ASP.NET What are the best practices to follow to secure connection strings in an ASP.NET web application? 1.

Always store connection strings in the site's Web.config file. Web.config is very secure. Users will not be able to access web.config fro the browser. 2. !o not store connection strings as plain te"t. To help #eep the connection to your $atabase server secure% it is reco en$e$ that you encrypt connection string infor ation in the configuration file. 3. Never store connection strings in an asp" page. 4. Never set connection strings as $eclarative properties of the S&l!ataSource control or other $ata source controls. Why is "Connecting to SQL Server using Integrated Security" considered a best practice? 'onnecting to S() Server using integrate$ security instea$ of using an e"plicit user na e an$ passwor$% helps avoi$ the possibility of the connection string being co pro ise$ an$ your user *! an$ passwor$ being e"pose$. What is the advantage o storing an !"L i#e in the app#ications $pp%&ata o#der? The contents of the App+!ata fol$er will not be returne$ in response to $irect ,TTP re&uests. What is Script in'ection? A script in-ection attac# atte pts to sen$ e"ecutable script to your application with the intent of having other users run it. A typical script in-ection attac# sen$s script to a page that stores the script in a $atabase% so that another user who views the $ata ina$vertently runs the co$e. What is SQL in'ection? A S() in-ection attac# atte pts to co pro ise your $atabase by creating S() co an$s that are e"ecute$ instea$ of% or in a$$ition to% the co an$s that you have built into your application. What are the best practices to (eep in )ind *hen accepting user input on a *eb app#ication? 1. Always use vali$ation controls whenever possible to li it user input to acceptable values. 2. Always chec# the *s.ali$ property of the asp" page. /un the server si$e co$e only if the *s.ali$ property value is true. A value of false eans that one or ore vali$ation controls have faile$ a vali$ation chec#. 3. Always perfor server si$e vali$ation irrespective of client si$e vali$ation being perfor e$ or not. This will protect your web application even if the client has by passe$ the client si$e vali$ation by $isabling -avascript in the web browser. 4. Also a#e sure to re vali$ate user input in the business logic layer of your application. What are the steps to o##o* to avoid Script In'ection attac(s? 1. Enco$e user input with the ,t lEnco$e etho$. This etho$ turns ,T0) into its te"t representation. 2. *f you are using the 1ri$.iew control with boun$ fiel$s% set the 2oun$3iel$ ob-ect's ,t lEnco$e property to true. This causes the 1ri$.iew control to enco$e user input when the row is in e$it o$e. What are the steps to o##o* to avoid SQL In'ection attac(s? Always use para eteri4e$ &ueries or store$ proce$ures instea$ of creating S() co

an$s by

concatenating strings together. Can you encrypt vie* state data o an asp+ page? 5es% you encrypt view state $ata of an asp" page by setting the page's .iewStateEncryption0o$e property to true.

"aster ,agesWhat are Master Pages in ASP.NET? or What is a Master Page?

ASP.NET aster pages allow you to create a consistent layout for the pages in your application. A single aster page $efines the loo# an$ feel an$ stan$ar$ behavior that you want for all of the pages 6or a group of pages7 in your application. 5ou can then create in$ivi$ual content pages that contain the content you want to $isplay. When users re&uest the content pages% they erge with the aster page to pro$uce output that co bines the layout of the aster page with the content fro the content page. What are the 2 i)portant parts o a )aster page? The following are the 8 i portant parts of a aster page 9. The 0aster Page itself 8. :ne or ore 'ontent Pages Can "aster ,ages be nested? 5es% 0aster Pages be neste$. What is the i#e e+tension or a "aster ,age? . aster .o* do you identi y a "aster ,age? The aster page is i$entifie$ by a special ; 0aster $irective that replaces the ; Page $irective that is use$ for or$inary .asp" pages. Can a "aster ,age have )ore than one Content,#ace.o#der? 5es% a 0aster Page can have ore than one 'ontentPlace,ol$er What is a Content,#ace.o#der? 'ontentPlace,ol$er is a region where replaceable content will appear. .o* do you bind a Content ,age to a "aster ,age? 0asterPage3ile attribute of a content page's ; Page $irective is use$ to bin$ a 'ontent Page to a 0aster Page. Can the content page contain any other )ar(up outside o the Content contro#? No.

