ASP.NET?

What’ is the sequence in which ASP.NET events are

processed ?

Following is the sequence in which the events occur :-

√ Page_Init.

√ Page_Load.

√ Control events

√ Page_Unload event.

Page_init event only occurs when first time the page is started, but Page_Load occurs in

subsequent request of the page.

(B) In which event are the controls fully loaded ?

Page_load event guarantees that all controls are fully loaded. Controls are also accessed

in Page_Init events but you will see that viewstate is not fully loaded during this event.

(B) How can we identify that the Page is PostBack ?

Page object has a “IsPostBack” property which can be checked to know that is the page

posted back.

(B) How does ASP.NET maintain state in between

subsequent request ?

Refer caching chapter.

(A) What is event bubbling ?

Server controls like Datagrid, DataList, Repeater can have other child controls inside

them. Example DataGrid can have combo box inside datagrid. These child control do not

raise there events by themselves, rather they pass the event to the container parent (which

can be a datagrid, datalist, repeater), which passed to the page as “ItemCommand” event.

As the child control send there events to parent this is termed as event bubbling.

223

(B) How do we assign page specific attributes ?

Page attributes are specified using the @Page directive.

(A) Administrator wants to make a security check that no

one has tampered with ViewState, how can he ensure this ?

Using the @Page directive EnableViewStateMac to True.

(B) What is the use of @ Register directives ?

@Register directive informs the compiler of any custom server control added to the

page.

(B) What’s the use of SmartNavigation property ?

It’s a feature provided by ASP.NET to prevent flickering and redrawing when the page is

posted back.

Note:- This is only supported for IE browser. Project’s who have browser compatibility as

requirements have to think some other ways of avoiding flickering.

(B) What is AppSetting Section in “Web.Config” file ?

Web.config file defines configuration for a webproject. Using “AppSetting” section we

can define user defined values. Example below defined is “ConnectionString” section

which will be used through out the project for database connection.

<configuration>

<appSettings>

<add key=”ConnectionString” value=”server=xyz;pwd=www;database=testing” />

</appSettings>

(B) Where is ViewState information stored ?

In HTML Hidden Fields.

224

(I) What is the use of @ OutputCache directive in ASP.NET?

It is basically used for caching. See more for Caching chapter.

(B) How can we create custom controls in ASP.NET ?

User controls are created using .ASCX in ASP.NET. After .ASCX file is created you need

to two things in order that the ASCX can be used in project:.

√ Register the ASCX control in page using the <%@ Register directive. Example

<%@ Register tagprefix=”Accounting” Tagname=”footer” src=”Footer.ascx” %>

√ Now to use the above accounting footer in page you can use the below directive.

<Accounting:footer runat=”server” />

(B) How many types of validation controls are provided by

ASP.NET ?

There are six main types of validation controls :-

RequiredFieldValidator

It checks whether the control have any value. It’s used when you want the control should

not be empty.

RangeValidator

It checks if the value in validated control is in that specific range. Example

TxtCustomerCode should not be more than eight length.

CompareValidator

It checks that the value in controls should match the value in other control. Example

Textbox TxtPie should be equal to 3.14.

RegularExpressionValidator

When we want the control value should match with a specific regular expression.

225

CustomValidator

It is used to define UserDefined validation.

ValidationSummary

It displays summary of all current validation errors.

Note:- It’s rare that some one will ask step by step all the validation controls. Rather they

will ask for what type of validation which validator will be used. Example in one of the

interviews i was asked how you display summary of all errors in the validation control…So

there goes the last one Validation summary.

(B) Can you explain what is “AutoPostBack” feature in

ASP.NET ?

If we want the control to automatically postback in case of any event, we will need to

check this attribute as true. Example on a ComboBox change we need to send the event

immediately to the server side then set the “AutoPostBack” attribute to true.

(B) How can you enable automatic paging in DataGrid ?

Following are the points to be done in order to enable paging in Datagrid :-

√ Set the “AllowPaging” to true.

√ In PageIndexChanged event set the current pageindex clicked.

Note:- The answers are very short, if you have implemented practically its just a revision.

If you are fresher just make sample code using Datagrid and try to implement this

functionality.

(B) What’s the use of “GLOBAL.ASAX” file ?

It allows to executing ASP.NET application level events and setting application-level

variables.

(B) What is the difference between “Web.config” and

“Machine.Config” ?

226

“Web.config” files apply settings to each web application, while “Machine.config” file

apply settings to all ASP.NET applications.

(B) What is a SESSION and APPLICATION object ?

