Friday, April 3, 2009

ASP.NET Application and Security Interview Questions Part I

1. Security types in ASP/ASP.NET? Different Authentication modes?

2. How .Net has implemented security for web applications?

3. How to do Forms authentication in

4. Explain authentication levels in .net ?

5. Explain autherization levels in .net ?

6. What is Role-Based security?

Ans. A role is a named set of principals that have the same privileges with respect to security (such as a teller or a manager). A principal can be a member of one or more roles. Therefore, applications can use role membership to determine whether a principal is authorized to perform a requested action.

7. How will you do windows authentication and what is the namespace?

Ans. If a user is logged under integrated windows authentication mode, but he is still not able to logon, what might be the possible cause for this? In ASP.Net application how do you find the name of the logged in person under windows authentication?

8. What are the different authentication modes in the .NET environment?

timeout="30" path="/" >

Attribute Option Description
mode Controls the default authentication mode for an application.
Windows Specifies Windows authentication as the default authentication mode. Use this mode when using any form of Microsoft Internet Information Services (IIS) authentication: Basic, Digest, Integrated Windows authentication (NTLM/Kerberos), or certificates.
Forms Specifies ASP.NET forms-based authentication as the default authentication mode.
Passport Specifies Microsoft Passport authentication as the default authentication mode.
None Specifies no authentication. Only anonymous users are expected or applications can handle events to provide their own authentication.

9. How do you specify whether your data should be passed as Query string and Forms (Mainly about POST and GET)

Ans. Through attribute tag of form tag.

10. What is the other method, other than GET and POST, in ASP.NET?

11. What are validator?

Ans. Name the Validation controls in How do u disable them? Will the validators run in server side or client side? How do you do Client-side validation in .Net? How to disable validator control by client side JavaScript?
A set of server controls included with ASP.NET that test user input in HTML and Web server controls for programmer-defined requirements. Validation controls perform input checking in server code. If the user is working with a browser that supports DHTML, the validation controls can also perform validation ("EnableClientScript" property set to true/false) using client script.
The following validation controls are available in
RequiredFieldValidator Control, CompareValidator Control, RangeValidator Control, RegularExpressionValidator Control, CustomValidator Control, ValidationSummary Control.

12. Which two properties are there on every validation control?

Ans. ControlToValidate, ErrorMessage

13. How do you use css in

Ans. Within the head section of an HTML document that will use these styles, add a link to this external CSS style sheet that
follows this form:

15. How do you implement postback with a text box? What is postback and usestate?

Ans. Make AutoPostBack property to true

16. How can you debug an ASP page, without touching the code?

17. What is SQL injection?

Ans. An SQL injection attack "injects" or manipulates SQL code by adding unexpected SQL to a query.
Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.
Username: ' or 1=1 ---
Password: [Empty]
This would execute the following query against the users table:
select count(*) from users where userName='' or 1=1 --' and userPass=''

No comments: