Object Relational Modeling Tool(ORM) Comparison Dot Net
http://www.blogger.com/post-create.g?blogID=1264876288197353948
Posts
ASP.NET MVC Best Practices
3 months ago
Friday, October 30, 2009
Thursday, October 22, 2009
An ADO.NET Data Services Tutorial
An ADO.NET Data Services Tutorial
http://www.codeguru.com/csharp/.net/net_wcf/article.php/c16231__1/
http://www.codeguru.com/csharp/.net/net_wcf/article.php/c16231__1/
New Features in Visual Studio 2010 and the .NET Framework 4.0
New Features in Visual Studio 2010 and the .NET Framework 4.0
http://www.codeguru.com/vb/vbnet30/article.php/c15645/
http://www.codeguru.com/vb/vbnet30/article.php/c15645/
Wednesday, October 14, 2009
WCF versioning
MSDN has a set of articles regarding WCF versioning that are good to cast your eyes over.
Service Versioning
Data Contract Versioning
Best Practices: Data Contract Versioning
Collection Types in Data Contracts
Service Versioning
Data Contract Versioning
Best Practices: Data Contract Versioning
Collection Types in Data Contracts
Monday, October 12, 2009
WCF Interview Questions and Answers
Ques 1: What are end points, contract, address and bindings?
Ans: All communication with a Windows Communication Foundation (WCF) service occurs through the endpoints of the service. Endpoints provide clients access to the functionality offered by a WCF service.
Each endpoint consists of four properties:
The Binding is the Microsoft Channel stack that shields the complexities of setting up the communication channel etc
The Contract is what the service conforms to so that the consumer knows how to interact with the service; this is done via an Interface
Ques 2: What are bindings?
Ans: The binding specifies how to communicate with the endpoint. This includes:
Ans: Predefined binding in WCF
Ques 4: What is one way operation?
Ans: The default behavior of a service operation is the request-reply pattern. In a request-reply pattern, the client waits for the reply message, even if the service operation is represented in code as a void method. With a one-way operation, only one message is transmitted. The receiver does not send a reply message, nor does the sender expect one.
WCF has a simple and easy way to define operations that should be made as OneWay.
You do it by setting IsOneWay = true in the OperationContract attribute.
E.g.
[ServiceContract]
public interface IMyServiceOneWay
{
[OperationContract(IsOneWay = true)]
void DoOneWay(bool throwException);
}
The contract contains one operation – DoOneWay which will be invoked in a “OneWay” pattern
General things you should keep in mind about OneWay operations -
1. O/W operations must return void.
2. O/W operations can still yield exceptions. Invoking an operation on the client channel might still throw an exception if it couldn’t transmit the call over to the service.
3. O/W operations can still block. If the service is pumped with messages and a queue had started.
Ques 5: Can you explain duplex contracts in WCF?
Ans : A duplex service contract is a message exchange pattern in which both endpoints can send messages to the other independently. A duplex service, therefore, can send messages back to the client endpoint, providing event-like behavior. Duplex communication occurs when a client connects to a service and provides the service with a channel on which the service can send messages back to the client. Note that the event-like behavior of duplex services only works within a session.
To create a duplex contract you create a pair of interfaces. The first is the service contract interface that describes the operations that a client can invoke. That service contract must specify a callback contract in the System.ServiceModel.ServiceContractAttribute.CallbackContract property. The callback contract is the interface that defines the operations that the service can call on the client endpoint. A duplex contract does not require a session, although the system-provided duplex bindings make use of them.
Ans: All communication with a Windows Communication Foundation (WCF) service occurs through the endpoints of the service. Endpoints provide clients access to the functionality offered by a WCF service.
Each endpoint consists of four properties:
- An address that indicates where the endpoint can be found.
- A binding that specifies how a client can communicate with the endpoint.
- A contract that identifies the operations available.
- A set of behaviors that specify local implementation details of the endpoint.
The Binding is the Microsoft Channel stack that shields the complexities of setting up the communication channel etc
The Contract is what the service conforms to so that the consumer knows how to interact with the service; this is done via an Interface
Ques 2: What are bindings?