Session object store information between HTTP requests for a particular user, while

application object are global across users.

(A) What is the difference between Server.Transfer and

response.Redirect ?

Following are the major differences between them:-

√ Response.Redirect sends message to the browser saying it to move to some

different page, while server.transfer does not send any message to the browser

but rather redirects the user directly from the server itself. So in server.transfer

there is no round trip while response.redirect has a round trip and hence puts

a load on server.

√ Using Server.Transfer you can not redirect to a different from the server itself.

Example if your server is http://www.yahoo.com you can use server.transfer to move

to http://www.microsoft.com but yes you can move to http://www.yahoo.com/travels, i.e.

within websites. This cross server redirect is possible only using

Response.redirect.

√ With server.transfer you can preserve your information. It has a parameter

called as “preserveForm”. So the existing query string etc. will be able in the

calling page. In response.redirect you can maintain the state, but has

lot of drawbacks.

If you are navigating within the same website use “Server.transfer” or else go for

“response.redirect()”

(A)What is the difference between Authentication and

authorization?

This can be a tricky question. These two concepts seem altogether similar but there is

wide range of difference. Authentication is verifying the identity of a user and authorization

is process where we check does this identity have access rights to the system. In short we

227

can say the following authentication is the process of obtaining some sort of credentials

from the users and using those credentials to verify the user’s identity. Authorization is

the process of allowing an authenticated user access to resources. Authentication always

proceed to Authorization; even if your application lets anonymous users connect and use

the application, it still authenticates them as being anonymous.

(I) What is impersonation in ASP.NET ?

By default, ASP.NET executes in the security context of a restricted user account on the

local machine. Sometimes you need to access network resources such as a file on a shared

drive, which requires additional permissions. One way to overcome this restriction is to

use impersonation. With impersonation, ASP.NET can execute the request using the

identity of the client who is making the request, or ASP.NET can impersonate a specific

account you specify in web.config.

(B) Can you explain in brief how the ASP.NET authentication

process works?

ASP.NET does not run by itself, it runs inside the process of IIS. So there are two

authentication layers which exist in ASP.NET system. First authentication happens at

the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file.

Below is how the whole process works:-

√ IIS first checks to make sure the incoming request comes from an IP address

that is allowed access to the domain. If not it denies the request.

√ Next IIS performs its own user authentication if it is configured to do so. By

default IIS allows anonymous access, so requests are automatically

authenticated, but you can change this default on a per – application basis

with in IIS.

√ If the request is passed to ASP.net with an authenticated user, ASP.net checks

to see whether impersonation is enabled. If impersonation is enabled, ASP.net

acts as though it were the authenticated user. If not ASP.net acts with its own

configured account.

√ Finally the identity from step 3 is used to request resources from the operating

system. If ASP.net authentication can obtain all the necessary resources it

grants the users request otherwise it is denied. Resources can include much

228

more than just the ASP.net page itself you can also use .Net’s code access

security features to extend this authorization step to disk files, Registry keys

and other resources.

(A) What are the various ways of authentication techniques

in ASP.NET?

Selecting an authentication provider is as simple as making an entry in the web.config file

for the application. You can use one of these entries to select the corresponding built in

authentication provider:

√ <authentication mode=”windows”>

√ <authentication mode=”passport”>

√ <authentication mode=”forms”>

√ Custom authentication where you might install an ISAPI filter in IIS that

compares incoming requests to list of source IP addresses, and considers

requests to be authenticated if they come from an acceptable address. In that

case, you would set the authentication mode to none to prevent any of the

.net authentication providers from being triggered.

Windows authentication and IIS

If you select windows authentication for your ASP.NET application, you also have to

configure authentication within IIS. This is because IIS provides Windows authentication.

IIS gives you a choice for four different authentication methods:

Anonymous, basic digest and windows integrated

If you select anonymous authentication, IIS doesn’t perform any authentication, Any one

is allowed to access the ASP.NET application.

If you select basic authentication, users must provide a windows username and password

to connect. How ever this information is sent over the network in clear text, which makes

basic authentication very much insecure over the internet.

If you select digest authentication, users must still provide a windows user name and

password to connect. However the password is hashed before it is sent across the network.

229

Digest authentication requires that all users be running Internet Explorer 5 or later and

that windows accounts to stored in active directory.

If you select windows integrated authentication, passwords never cross the network.