What are the advantages o using "aster ,ages? 9. They allow you to centrali4e the co on functionality of your pages so that you can a#e up$ates in -ust one place. 8. They a#e it easy to create one set of controls an$ co$e an$ apply the results to a set of pages. 3or e"a ple% you can use controls on the aster page to create a enu that applies to all pages. <. They give you fine=graine$ control over the layout of the final page by allowing you to control how the placehol$er controls are ren$ere$. >. They provi$e an ob-ect o$el that allows you to custo i4e the aster page fro in$ivi$ual content pages. What are the 3 #eve#s at *hich content pages can be attached to "aster ,age? At the page level = 5ou can use a page $irective in each content page to bin$ it to a aster page At the application level = 2y a#ing a setting in the pages ele ent of the application's configuration file 6Web.config7% you can specify that all ASP.NET pages 6.asp" files7 in the application auto atically bin$ to a aster page. At the fol$er level = This strategy is li#e bin$ing at the application level% e"cept that you a#e the setting in a Web.config file in one fol$er only. The aster=page bin$ings then apply to the ASP.NET pages in that fol$er. What is /"aster0ype directive used or? ;0asterType $irective is use$ to create a strongly type$ reference to the page. $re contro#s on the )aster page accessib#e to content page code? 5es% controls on the aster page are accessible to content page co$e. $t *hat stage o page processing )aster page and content page are )erged? !uring the initiali4ation stage of page processing% aster page an$ content page are erge$. Can you dynai)ica##y assign a "aster ,age? 5es% you can assign a aster page $yna ically $uring the Pre*nit stage using the Page class 0asterPage3ile property as shown in the co$e sa ple below. voi$ Page+Pre*nit6:b-ect sen$er% EventArgs e7 ? this.0asterPage3ile @ ABC0asterPage. asterAD E Can you access non pub#ic properties and non pub#ic )ethods o a )aster page inside a content page? No% the properties an$ etho$s of a aster page ust be public in or$er to aster

access the

on the content page.

1ro) the content page code ho* can you re erence a contro# on the )aster page? Use the 3in$'ontrol67 etho$ as shown in the co$e sa ple below. voi$ Page+)oa$67 ? CC 1ets a reference to a Te"t2o" control insi$e CC a 'ontentPlace,ol$er 'ontentPlace,ol$er 'ontPlace,l$r @ 6'ontentPlace,ol$er70aster.3in$'ontrol 6A'ontentPlace,ol$er9A7D if6'ontPlace,l$r F@ null7 ? Te"t2o" T"t2o" @ 6Te"t2o"7'ontPlace,l$r.3in$'ontrol6ATe"t2o"9A7D if6T"t2o" F@ null7 ? T"t2o".Te"t @ ATe"t2o" PresentFAD E E CC 1ets a reference to a )abel control that not in CC a 'ontentPlace,ol$er )abel )bl @ 6)abel70aster.3in$'ontrol6A)abel9A7D if6)bl F@ null7 ? )bl.Te"t @ A)able PresentAD E E Can you access contro#s on the "aster ,age *ithout using 1indContro#23 )ethod? 5es% by casting the 0aster to your 0asterPage as shown in the below co$e sa ple. protecte$ voi$ Page+)oa$6ob-ect sen$er% EventArgs e7 ? 0y0asterPage 00P @ this.0asterD 00P.0yTe"t2o".Te"t @ ATe"t 2o" 3oun$AD E ,assport $uthenticationWhat is Passport Authentication?