Ans: The binding specifies how to communicate with the endpoint. This includes:
- The transport protocol to use (for example, TCP or HTTP).
- The encoding to use for the messages (for example, text or binary).
- The necessary security requirements (for example, SSL or SOAP message security).
Ans: Predefined binding in WCF
| Binding | Interoperability | Security | Sessions | Transactions |
| BasicHttpBinding | Basic Profile 1.1 | None | No | No |
| wsHttpBinding | WS | Message | Optional | Yes |
| wsDualHttpBinding | WS | Message | Yes | Yes |
| wsFederationHttpBinding | Federation | Message | Yes | Yes |
| netTcpBinding | .NET | Transport | Optional | Yes |
| netNamedPipeBinding | .NET | Transport | Yes | Yes |
| netMsmqBinding | .NET | Transport | Yes | Yes |
| netPeerTcpBinding | Peer | Transport | ||
| msmqIntegrationBinding | MSMQ | Transport | Yes | Yes |
Ques 4: What is one way operation?
Ans: The default behavior of a service operation is the request-reply pattern. In a request-reply pattern, the client waits for the reply message, even if the service operation is represented in code as a void method. With a one-way operation, only one message is transmitted. The receiver does not send a reply message, nor does the sender expect one.
WCF has a simple and easy way to define operations that should be made as OneWay.
You do it by setting IsOneWay = true in the OperationContract attribute.
E.g.
[ServiceContract]
public interface IMyServiceOneWay
{
[OperationContract(IsOneWay = true)]
void DoOneWay(bool throwException);
}
The contract contains one operation – DoOneWay which will be invoked in a “OneWay” pattern
General things you should keep in mind about OneWay operations -
1. O/W operations must return void.
2. O/W operations can still yield exceptions. Invoking an operation on the client channel might still throw an exception if it couldn’t transmit the call over to the service.
3. O/W operations can still block. If the service is pumped with messages and a queue had started.
Ques 5: Can you explain duplex contracts in WCF?
Ans : A duplex service contract is a message exchange pattern in which both endpoints can send messages to the other independently. A duplex service, therefore, can send messages back to the client endpoint, providing event-like behavior. Duplex communication occurs when a client connects to a service and provides the service with a channel on which the service can send messages back to the client. Note that the event-like behavior of duplex services only works within a session.
To create a duplex contract you create a pair of interfaces. The first is the service contract interface that describes the operations that a client can invoke. That service contract must specify a callback contract in the System.ServiceModel.ServiceContractAttribute.CallbackContract property. The callback contract is the interface that defines the operations that the service can call on the client endpoint. A duplex contract does not require a session, although the system-provided duplex bindings make use of them.
Friday, October 9, 2009
C# Interview Questions and Answers - Part 3
Ques 21: When should we use structure and when class?
Ans: Structs are always lightweight objects. By that it means they are not created on the CLR heap. They are created on the stack. Its always easy performance wise to create struct variables and to destroy them.
Classes ar3 meant for heavy duty work. Objects in classes are always created on the CLR heap. This means extra overhead of creating the object and maintaining it. All objects are subject to garbage collection whereas struct objects are not.
Use a struct when you want something that behaves like a value type, such as an (i,r) complex number, an (x,y,z) coord or an (A,R,G,B) colour. Otherwise use a class.
Ques 22: What is the difference between Finalize and Dispose (Garbage collection)?
Ans: Class instances often encapsulate control over resources that are not managed by the runtime, such as window handles (HWND), database connections, and so on. Therefore, you should provide both an explicit and an implicit way to free those resources. Provide implicit control by implementing the protected Finalize Method on an object (destructor syntax in C# and the Managed Extensions for C++). The garbage collector calls this method at some point after there are no longer any valid references to the object.
In some cases, you might want to provide programmers using an object with the ability to explicitly release these external resources before the garbage collector frees the object. If an external resource is scarce or expensive, better performance can be achieved if the programmer explicitly releases resources when they are no longer being used. To provide explicit control, implement the Dispose method provided by the IDisposable Interface. The consumer of the object should call this method when it is done using the object. Dispose can be called even if other references to the object are alive.