Users must still have a username and password, but the application uses either the Kerberos

or challenge/response protocols authenticate the user. Windows-integrated authentication

requires that all users be running internet explorer 3.01 or later Kerberos is a network

authentication protocol. It is designed to provide strong authentication for client/server

applications by using secret-key cryptography. Kerberos is a solution to network security

problems. It provides the tools of authentication and strong cryptography over the network

to help to secure information in systems across entire enterprise

Passport authentication

Passport authentication lets you to use Microsoft’s passport service to authenticate users

of your application. If your users have signed up with passport, and you configure the

authentication mode of the application to the passport authentication, all authentication

duties are off-loaded to the passport servers.

Passport uses an encrypted cookie mechanism to indicate authenticated users. If users

have already signed into passport when they visit your site, they’ll be considered

authenticated by ASP.NET. Otherwise they’ll be redirected to the passport servers to log

in. When they are successfully log in, they’ll be redirected back to your site

To use passport authentication you have to download the Passport Software Development

Kit (SDK) and install it on your server. The SDK can be found at http://

msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps. It includes

full details of implementing passport authentication in your own applications.

Forms authentication

Forms authentication provides you with a way to handle authentication using your own

custom logic with in an ASP.NET application. The following applies if you choose forms

authentication.

√ When a user requests a page for the application, ASP.NET checks for the

presence of a special session cookie. If the cookie is present, ASP.NET assumes

the user is authenticated and processes the request.

230

√ If the cookie isn’t present, ASP.NET redirects the user to a web form you

provide

You can carry out whatever authentication, it check’s you like it checks your form. When

the user is authenticated, you indicate this to ASP.NET by setting a property, which

creates the special cookie to handle subsequent requests.

(A)How does authorization work in ASP.NET?

ASP.NET impersonation is controlled by entries in the applications web.config file. The

default setting is “no impersonation”. You can explicitly specify that ASP.NET shouldn’t

use impersonation by including the following code in the file

<identity impersonate=”false”/>

It means that ASP.NET will not perform any authentication and runs with its own

privileges. By default ASP.NET runs as an unprivileged account named ASPNET. You

can change this by making a setting in the processModel section of the machine.config

file. When you make this setting, it automatically applies to every site on the server. To

user a high-privileged system account instead of a low-privileged set the userName attribute

of the processModel element to SYSTEM. Using this setting is a definite security risk, as

it elevates the privileges of the ASP.NET process to a point where it can do bad things to

the operating system.

When you disable impersonation, all the request will run in the context of the account

running ASP.NET: either the ASPNET account or the system account. This is true when

you are using anonymous access or authenticating users in some fashion. After the user

has been authenticated, ASP.NET uses its own identity to request access to resources.

The second possible setting is to turn on impersonation.

<identity impersonate =”true”/>

In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous

access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account

that IIS itself uses. If you aren’t allowing anonymous access,ASP.NET will take on the

credentials of the authenticated user and make requests for resources as if it were that

user. Thus by turning impersonation on and using a non-anonymous method of

authentication in IIS, you can let users log on and use their identities within your ASP.NET

application.

Finally, you can specify a particular identity to use for all authenticated requests

231

<identity impersonate=”true” username=”DOMAIN\username” password=”password”/

> 

With this setting, all the requests are made as the specified user (Assuming the password

it correct in the configuration file). So, for example you could designate a user for a single

application, and use that user’s identity every time someone authenticates to the

application. The drawback to this technique is that you must embed the user’s password

in the web.config file in plain text. Although ASP.NET won’t allow anyone to download

this file, this is still a security risk if anyone can get the file by other means.

(B)What’s difference between Datagrid, Datalist and repeater

?

A Datagrid, Datalist and Repeater are all ASP.NET data Web controls.

They have many things in common like DataSource Property, DataBind Method

ItemDataBound and ItemCreated.

When you assign the DataSource Property of a Datagrid to a DataSet then each DataRow

present in the DataRow Collection of DataTable is assigned to a corresponding

DataGridItem and this is same for the rest of the two controls also. But The HTML code

generated for a Datagrid has an HTML TABLE <ROW> element created for the particular

DataRow and its a Table form representation with Columns and Rows.

For a Datalist its an Array of Rows and based on the Template Selected and the

RepeatColumn Property value We can specify how many DataSource records should

appear per HTML <table> row. In short in datagrid we have one record per row, but in

datalist we can have five or six rows per row.

For a Repeater Control, the Datarecords to be displayed depends upon the Templates

specified and the only HTML generated is the due to the Templates.

In addition to these, Datagrid has a in-built support for Sort, Filter and paging the Data,

which is not possible when using a DataList and for a Repeater Control we would require

to write an explicit code to do paging.

