
Caching technique allows to store/cache page output or application data on the client. The
cached information is used to serve subsequent requests that avoid the overhead of
recreating the same information. This enhances performance when same information is
requested many times by the user.
Advantages of Caching
The duration parameter specifies for how long the page would be in cache and the
VaryByParam parameter is used to cache different version of the page.
The VaryByParam parameter is useful when we require caching a page based on certain
criteria.
Data Caching
Data Caching is implemented by using Cache object to store and quick retrieval of application
data.
Cache object is just like application object which can be access anywhere in the application.
The lifetime of the cache is equivalent to the lifetime of the application. .
Exception handling correct unusual occurrences and prevent application from getting
terminated. You can use Try(try) block and Error event procedures to handle exceptions.
Exceptions or errors are unusual occurrences that happen within the logic of an application.
The CLR has provided structured way to deal with exceptions using Try/Catch block.
ASP.NET also supports exception handling through server events such as Page_Error and
Application_Error events.
What are the ways of handling exceptions in ASP.NET?
You can enclose code in Try/Catch/Finally block. You can catch all exceptions in the catch
block. The third part of this block is finally. It is executed irrespective of the fact that an
exception has been raised.
ASP.NET supports events that occur when any unhandled exception occurs in an application.
These events are called as Error Events.
• Page_Error : This is page event and is raised when any unhandled exception occur in
the page.
• Application_Error: This is application event and is raised for all unhandled exceptions
in the ASP.NET application and is implemented in global.asax
Exception handling is used to prevent application from being stuck due to unusual
occurrences. If the exceptions are handled properly, the application will never get terminated
abruptly.
You can use tracing with exception handling to log unanticipated exception to the trace log.
The log file can be used to diagnose unanticipated problems and thus can be corrected
Authorization is process of checking whether the user has access rights to the system.
By default, ASP.NET executes in the security context of a restricted user account on the local
machine.
This can be done away with using impersonation. ASP.NET can then execute the request
using the identity of the client making the request.
Impersonation is a technique to access application resources using the identity of some other
user.
To enable impersonation:
The passing of the control from the child to the parent is called as bubbling. Controls like
DataGrid, Datalist, Repeater, etc can have child controls like Listbox, etc inside them. An
event generated is passed on to the parent as an ItemCommand.
ASP.NET runs inside the process of IIS due to which there are two authentication layers
which exist in the system.
First authentication happens at the IIS level and the second at ASP.NET level per the
WEB.CONFIG file.
Working:
At first, IIS ensures that the incoming request is from an authenticated IP address.
Otherwise the request is rejected.
By default IIS allows anonymous access due to which requests are automatically
authenticated.
However, if this is changed, IIS performs its own user authentication too.
Resources can include ASP.net page, code access security features to extend authorization
step to disk files, registry keys, etc.
The process of identifying a user through the use of an ID and a password is known as
Authentication.
Selection of an authentication provider is done through the entries in the web.config file for an
application.
<authentication mode=”windows”>
<authentication mode=”passport”>
<authentication mode=”forms”>
Custom authentication needs installation of ISAPI filter in IIS. It compares incoming requests
to a list of source IP addresses and a request is considered to be authenticated if it comes
from an acceptable address.
b. Form Authentication: It’s a custom security based on roles and user accounts created
specifically for an application.
Basic: users must provide a windows username and password to connect. This information is
plain text which makes this mode insecure.
Digest: Users need to provide a password which is sent over the network. However in this
case the password is hashed. It also requires that all users be using IE 5 or later versions.
Windows integrated: passwords are not sent over the network. The application uses either the
Kerberos or challenge/response protocols authenticate the user. Users need to be running IE
3.01 or later.
Passport authentication
Passport uses an encrypted cookie mechanism to indicate authenticated users. The passport
users are considered authenticated while the rest are redirected to the passport servers to log
in, after which they are redirected back to the site.
Forms authentication
Using form authentication, ones own custom logic can be used for authentication.