Note that even when you provide explicit control by way of Dispose, you should provide implicit cleanup using the Finalize method. Finalize provides a backup to prevent resources from permanently leaking if the programmer fails to call Dispose.
Ques 23: How’s method overriding different from overloading?
Ans: When overriding, you change the method behavior for a derived class. Overloading simply involves having a method with the same name within the class.
Ques 24: What does the keyword virtual mean in the method definition?
Ans: The method can be over-ridden.
Ques 25: Can you declare the override method static while the original method is non-static?
Ans: No, you can’t, the signature of the virtual method must remain the same, only the keyword virtual is changed to keyword override.
Ques 26: Can you override private virtual methods?
Ans: No, moreover, you cannot access private methods in inherited classes, have to be protected in the base class to allow any sort of access.
Ques 27: Can you allow class to be inherited, but prevent the method from being over-ridden?
Ans: Yes, just leave the class public and make the method sealed.
Ques 28: Can we declare private methods inside an Interface? Why can’t you specify the accessibility modifier for methods inside the interface?
Ans: No, they all must be public. Therefore, to prevent you from getting the false impression that you have any freedom of choice, you are not allowed to specify any accessibility, its public by default.
Ques 29: How do you initiate a string without escaping each backslash?
Ans: Put @ sign in front of the double-quoted string.
e.g. @“C:\Documents and Settings\Administrator\My Documents”; is equivalent to “C:\\Documents and Settings\\Administrator\\My Documents”.
Ques 30: Describe the accessibility modifier protected internal.
Ans: It’s available to derived classes and classes within the same Assembly (and naturally from the base class it’s declared in).
Ans: Structs are always lightweight objects. By that it means they are not created on the CLR heap. They are created on the stack. Its always easy performance wise to create struct variables and to destroy them.
Classes ar3 meant for heavy duty work. Objects in classes are always created on the CLR heap. This means extra overhead of creating the object and maintaining it. All objects are subject to garbage collection whereas struct objects are not.
Use a struct when you want something that behaves like a value type, such as an (i,r) complex number, an (x,y,z) coord or an (A,R,G,B) colour. Otherwise use a class.
Ques 22: What is the difference between Finalize and Dispose (Garbage collection)?
Ans: Class instances often encapsulate control over resources that are not managed by the runtime, such as window handles (HWND), database connections, and so on. Therefore, you should provide both an explicit and an implicit way to free those resources. Provide implicit control by implementing the protected Finalize Method on an object (destructor syntax in C# and the Managed Extensions for C++). The garbage collector calls this method at some point after there are no longer any valid references to the object.
In some cases, you might want to provide programmers using an object with the ability to explicitly release these external resources before the garbage collector frees the object. If an external resource is scarce or expensive, better performance can be achieved if the programmer explicitly releases resources when they are no longer being used. To provide explicit control, implement the Dispose method provided by the IDisposable Interface. The consumer of the object should call this method when it is done using the object. Dispose can be called even if other references to the object are alive.
Note that even when you provide explicit control by way of Dispose, you should provide implicit cleanup using the Finalize method. Finalize provides a backup to prevent resources from permanently leaking if the programmer fails to call Dispose.
Ques 23: How’s method overriding different from overloading?
Ans: When overriding, you change the method behavior for a derived class. Overloading simply involves having a method with the same name within the class.
Ques 24: What does the keyword virtual mean in the method definition?
Ans: The method can be over-ridden.
Ques 25: Can you declare the override method static while the original method is non-static?
Ans: No, you can’t, the signature of the virtual method must remain the same, only the keyword virtual is changed to keyword override.
Ques 26: Can you override private virtual methods?
Ans: No, moreover, you cannot access private methods in inherited classes, have to be protected in the base class to allow any sort of access.
Ques 27: Can you allow class to be inherited, but prevent the method from being over-ridden?
Ans: Yes, just leave the class public and make the method sealed.
Ques 28: Can we declare private methods inside an Interface? Why can’t you specify the accessibility modifier for methods inside the interface?