232

(A)From performance point of view how do they rate ?

Repeater is fastest followed by Datalist and finally datagrid.

(B)What is the method to customize columns in DataGrid?

Use the template column.

(B)How can we format data inside DataGrid?

Use the DataFormatString property.

(A) How to decide on the design consideration to take a

Datagrid, datalist or repeater ?

Many make a blind choice of choosing datagrid directly, but that’s not the right way.

Datagrid provides ability to allow the end-user to sort, page, and edit its data. But it

comes at a cost of speed. Second the display format is simple that is in row and columns.

Real life scenarios can be more demanding that

With its templates, the DataList provides more control over the look and feel of the

displayed data than the DataGrid. It offers better performance than datagrid

Repeater control allows for complete and total control. With the Repeater, the only HTML

emitted are the values of the databinding statements in the templates along with the

HTML markup specified in the templates—no “extra” HTML is emitted, as with the

DataGrid and DataList. By requiring the developer to specify the complete generated

HTML markup, the Repeater often requires the longest development time. But repeater

does not provide editing features like datagrid so everything has to be coded by programmer.

However, the Repeater does boast the best performance of the three data Web controls.

Repeater is fastest followed by Datalist and finally datagrid.

(B) Difference between ASP and ASP.NET?

ASP.NET new feature supports are as follows :-

Better Language Support

√ New ADO.NET Concepts have been implemented.

233

√ ASP.NET supports full language (C#, VB.NET, C++) and not simple scripting

like VBSCRIPT..

Better controls than ASP

√ ASP.NET covers large set’s of HTML controls..

√ Better Display grid like Datagrid, Repeater and datalist.Many of the display

grids have paging support.

Controls have events support

√ All ASP.NET controls support events.

√ Load, Click and Change events handled by code makes coding much simpler

and much better organized.

Compiled Code

The first request for an ASP.NET page on the server will compile the ASP.NET code and

keep a cached copy in memory. The result of this is greatly increased performance.

Better Authentication Support

ASP.NET supports forms-based user authentication, including cookie management and

automatic redirecting of unauthorized logins. (You can still do your custom login page

and custom user checking).

User Accounts and Roles

ASP.NET allows for user accounts and roles, to give each user (with a given role) access

to different server code and executables.

High Scalability

√ Much has been done with ASP.NET to provide greater scalability.

√ Server to server communication has been greatly enhanced, making it possible

to scale an application over several servers. One example of this is the ability

to run XML parsers, XSL transformations and even resource hungry session

objects on other servers.

Easy Configuration

234

√ Configuration of ASP.NET is done with plain text files.

√ Configuration files can be uploaded or changed while the application is running.

No need to restart the server. No more metabase or registry puzzle.

Easy Deployment

No more server restart to deploy or replace compiled code. ASP.NET simply redirects all

new requests to the new code.

(A) What are major events in GLOBAL.ASAX file ?

The Global.asax file, which is derived from the HttpApplication class, maintains a pool

of HttpApplication objects, and assigns them to applications as needed. The Global.asax

file contains the following events:

Application_Init: Fired when an application initializes or is first called. It is invoked for

all HttpApplication object instances.

Application_Disposed: Fired just before an application is destroyed. This is the ideal

location for cleaning up previously used resources.

Application_Error: Fired when an unhandled exception is encountered within the

application.

Application_Start: Fired when the first instance of the HttpApplication class is created.

It allows you to create objects that are accessible by all HttpApplication instances.

Application_End: Fired when the last instance of an HttpApplication class is destroyed.

It is fired only once during an application’s lifetime.

Application_BeginRequest: Fired when an application request is received. It is the first

event fired for a request, which is often a page request (URL) that a user enters.

Application_EndRequest: The last event fired for an application request.

Application_PreRequestHandlerExecute: Fired before the ASP.NET page framework

begins executing an event handler like a page or Web service.

Application_PostRequestHandlerExecute: Fired when the ASP.NET page framework has

finished executing an event handler.

Applcation_PreSendRequestHeaders: Fired before the ASP.NET page framework sends

HTTP headers to a requesting client (browser).

235

Application_PreSendContent: Fired before the ASP.NET page framework send content

to a requesting client (browser).

Application_AcquireRequestState: Fired when the ASP.NET page framework gets the

current state (Session state) related to the current request.

Application_ReleaseRequestState: Fired when the ASP.NET page framework completes

execution of all event handlers. This results in all state modules to save their current state

data.

Application_ResolveRequestCache: Fired when the ASP.NET page framework completes

an authorization request. It allows caching modules to serve the request from the cache,

thus bypassing handler execution.