ASP.NET checks for the presence of a special session cookie when a user requests a page
for the application. Authentication is assumed if the cookie is present else the user is
redirected to a web form.
<identity impersonate=”false”/>
With ASP.NET won’t perform any authentication and would run with its own privileges. The
default is an unprivileged account named ASPNET. It can be changed a setting in the
processModel section of the machine.config file.
Disabling impersonation runs the entire request in the context of the account running
ASP.NET (ASPNET account or the system account).
Here, ASP.NET takes on the identity IIS passes to it. If anonymous access is allowed in IIS,
then the IUSR_ComputerName account will be impersonated otherwise ASP.NET will take
the authenticated user credentials and make requests for resources.
With this, the requests are made as the specified user. The password is assumed to be
correct. The drawback is that you must embed the user’s password in the web.config file in
plain text which is a security risk.
URL authorization:
File authorization:
Similarities:
DataSource Property
DataBind Method
ItemDataBound
ItemCreated
When the DataSource Property of a Datagrid is assigned to a DataSet then each
DataRow present in the DataRow Collection of DataTable is assigned to a
corresponding DataGridItem.
Difference:
Datagrid
The HTML code generated has an HTML TABLE element created for the particular DataRow
and is a tabular representation with Columns and Rows. Datagrid has a in-built support for
Sort, Filter and paging the Data.
Datalist
An Array of Rows and based on the Template Selected and the RepeatColumn
Property value The number DataSource records that appear per HTML
Repeater Control
The Datarecords to be displayed depend upon the Templates specified and the
only HTML generated accordingly. Repeater does not have in-built support for
Sort, Filter and paging the Data.
Datagrid, Datalist and repeater in ASP.NET - June 07, 2009 at 10:30 AM by Shuchi
Gauri
What are the events in GLOBAL.ASAX file in ASP.NET? - March 31, 2009 at 18:30 PM
by Amit Satpute
Application_Init
Fired when an application initializes or is first called. It is invoked for all HttpApplication object
instances.
Application_Disposed
Fired just before an application is destroyed. This is the ideal location for cleaning up
previously used resources.
Application_Error
Fired when an unhandled exception is encountered within the application.
Application_Start
Fired when the first instance of the HttpApplication class is created.It allows you to create
objects that are accessible by all HttpApplication instances.
Application_End
Fired when the last instance of an HttpApplication class is destroyed. It is fired only once
during an application's lifetime.
Application_BeginRequest
Fired when an application request is received. It is the first event fired for a request, which is
often a page request (URL) that a user enters
Application_EndRequest
The last event fired for an application request.
Application_PreRequestHandlerExecute
Fired before the ASP.NET page framework begins executing an event handler like a page or
Web service.
Application_PostRequestHandlerExecute
Fired when the ASP.NET page framework has finished executing an event handler
Applcation_PreSendRequestHeaders
Fired before the ASP.NET page framework sends HTTP headers to a requesting client
(browser)
Application_PreSendContent
Fired before the ASP.NET page framework send content to a requesting client (browser).
Application_AcquireRequestState
Fired when the ASP.NET page framework gets the current state (Session state) related to the
current request.
Application_ReleaseRequestState
Fired when the ASP.NET page framework completes execution of all event handlers. This
results in all state modules to save their current state data
Application_ResolveRequestCache
Fired when the ASP.NET page framework completes an authorization request. It allows
caching modules to serve the request from the cache, thus bypassing handler execution.
Application_UpdateRequestCache
Fired when the ASP.NET page framework completes handler execution to allow caching
modules to store responses to be used to handle subsequent requests
Application_AuthenticateRequest
Fired when the security module has established the current user's identity as valid. At this
point, the user's credentials have been validated
Application_AuthorizeRequest
Fired when the security module has verified that a user can access resources
Session_Start
Fired when a new user visits the application Web site
Session_End
Fired when a user's session times out, ends, or they leave the application Web site
What are the events in GLOBAL.ASAX file in ASP.NET? - March 31, 2009 at 18:30 PM
by Amit Satpute
Application_Init
Fired when an application initializes or is first called. It is invoked for all HttpApplication object
instances.