Ans: No, they all must be public. Therefore, to prevent you from getting the false impression that you have any freedom of choice, you are not allowed to specify any accessibility, its public by default.
Ques 29: How do you initiate a string without escaping each backslash?
Ans: Put @ sign in front of the double-quoted string.
e.g. @“C:\Documents and Settings\Administrator\My Documents”; is equivalent to “C:\\Documents and Settings\\Administrator\\My Documents”.
Ques 30: Describe the accessibility modifier protected internal.
Ans: It’s available to derived classes and classes within the same Assembly (and naturally from the base class it’s declared in).
ASP.NET Interview Questions and Answers - Part 3
Ques 21: Explain Cookies in .Net?
Ans: Cookie are one of several ways to store data about web site visitors during the time when web server and browser are not connected. Common use of cookies is to remember users between visits. Practically, cookie is a small text file sent by web server and saved by web browser on client machine.
C# Code
// Add this on the beginning of your .cs code file
using System;
// Use this line when you want to save a cookie
Response.Cookies["MyCookieName"].Value = "MyCookieValue";
// How long will cookie exist on client hard disk
Response.Cookies["MyCookieName"].Expires = DateTime.Now.AddDays(1);
// To add multiple key/value pairs in single cookie
Response.Cookies["VisitorData"]["FirstName"] = "Richard";
Response.Cookies["VisitorData"]["LastVisit"] = DateTime.Now.ToString();
HttpCookie Class: HttpCookie class is located in System.Web namespace. You can use HttpCookie class to create and manipulate cookies instead of using of Response and Request objects.
HttpCookie class has these properties:
Domain - Gets or sets domain associated with a cookie. It is often used to limit cookie use to web site sub domain.
Expires - Gets or sets time when cookie expires. After that time cookie is deleted by the browser. The maximum life time for cookie is 365 days. You can increase expiration time every time when visitor visits your web site, but if visitor don't comes for more than 365 days, the cookie will be deleted.
HasKeys - Returns true if cookie has key pairs or false if not. Cookies are not limited to only simple data as strings, but could stores key/values pairs as well.
HttpOnly - Gets or sets a true/false value if cookie is accesible by client side javascript. If value is true, cookie will be accessible only by server side ASP.NET code.
Item - Not necessary, it exists only because it is used in old classic ASP.
Name - A name of a cookie.
Path - Similar like Domain property, path is used to limit a cookie scope to specific URL. For example, to limit using of a cookie to sub folder www.yourdomain.com/forum you need to set Path property to "/forum".
Secure - Would cookies will transmit through HTTPS protocol by using SSL (secure socket layer) connection.
Value - Gets or sets a cookie's value.
Values - Used to get or set key/value pairs in individual cookie.
You can use HttpCookie class to create a cookie or set cookie's properties, like in this example code:
HttpCookie MyGreatCookie = new HttpCookie("MyCookieName");
MyGreatCookie.Value = "Some cookie value";
MyGreatCookie.Expires = DateTime.Now.AddDays(100);
Response.Cookies.Add(MyGreatCookie);
Ques 22: How to read a cookie in ASP.NET
Ans: To read a cookie value, use this:
C# Code
string MyCookieValue;
// We need to perform this check first, to avoid null exception
// if cookie not exists
if(Request.Cookies["MyCookieName"] != null)
MyCookieValue = Request.Cookies["MyCookieName"].Value;
Ques 23: How to delete cookie in ASP.NET
Ans: To delete existing cookie we actually just set its expiration time to some time in the past. You can do it with code like this:
C# Code
// First check if cookie exists
if (Request.Cookies["MyCookieName"] != null)
{
// Set its expiration time somewhere in the past
Response.Cookies["MyCookieName"].Expires = DateTime.Now.AddDays(-1);
}
HttpCookie class is located in System.Web namespace. You can use HttpCookie class to create and manipulate cookies instead of using of Response and Request objects.
Ques 24: Web browser limits for cookies?
Ans: Cookie size is limited to 4096 bytes. It is not much, so cookies are used to store small amounts of data, often just user id.
