vijay

welcome Netizen

Share Your Knowledge.It is a way to achieve immortality

Sunday, July 21, 2013

ASP.Net Interview Questions Part 2



Passport Authentication-

What is Passport Authentication?
Passport authentication identifies users via Microsoft Passport’s single sign-on service. Microsoft Passport is meant to provide Internet users with a single identity that they can use to visit a wide variety of Web sites that require authentication. Information about the user is available to your application through a profile that is stored with Microsoft.

What are the advantages of Passport authentication?
The advantages of Passport authentication are that the user doesn’t have to remember separate user names and passwords for various Web sites and that the user can maintain his or her profile information in a single location. Passport authentication also provides access to other Microsoft services, such as Passport Express Purchase.

What is passport software development kit (passport SDK)?
To use Passport authentication in your Web application, you must install the Passport SDK. The Passport SDK is free for preproduction development and testing. To deploy a site for public use, you must obtain an annual license from Microsoft.

How does Passport authentication work?
When a user accesses an application that implements Passport authentication, ASP.NET checks the user’s machine for a current passport authentication cookie. If none is found, ASP.NET directs the user to a Passport sign-on page. Once the user signs in, the Passport service authenticates the user, stores an authentication cookie on the user’s computer, and directs the user back to the originally requested Web page.

What are the steps to follow to use Passport authentication?
1. Install the Passport SDK. Passport is not included with Visual Studio, although the .NET Framework does include classes for working with the Passport SDK once it is installed.
2. Set the application’s authentication mode to Passport in Web.config. Set authorization to deny unauthenticated users.
3. Use the PassportAuthentication_OnAuthenticate event to access the user’s Passport profile to identify and authorize the user.
4. Implement a sign-out procedure to remove Passport cookies from the user’s machine.

Where is PassportAuthentication_OnAuthenticate event present?
PassportAuthentication_OnAuthenticate event is present in Global.asax.


Forms Authentication-

What is the advantage of using Forms authentication?
The advantage of using Forms authentication is that users do not have to be member of a domain-based network to have access to your application. Another advantage is that many Web applications, particularly commercial sites where customers order products, want to have access to user information. Forms authentication makes these types of applications easier to create.

List the steps to use Forms authentication in a web application?
1.Set the authentication mode in Web.config to Forms.
2.Create a Web form to collect logon information.
3.Create a file or database to store user names and passwords.
4.Write code to add new users to the user file or database.
5.Write code to authenticate users against the user file or database.

What happens when someone accesses a Web application that uses Forms authentication?
When someone accesses a Web application that uses Forms authentication, ASP.NET displays the logon Web form specified in Web.config. Once a user is authorized, ASP.NET issues an authorization certificate in the form of a cookie that persists for an amount of time specified by the authentication settings in Web.config.

What is the difference between Windows authentication and Forms authentication?
The difference between Windows authentication and Forms authentication is that in Forms authentication your application performs all the authentication and authorization tasks. You must create Web forms and write code to collect user names and passwords and to check those items against a list of authorized users.

What is the use of mode attribute in authentication element in a web.config file?
You use the mode attribute to specify the type of authentication your web application is using. Set the mode attribute to forms to enable Forms authentication.

What is the use of name attribute and loginUrl attribute of a forms element in a web.config file?
Name attribute of forms element is used to set the name of the cookie in which to store the user’s credential. The default is .authaspx. If more than one application on the server is using Forms authentication, you need to specify a unique cookie name for each application.
loginUrl attribute of forms element is used to set the name of the Web form to display if the user has not already been authenticated. If omitted, the default is Default.aspx.

What is protection attribute in a forms element used for in web.config file?
The protection attribute of a forms element of web.config file is used for setting how ASP.NET protects the authentication cookie stored on the user’s machine. The default is All, which performs encryption and data validation. Other possible settings are Encryption, Validation, and None.

What is timeout attribute in a forms element used for in web.config file?
Timeout attribute is used to set the number of minutes the authentication cookie persists on the user’s machine. The default is 30, indicating 30 minutes. ASP.NET renews the cookie automatically if it receives a request from the user and more than half of the allotted time has expired.

In which namespace the FormsAuthentication class is present?
System.Web.Security namespace

Which method checks the user name and password against the user list found in the credentials element of Web.config?
The FormsAuthentication class’s Authenticate method checks the user name and password against the user list found in the credentials element of Web.config.

Which method can be used to remove forms authentication cookie?
Use the signout() method of FormsAuthentication class to sign out when the user has finished with the application or when you want to remove the authentication cookie from his or her machine. For example, the following code ends the user’s access to an application and requires him or her to sign back in to regain access
FormsAuthentication.SignOut();

What is the advantage of Authenticating Users with a Database?
You can authenticate users based on a list in Web.config. The FormsAuthentication class’s Authenticate method is set up to read from web.config file automatically. That’s fine if user names and passwords are created and maintained by a system administrator, but if you allow users to create their own user names or change their passwords, you’ll need to store that information outside the Web.config file. This is because changing Web.config at run time causes the Web application to restart, which resets any Application state and Session state variables used by the application.

What are the advantages of storing user names and passwords in a database rather than a file?
You can store user names and passwords in any type of file; however, using a database has the following significant advantages:
1. User names can be used as primary keys to store other information about the user.
2. Databases can provide high performance for accessing user names and passwords.
3. Adding, modifying, and accessing records are standardized through SQL.

Can you encrypt user names and passwords stored in a file or a database?
Yes, you encrypt user names and passwords stored in a file or a database. You can encrypt them using the FormsAuthentication class’s HashPasswordForStoringInConfigFile method. This method uses the SHA1 or MD5 algorithms to encrypt data, as shown below:
Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "SHA1");

Can you change authentication type in a subfolder's web.config file?
Authentication type (Windows, Forms, or Passport) can be set only at the application’s root folder. To change authentication type in a subfolder's web.config file, you must create a new Web application project and application starting point for that subfolder.

How can you control access to subfolders in a web application?
The authorization settings in the Web.config file apply hierarchically within the folder structure of a Web application. For instance, you might want to allow all users access to the root folder of a Web application but restrict access to Web forms (and tasks) available from a subfolder. To do this, set the authentication type in the root folder’s Web.config file, and then use the authorization element in the subfolder’s Web.config file to restrict access.


0 comments:

Post a Comment