Application_UpdateRequestCache: Fired when the ASP.NET page framework completes

handler execution to allow caching modules to store responses to be used to handle

subsequent requests.

Application_AuthenticateRequest: Fired when the security module has established the

current user’s identity as valid. At this point, the user’s credentials have been validated.

Application_AuthorizeRequest: Fired when the security module has verified that a user

can access resources.

Session_Start: Fired when a new user visits the application Web site.

Session_End: Fired when a user’s session times out, ends, or they leave the application

Web site.

Note :- During interview you do not have to really cram all these events. But just keep the

basic events in mind

(A) What order they are triggered ?

They’re triggered in the following order:

Application_BeginRequest

Application_AuthenticateRequest

Application_AuthorizeRequest

Application_ResolveRequestCache

Application_AcquireRequestState

236

Application_PreRequestHandlerExecute

Application_PreSendRequestHeaders

Application_PreSendRequestContent

<<code is executed>>

Application_PostRequestHandlerExecute

Application_ReleaseRequestState

Application_UpdateRequestCache

Application_EndRequest.

(I) Do session use cookies ?

Twist:- How can we make session to not to use cookies ?

Left to the user, you will enjoy to find this answer.

(I)How can we force all the validation control to run ?

Page.Validate

(B)How can we check if all the validation control are valid

and proper ?

Using the Page.IsValid() property you can check whether all the validation are done.

(A)If client side validation is enabled in your Web page, does

that mean server side code is not run?

When client side validation is enabled server emit’s JavaScript code for the custom

validators. But note that does not mean that server side checks on custom validators do

not execute. It does this redundant check two times as some of the validators do not

support client side scripting.

(A)Which JavaScript file is referenced for validating the

validators at the client side ?

237

WebUIValidation.js javascript file installed at “aspnet_client” root IIS directory is used

to validate the validation controls at the client side

(B)How to disable client side script in validators?

Set EnableClientScript to false.

(A)How can I show the entire validation error message in a

message box on the client side?

In validation summary set “ShowMessageBox” to true.

(B)You find that one of your validation is very complicated

and does not fit in any of the validators, what will you do ?

Best is to go for CustomValidators. Below is a sample code for a custom validator which

checks that a textbox should not have zero value

<asp:CustomValidator id=”CustomValidator1″ runat=”server”

ErrorMessage=”Number not divisible by Zero”

ControlToValidate=”txtNumber”

OnServerValidate=”ServerValidate”

ClientValidationFunction=”CheckZero” /><br>

Input:

<asp:TextBox id=”txtNumber” runat=”server” />

<script language=”javascript”>

<!–

function CheckZero(source, args) {

int val = parseInt(args.Value, 10);

if (value==0) {

args.IsValid = false;

}

238

else {

args.IsValid = true;

}

}

// –>

</script>

(A)What is Tracing in ASP.NET ?

Tracing allows us to view how the code was executed in detail.

(A) How do we enable tracing ?

<%@ Page Trace=”true” %>

(I)What exactly happens when ASPX page is requested from

Browser?

Note: – Here the interviewer is expecting complete flow of how an ASPX page is processed

with respect to IIS and ASP.NET engine.

Following are the steps which occur when we request a ASPX page :-

√ The browser sends the request to the webserver. Let us assume that the

webserver at the other end is IIS.

√ Once IIS receives the request he looks on which engine can serve this request.

When I mean engine means the DLL who can parse this page or compile and

send a response back to browser. Which request to map to is decided by file

extension of the page requested.

Depending on file extension following are some mapping

√ .aspx, for ASP.NET Web pages,

√ .asmx, for ASP.NET Web services,

√ .config, for ASP.NET configuration files,

√ .ashx, for custom ASP.NET HTTP handlers,

239

√ .rem, for remoting resources

√ Etc

You can also configure the extension mapping to which engine can route by using the IIS

engine.

Figure: – 7.1 Following screen shows some IIS mappings

Example an ASP page will be sent to old classic ASP.DLL to compile. While .ASPX

pages will be routed to ASP.NET engine for compilation.

240

√ As this book mainly will target ASP.NET we will look in to how ASP.NET

pages that is ASPX pages generation sequence occurs. Once IIS passes the

request to ASP.NET engine page has to go through two section HTTP module

section and HTTP handler section. Both these section have there own work

to be done in order that the page is properly compiled and sent to the IIS.