- Also, number of cookies is limited to 20 per website. If you make new cookie when you already have 20 cookies, browser will delete oldest one.
- Your web site visitor can change browser settings to not accept cookies. In that case you are not able to save and retrieve data on this way! Because of this, it is good to check browser settings before saving a cookie.
- If your visitor blocked cookies in web browser privacy settings, you need to decide do you still want to save that data on some other way (maybe with sessions) or to not save it at all. Anyway, your application must continue to work normally with any browser privacy settings. It is better to not store any sensitive or critical data to cookies. If using of cookies is necessary, you should inform your users with some message like: "Cookies must be enabled to use this application".
Ques 25: How to find does web browser accepts cookies?
Ans: There are two possible cases when your client will not accept cookies:
- Web browser does not support cookies
- Web browser supports cookies, but user disabled that option through a browser's privacy settings.
C# Code
if (Request.Browser.Cookies)
{
// Cookies supported
}
else
{
// Web browser not supports cookies
}
Ques 26: How to check if client web browser not saved a cookie because of its privacy settings
Ans:Code above will tell you does web browser supports cookie technology, but your visitor could disable cookies in web browser's privacy settings. In that case, Request.Browser.Cookies will still return true but your cookies will not be saved. Only way to check client's privacy settings is to try to save a cookie on the first page, and then redirect to second page that will try to read that cookie. You can eventually use the same page to save and read a cookie when perform a testing, but you must use Response.Redirect method after saving and before reading cookies.
Ques 27: Best practices with cookies in ASP.NET
Ans: Cookies are just plain text, so usually are not used to store sensitive informations like passwords without prior encryption. If you want to enable "Remember me" option on web site it is recommended to encrypt a password before it is stored in a cookie. Cookies are often used for data like: when visitor last time loged in, what site color she likes, to keep referer id if we offer affiliate program etc.
Ques 28: Security issues about cookies in ASP.NET
Ans: Because of security reasons, your web application can read only cookies related to your web domain. You can't read cookies related to other web sites. Web browser stores cookies from different sites separately.Cookie is just a plain text file on client's hard disk so it could be changed on different ways outside of your application. Because of that, you need to treat cookie value as potentially dangerous input like any other input from the visitor, including prevention of cross site scripting attacks.
Ques 29:. What is cookie less session? How it works?
Ans: By default, ASP.NET will store the session state in the same process that processes the request, just as ASP does. If cookies are not available, a session can be tracked by adding a session identifier to the URL. This can be enabled by setting the following:
Ques 30: What is the difference between Web User Control and Web Custom Control?
Ans: Web custom controls are compiled components that run on the server and that encapsulate user-interface and other related functionality into reusable packages. They can include all the design-time features of standard ASP.NET server controls, including full support for Visual Studio design features such as the Properties window, the visual designer, and the Toolbox.
There are several ways that you can create Web custom controls:
- You can compile a control that combines the functionality of two or more existing controls. For example, if you need a control that encapsulates a button and a text box, you can create it by compiling the existing controls together.
- If an existing server control almost meets your requirements but lacks some required features, you can customize the control by deriving from it and overriding its properties, methods, and events.
- If none of the existing Web server controls (or their combinations) meet your requirements, you can create a custom control by deriving from one of the base control classes. These classes provide all the basic functionality of Web server controls, so you can focus on programming the features you need.
- If none of the existing ASP.NET server controls meet the specific requirements of your applications, you can create either a Web user control or a Web custom control that encapsulates the functionality you need.
The main difference between the two controls lies in ease of creation vs. ease of use at design time.
Web user controls are easy to make, but they can be less convenient to use in advanced scenarios. You develop Web user controls almost exactly the same way that you develop Web Forms pages. Like Web Forms, user controls can be created in the visual designer, they can be written with code separated from the HTML, and they can handle execution events. However, because Web user controls are compiled dynamically at run time they cannot be added to the Toolbox, and they are represented by a simple placeholder glyph when added to a page. This makes Web user controls harder to use if you are accustomed to full Visual Studio .NET design-time support, including the Properties window and Design view previews. Also, the only way to share the user control between applications is to put a separate copy in each application, which takes more maintenance if you make changes to the control.