Application_Disposed
Fired just before an application is destroyed. This is the ideal location for cleaning up
previously used resources.
Application_Error
Fired when an unhandled exception is encountered within the application.
Application_Start
Fired when the first instance of the HttpApplication class is created.It allows you to create
objects that are accessible by all HttpApplication instances.
Application_End
Fired when the last instance of an HttpApplication class is destroyed. It is fired only once
during an application's lifetime.
Application_BeginRequest
Fired when an application request is received. It is the first event fired for a request, which is
often a page request (URL) that a user enters
Application_EndRequest
The last event fired for an application request.
Application_PreRequestHandlerExecute
Fired before the ASP.NET page framework begins executing an event handler like a page or
Web service.
Application_PostRequestHandlerExecute
Fired when the ASP.NET page framework has finished executing an event handler
Applcation_PreSendRequestHeaders
Fired before the ASP.NET page framework sends HTTP headers to a requesting client
(browser)
Application_PreSendContent
Fired before the ASP.NET page framework send content to a requesting client (browser).
Application_AcquireRequestState
Fired when the ASP.NET page framework gets the current state (Session state) related to the
current request.
Application_ReleaseRequestState
Fired when the ASP.NET page framework completes execution of all event handlers. This
results in all state modules to save their current state data
Application_ResolveRequestCache
Fired when the ASP.NET page framework completes an authorization request. It allows
caching modules to serve the request from the cache, thus bypassing handler execution.
Application_UpdateRequestCache
Fired when the ASP.NET page framework completes handler execution to allow caching
modules to store responses to be used to handle subsequent requests
Application_AuthenticateRequest
Fired when the security module has established the current user's identity as valid. At this
point, the user's credentials have been validated
Application_AuthorizeRequest
Fired when the security module has verified that a user can access resources
Session_Start
Fired when a new user visits the application Web site
Session_End
Fired when a user's session times out, ends, or they leave the application Web site
LOW (IIS process):- In this main IIS process and ASP.NET application run in same process
due to which if one crashes, the other is also affected.
Medium (Pooled):- In Medium pooled scenario the IIS and web application run in different
process.
High (Isolated):-In high isolated scenario every process is running is there own process. This
consumes heavy memory but has highest reliability
FlowLayout positions items down the page like traditional HTML. This approach results in
pages that are compatible with a wider range of browsers.
What is AppSetting Section in “Web.Config” file?
AppSetting section is used to set the user defined values. For e.g.: The ConnectionString
which is used through out the project for database connection.
<configuration>
<appSettings><BR><addkey="ConnectionString"value="server=xyz;pwd=www;database=test
ing" />
</appSettings>
AppSetting section in the configuration file is a section that allows us to keep configurable and
application wide settings (for e.g.: ConnectionString) that an application requires in order to
perform the tasks properly. This helps in easy maintenance and deployment of the
application.
Web.confg:
<appsettings>
<add key="ConnectionString" value="(your connection string)" />
</appsettings>
Code behind:
string strConnection = ConfigurationSettings.AppSettings["ConnectionString"];
Server.Transfer
Response.Redirect
The Transfer method transfers from inside of one ASP page to another ASP page.
Transfer passes the context information to the called page.
The state information that has been created for an ASP page gets transferred to the other
ASP page which comprises of objects and variables within an Application or Session scope,
and all items in the Request collections.
Response.Redirect
The redirect message issues HTTP 304 to the browser and causes browser to go to the
specified page. There is round trip between client and server.
Redirect doesn’t pass context information to the called page
The passing of the control from the child to the parent is called as bubbling. Controls like
DataGrid, Datalist, Repeater, etc can have child controls like Listbox, etc inside them. An
event generated is passed on to the parent as an ItemCommand