HTTP modules inspect the incoming request and depending on that they can

change the internal workflow of the request. HTTP handler actually compiles

the page and generates output. If you see your machine.config file you will see

following section of HTTP modules

<httpModules>

<add name=”OutputCache” type=”System.Web.Caching.OutputCacheModule” />

<add name=”Session” type=”System.Web.SessionState.SessionStateModule” />

<add name=”WindowsAuthentication”

type=”System.Web.Security.WindowsAuthenticationModule” />

<add name=”FormsAuthentication”

type=”System.Web.Security.FormsAuthenticationModule” />

<add name=”PassportAuthentication”

type=”System.Web.Security.PassportAuthenticationModule” />

<add name=”UrlAuthorization”

type=”System.Web.Security.UrlAuthorizationModule” />

<add name=”FileAuthorization”

type=”System.Web.Security.FileAuthorizationModule” />

<add name=”ErrorHandlerModule” type=”System.Web.Mobile.ErrorHandlerModule,

System.Web.Mobile, Version=1.0.5000.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” /

> 

</httpModules>

The above mapping will show which functionality is handled by which Namespace.

Example FormsAthuentication is handled by “System.Web.

241

Security.FormsAuthenticationModule”. If you look at the web.config section HTTP module

is where authentication and authorization happens.

Ok now the HTTP handler is where the actual compilation takes place and the output is

generated. Following is a paste from HTTP handler section of WEB.CONFIG file.

<httpHandlers>

<add verb=”*” path=”*.vjsproj” type=”System.Web.HttpForbiddenHandler” />

<add verb=”*” path=”*.java” type=”System.Web.HttpForbiddenHandler” />

<add verb=”*” path=”*.jsl” type=”System.Web.HttpForbiddenHandler” />

<add verb=”*” path=”trace.axd” type=”System.Web.Handlers.TraceHandler” />

<add verb=”*” path=”*.aspx” type=”System.Web.UI.PageHandlerFactory” />

<add verb=”*” path=”*.ashx” type=”System.Web.UI.SimpleHandlerFactory” />

…

</httpHandlers>

√ Depending on the File extension handler decides which Namespace will

generate the output. Example all .ASPX extension files will be compiled by

System.Web.UI.PageHandlerFactory

√ Once the file is compiled it will be send back again to the HTTP modules and

from there to IIS and then to the browser.

242

Figure :- 7.2 IIS flow from various sections.

(B)How can we kill a user session ?

Session.abandon

243

(I)How do you upload a file in ASP.NET ?

I will leave this to the readers … Just a hint we have to use System.Web.HttpPostedFile

class.

(I)How do I send email message from ASP.NET ?

ASP.NET provides two namespaces System.WEB.mailmessage classand

System.Web.Mail.Smtpmail class. Just a small homework create a Asp.NET project and

send a email at shiv_koirala@yahoo.com. Do not Spam.

(A)What are different IIS isolation levels?

IIS has three level of isolation:-

LOW (IIS process):- In this main IIS process and ASP.NET application run in same process.

So if any one crashes the other is also affected. Example let’s say (well this is not possible)

I have hosted yahoo, hotmail .amazon and google on a single PC. So all application and

the IIS process runs on the same process. In case any website crashes it affects every one.

Figure: – 7.3 LOW IIS process scenario

Medium (Pooled):- In Medium pooled scenario the IIS and web application run in different

process. So in this case there are two processes process1 and process2. In process1 the IIS

process is running and in process2 we have all Web application running.

244

Figure: – 7.4 Medium pooled scenario

High (Isolated):-In high isolated scenario every process is running is there own process. In

below figure there are five processes and every one handling individual application. This

consumes heavy memory but has highest reliability.

245

Figure: – 7.5 High isolation scenario

(A)ASP used STA threading model, what is the threading

model used for ASP.NET ?

ASP.NET uses MTA threading model.

(A)What is the use of <%@ page aspcompat=true %>

attribute ?

This attribute works like a compatibility option. As mentioned before ASP worked in

STA model and ASP.NET works in MTA model, but what if your ASP.NET application

is using a VB COM component. In order that VB COM runs properly in ASP.NET threading

model we have to set attribute. After defining the ASPCOMPAT directive attribute

ASP.NET pages runs in STA model thus building the compatibility between ASP.NET

and old COM components that does not support MTA model.

246

(B)Explain the differences between Server-side and Clientside

code?

Server side code is executed at the server side on IIS in ASP.NET framework, while

client side code is executed on the browser.

(I)Can you explain Forms authentication in detail ?

In old ASP if you where said to create a login page and do authentication you have to do

hell lot of custom coding. But now in ASP.NET that’s made easy by introducing Forms

authentication. So let’s see in detail what form authentication is.