Web custom controls are compiled code, which makes them easier to use but more difficult to create; Web custom controls must be authored in code. Once you have created the control, however, you can add it to the Toolbox and display it in a visual designer with full Properties window support and all the other design-time features of ASP.NET server controls. In addition, you can install a single copy of the Web custom control in the global assembly cache and share it between applications, which makes maintenance easier.
Ans: Cookie are one of several ways to store data about web site visitors during the time when web server and browser are not connected. Common use of cookies is to remember users between visits. Practically, cookie is a small text file sent by web server and saved by web browser on client machine.
C# Code
// Add this on the beginning of your .cs code file
using System;
// Use this line when you want to save a cookie
Response.Cookies["MyCookieName"].Value = "MyCookieValue";
// How long will cookie exist on client hard disk
Response.Cookies["MyCookieName"].Expires = DateTime.Now.AddDays(1);
// To add multiple key/value pairs in single cookie
Response.Cookies["VisitorData"]["FirstName"] = "Richard";
Response.Cookies["VisitorData"]["LastVisit"] = DateTime.Now.ToString();
HttpCookie Class: HttpCookie class is located in System.Web namespace. You can use HttpCookie class to create and manipulate cookies instead of using of Response and Request objects.
HttpCookie class has these properties:
Domain - Gets or sets domain associated with a cookie. It is often used to limit cookie use to web site sub domain.
Expires - Gets or sets time when cookie expires. After that time cookie is deleted by the browser. The maximum life time for cookie is 365 days. You can increase expiration time every time when visitor visits your web site, but if visitor don't comes for more than 365 days, the cookie will be deleted.
HasKeys - Returns true if cookie has key pairs or false if not. Cookies are not limited to only simple data as strings, but could stores key/values pairs as well.
HttpOnly - Gets or sets a true/false value if cookie is accesible by client side javascript. If value is true, cookie will be accessible only by server side ASP.NET code.
Item - Not necessary, it exists only because it is used in old classic ASP.
Name - A name of a cookie.
Path - Similar like Domain property, path is used to limit a cookie scope to specific URL. For example, to limit using of a cookie to sub folder www.yourdomain.com/forum you need to set Path property to "/forum".
Secure - Would cookies will transmit through HTTPS protocol by using SSL (secure socket layer) connection.
Value - Gets or sets a cookie's value.
Values - Used to get or set key/value pairs in individual cookie.
You can use HttpCookie class to create a cookie or set cookie's properties, like in this example code:
HttpCookie MyGreatCookie = new HttpCookie("MyCookieName");
MyGreatCookie.Value = "Some cookie value";
MyGreatCookie.Expires = DateTime.Now.AddDays(100);
Response.Cookies.Add(MyGreatCookie);
Ques 22: How to read a cookie in ASP.NET
Ans: To read a cookie value, use this:
C# Code
string MyCookieValue;
// We need to perform this check first, to avoid null exception
// if cookie not exists
if(Request.Cookies["MyCookieName"] != null)
MyCookieValue = Request.Cookies["MyCookieName"].Value;
Ques 23: How to delete cookie in ASP.NET
Ans: To delete existing cookie we actually just set its expiration time to some time in the past. You can do it with code like this:
C# Code
// First check if cookie exists
if (Request.Cookies["MyCookieName"] != null)
{
// Set its expiration time somewhere in the past
Response.Cookies["MyCookieName"].Expires = DateTime.Now.AddDays(-1);
}
HttpCookie class is located in System.Web namespace. You can use HttpCookie class to create and manipulate cookies instead of using of Response and Request objects.
Ques 24: Web browser limits for cookies?
Ans: Cookie size is limited to 4096 bytes. It is not much, so cookies are used to store small amounts of data, often just user id.
- Also, number of cookies is limited to 20 per website. If you make new cookie when you already have 20 cookies, browser will delete oldest one.
- Your web site visitor can change browser settings to not accept cookies. In that case you are not able to save and retrieve data on this way! Because of this, it is good to check browser settings before saving a cookie.
- If your visitor blocked cookies in web browser privacy settings, you need to decide do you still want to save that data on some other way (maybe with sessions) or to not save it at all. Anyway, your application must continue to work normally with any browser privacy settings. It is better to not store any sensitive or critical data to cookies. If using of cookies is necessary, you should inform your users with some message like: "Cookies must be enabled to use this application".
Ques 25: How to find does web browser accepts cookies?
Ans: There are two possible cases when your client will not accept cookies:
- Web browser does not support cookies
- Web browser supports cookies, but user disabled that option through a browser's privacy settings.
C# Code
if (Request.Browser.Cookies)
{
// Cookies supported
}
else
{
// Web browser not supports cookies
}
Ques 26: How to check if client web browser not saved a cookie because of its privacy settings
Ans:Code above will tell you does web browser supports cookie technology, but your visitor could disable cookies in web browser's privacy settings. In that case, Request.Browser.Cookies will still return true but your cookies will not be saved. Only way to check client's privacy settings is to try to save a cookie on the first page, and then redirect to second page that will try to read that cookie. You can eventually use the same page to save and read a cookie when perform a testing, but you must use Response.Redirect method after saving and before reading cookies.
Ques 27: Best practices with cookies in ASP.NET
Ans: Cookies are just plain text, so usually are not used to store sensitive informations like passwords without prior encryption. If you want to enable "Remember me" option on web site it is recommended to encrypt a password before it is stored in a cookie. Cookies are often used for data like: when visitor last time loged in, what site color she likes, to keep referer id if we offer affiliate program etc.
Ques 28: Security issues about cookies in ASP.NET
Ans: Because of security reasons, your web application can read only cookies related to your web domain. You can't read cookies related to other web sites. Web browser stores cookies from different sites separately.Cookie is just a plain text file on client's hard disk so it could be changed on different ways outside of your application. Because of that, you need to treat cookie value as potentially dangerous input like any other input from the visitor, including prevention of cross site scripting attacks.
Ques 29:. What is cookie less session? How it works?
Ans: By default, ASP.NET will store the session state in the same process that processes the request, just as ASP does. If cookies are not available, a session can be tracked by adding a session identifier to the URL. This can be enabled by setting the following:
Ques 30:
There are several ways that you can create Web custom controls:
- You can compile a control that combines the functionality of two or more existing controls. For example, if you need a control that encapsulates a button and a text box, you can create it by compiling the existing controls together.
- If an existing server control almost meets your requirements but lacks some required features, you can customize the control by deriving from it and overriding its properties, methods, and events.
- If none of the existing Web server controls (or their combinations) meet your requirements, you can create a custom control by deriving from one of the base control classes. These classes provide all the basic functionality of Web server controls, so you can focus on programming the features you need.
- If none of the existing ASP.NET server controls meet the specific requirements of your applications, you can create either a Web user control or a Web custom control that encapsulates the functionality you need.
The main difference between the two controls lies in ease of creation vs. ease of use at design time.
Web user controls are easy to make, but they can be less convenient to use in advanced scenarios. You develop Web user controls almost exactly the same way that you develop Web Forms pages. Like Web Forms, user controls can be created in the visual designer, they can be written with code separated from the HTML, and they can handle execution events. However, because Web user controls are compiled dynamically at run time they cannot be added to the Toolbox, and they are represented by a simple placeholder glyph when added to a page. This makes Web user controls harder to use if you are accustomed to full Visual Studio .NET design-time support, including the Properties window and Design view previews. Also, the only way to share the user control between applications is to put a separate copy in each application, which takes more maintenance if you make changes to the control.
Web custom controls are compiled code, which makes them easier to use but more difficult to create; Web custom controls must be authored in code. Once you have created the control, however, you can add it to the Toolbox and display it in a visual designer with full Properties window support and all the other design-time features of ASP.NET server controls. In addition, you can install a single copy of the Web custom control in the global assembly cache and share it between applications, which makes maintenance easier.
Subscribe to:
Posts (Atom)