Forms authentication uses a ticket cookie to see that user is authenticated or not. That

means when user is authenticated first time a cookie is set to tell that this user is

authenticated. If the cookies expire then Forms authentication mechanism sends the user

to the login page.

Following are the steps which defines steps for Forms authentication :-

√ Configure Web.config file with forms authentication. As shown below in the

config file you can see we have give the cookie name and loginurl page.

<configuration>

<system.web>

<!– Other settings omitted. –>

<authentication mode=”Forms”>

<forms name=”logincookies”

loginUrl=”login.aspx”

protection=”All”

timeout=”30″

path=”/” />

</authentication>

</system.web>

</configuration>

247

√ Remove anonymous access to the IIS web application, following are changes

done to web.config file.

<configuration>

<system.web>

<!– Other settings omitted. –>

<authorization>

<deny users=”?” />

</authorization>

</system.web>

</configuration>

√ Create the login page which will accept user information. You will have create

your login page that is the Login.aspx which will actually take the user data.

√ Finally a Small coding in the login button.

Let us assume that the login page has two textboxes Txtname and txtapssword.

Also import System.Web.Security and put the following code in login button

of the page.

If Page.IsValid Then

If FormsAuthentication.Authenticate(txtName.Text, txtPassword.Text) Then

FormsAuthentication.RedirectFromLoginPage(txtName.Text, False)

Else

lblStatus.Text = “Error not proper user”

End If

End If

248

(A)How do I sign out in forms authentication ?

FormsAuthentication.Signout()

(A)If cookies are not enabled at browser end does form

Authentication work?

No, it does not work.

(A)How to use a checkbox in a datagrid?

Twist :- How can I track event in checkbox which is one of the columns of a datagrid ?

Note: – This is normally asked when the interviewer want to see that have you really

worked practically on a project.

Following are the steps to be done :-

√ In ASPX page you have to add Itemtemplate tag in datagrid.

<ItemTemplate>

<asp:CheckBox id=”CheckBox1″ runat=”server” AutoPostBack=”True”

OnCheckedChanged=”Check_Clicked”></asp:CheckBox>

</ItemTemplate>

√ If you look at the Itemtemplate we have “OnCheckChanged” event. This

“OnCheckChanged” event has “Check_Clicked” subroutine is actually in

behind code. Note this method which is in behind code should either be

“protected” or “public”

√ Following below is the subroutine which defines the method

Protected Sub Check_Clicked(ByVal sender As Object, ByVal e As EventArgs)

‘ do something

End Sub

The above steps should be defined in short to the interviewer which will give a quick

feeling of your practical experience with ASP.NET

249

(I)What are the steps to create a windows service in VB.NET

?

Windows Services are long-running executable applications that run in its own Windows

session, which then has the ability to start automatically when the computer boots and

also can be manually paused, stopped or even restarted.

Following are the steps to create a service :-

√ Create a project of type “Windows Service”.

Figure 7.6 :- Create project for Windows Service

√ If you see the class created it is automatically inheriting from

“System.ServiceProcess.ServiceBase”.

250

√ You can override the following events provided by service and write your

custom code. All the three main events can be used that is Start, stop and

continue.

protected override void OnStart(string[] args)

{

}

protected override void OnStop()

{

}

protected override void OnContinue()

{

}

√ Now to install the service you need to do run the install util exe.

InstallUtil <Project Path>\BIN\MyNewService.exe

(A) What is the difference between “Web farms” and “Web

garden”?

“Web farms” are used to have some redundancy to minimize failures. It consists of two or

more web server of the same configuration and they stream the same kind of contents.

When any request comes there is switching / routing logic which decides which web

server from the farm handles the request. For instance we have two servers “Server1”

and “Server2” which have the same configuration and content. So there is a special switch

which stands in between these two servers and the users and routes the request accordingly.

251

Figure 7.7 : – Web Farm in action

Above figure explains in detail how web farm work. You can see there is a router in

between which takes a request and sees which one of the server is least loaded and

forwards the request to that server. So for request1 it route’s server1, for request2 it

routes server2, for request3 it routes to server3 and final request4 is routed to server4. So

you can see because we have web farm at place server1 and server2 are loaded with two

request each rather than one server loading to full. One more advantage of using this

kind of architecture is if one of the servers goes down we can still run with the other

server thus having 24×7 uptime.

The routing logic can be a number of different options:-

√ Round-robin: Each node gets a request sent to it “in turn”. So, server1 gets a request,

then server2 again, then server1, then server2 again. As shown in the above figure.

252

√ Least Active: Whichever node show to have the lowest number of current connects

gets new connects sent to it. This is good to help keep the load balanced between

the server nodes.

√ Fastest Reply: Whichever node replies faster is the one that gets new requests. This

is also a good option – especially if there are nodes that might not be “equal” in

performance. If one performs better than the other, then send more requests

there rather than which is moving slowly?

Before we try to understand what a web garden is let’s try to understand how IIS handles

processes. All requests to IIS are routed to “aspnet_wp.exe” for IIS 5.0 and “w3wp.exe”

for IIS 6.0. In normal case i.e. with out web garden we have one worker process instance

(“aspnet_wp.exe” / “w3wp.exe”) across all requests. This one instance of worker process

uses the CPU processor as directed by the operating system.

Figure 7.8 : – With out Web Garden

253

But when we enable web garden for a web server it creates different instances of the

worker process and each of these worker process runs on different CPU. You can see in

the below diagram we have different worker process instances created which run on

different CPU’s.

Figure 7.9 : – With Web Garden

In short we can define a model in which multiple processes run on multiple CPUs in a

single server machine are known as a Web garden.

(A) How do we configure “WebGarden”?

“Web garden” can be configured by using process model settings in “machine.config” or

“Web.config” file. The configuration section is named <processModel> and is shown in

254

the following example. The process model is enabled by default (enable=”true”). Below

is the snippet from config file.

<processModel

enable=”true”

timeout=”infinite”

idleTimeout=”infinite”

shutdownTimeout=”0:00:05″

requestLimit=”infinite”

requestQueueLimit=”5000″

memoryLimit=”80″

webGarden=”false”

cpuMask=”12″

userName=””

password=””

logLevel=”errors”

clientConnectedCheck=”0:00:05″

/>

From the above processmodel section for web garden we are concerned with only two

attributes “webgarden” and “cpuMask”.

webGarden :- Controls CPU affinity. True indicates that processes should be affinitized

to the corresponding CPU. The default is False.

cpuMask:- Specifies which processors on a multiprocessor server are eligible to run

ASP.NET processes. The cpuMask value specifies a bit pattern that indicates the CPUs

eligible to run ASP.NET threads. ASP.NET launches one worker process for each eligible

CPU. If webGarden is set to false, cpuMask is ignored and only one worker process will

run regardless of the number of processors in the machine. If webGarden is set to true,

ASP.NET launches one worker process for each CPU that corresponds to a set bit in

cpuMask. The default value of cpuMask is 0xffffffff.

255

Below are detail steps of how to implement web garden

√ click Start and then click Run.

√ type calc.exe and then click OK.

√ Goto View menu, click Scientific.

√ Goto View menu, click Binary.

√ Use 0 and 1 to specify the processors ASP.NET can or cannot use.

Use 1 for the processor that you want to use for ASP.NET. Use 0 for the processor that

you do not want to use for ASP.NET. For example, if you want to use the first two

processors for ASP.NET of a four-processor computer, type 1100.

√ On the View menu, click Decimal. Note the decimal number.

√ Open the Web.config or machine.config file in a text editor such as Notepad. The

Web.config file is located in the folder where the application is saved.

√ In the Web.config file, add the processModel configuration element under the

System.web element. Before adding <processModel> to Web.config file, the user

has to make sure that the allowDefinition attribute in the <processModel> section o f

the Web.config file is set to everywhere.

√ Add and then set the webGarden attribute of the processModel element to True.

√ Add and then set the cpuMask attribute of the processModel element to the result

that is determined in your calculation.

Do not preface the number with 0x because the result of the calculation is a decimal

number. The following example demonstrates the processModel element that is configured

to enable only the first two processors of a four-processor computer.

<processModel

enable=”true”

webGarden=”true”

cpuMask=”12″ />

Save the Web.config file. The ASP.NET application automatically restarts and uses only

the specified processors.

256

(B)What is the main difference between Gridlayout and

FlowLayout ?

GridLayout provides absolute positioning for controls placed on the page. Developers

that have their roots in rich-client development environments like Visual Basic will find

it easier to develop their pages using absolute positioning, because they can place items

exactly where they want them. On the other hand, FlowLayout positions items down the

page like traditional HTML. Experienced Web developers favor this approach because it

results in pages that are compatible with a wider range of browsers.

If you look in to the HTML code created by absolute positioning you can notice lot of

DIV tags. While in Flow layout you can see more of using HTML table to position elements

which is compatible with wide range of browsers