,assport authentication i$entifies users via 0icrosoft PassportGs single sign=on service. 0icrosoft Passport is eant to provi$e *nternet users with a single i$entity that they can use to visit a wi$e variety of Web sites that re&uire authentication. *nfor ation about the user is available to your application through a profile that is store$ with 0icrosoft.

What are the advantages o ,assport authentication? The a$vantages of Passport authentication are that the user $oesnGt have to re e ber separate user na es an$ passwor$s for various Web sites an$ that the user can aintain his or her profile infor ation in a single location. Passport authentication also provi$es access to other 0icrosoft services% such as Passport E"press Purchase. What is passport so t*are deve#op)ent (it 2passport S&43? To use Passport authentication in your Web application% you ust install the Passport S!H. The Passport S!H is free for prepro$uction $evelop ent an$ testing. To $eploy a site for public use% you ust obtain an annual license fro 0icrosoft. .o* does ,assport authentication *or(? When a user accesses an application that i ple ents Passport authentication% ASP.NET chec#s the userGs achine for a current passport authentication coo#ie. *f none is foun$% ASP.NET $irects the user to a Passport sign=on page. :nce the user signs in% the Passport service authenticates the user% stores an authentication coo#ie on the userGs co puter% an$ $irects the user bac# to the originally re&ueste$ Web page. What are the steps to o##o* to use ,assport authentication? 9. *nstall the Passport S!H. Passport is not inclu$e$ with .isual Stu$io% although the .NET 3ra ewor# $oes inclu$e classes for wor#ing with the Passport S!H once it is installe$. 8. Set the applicationGs authentication o$e to Passport in Web.config. Set authori4ation to $eny unauthenticate$ users. <. Use the PassportAuthentication+:nAuthenticate event to access the userGs Passport profile to i$entify an$ authori4e the user. >. * ple ent a sign=out proce$ure to re ove Passport coo#ies fro the userGs achine. Where is ,assport$uthentication%5n$uthenticate event present? PassportAuthentication+:nAuthenticate event is present in 1lobal.asa". 1or)s $uthenticationWhat is the advantage of using Forms authentication?

The a$vantage of using 3or s authentication is that users $o not have to be e ber of a $o ain=base$ networ# to have access to your application. Another a$vantage is that any Web applications% particularly co ercial sites where custo ers or$er pro$ucts% want to have access to user infor ation. 3or s authentication a#es these types of applications easier to create. List the steps to use 1or)s authentication in a *eb app#ication? 9.Set the authentication o$e in Web.config to 3or s. 8.'reate a Web for to collect logon infor ation.

<.'reate a file or $atabase to store user na es an$ passwor$s. >.Write co$e to a$$ new users to the user file or $atabase. I.Write co$e to authenticate users against the user file or $atabase. What happens *hen so)eone accesses a Web app#ication that uses 1or)s authentication? When so eone accesses a Web application that uses 3or s authentication% ASP.NET $isplays the logon Web for specifie$ in Web.config. :nce a user is authori4e$% ASP.NET issues an authori4ation certificate in the for of a coo#ie that persists for an a ount of ti e specifie$ by the authentication settings in Web.config. What is the di erence bet*een Windo*s authentication and 1or)s authentication? The $ifference between Win$ows authentication an$ 3or s authentication is that in 3or s authentication your application perfor s all the authentication an$ authori4ation tas#s. 5ou ust create Web for s an$ write co$e to collect user na es an$ passwor$s an$ to chec# those ite s against a list of authori4e$ users. What is the use o )ode attribute in authentication e#e)ent in a *eb.con ig i#e? 5ou use the o$e attribute to specify the type of authentication your web application is using. Set the o$e attribute to for s to enable 3or s authentication. What is the use o na)e attribute and #ogin6r# attribute o a or)s e#e)ent in a *eb.con ig i#e? 7a)e attribute of for s ele ent is use$ to set the na e of the coo#ie in which to store the userGs cre$ential. The $efault is .authasp". *f ore than one application on the server is using 3or s authentication% you nee$ to specify a uni&ue coo#ie na e for each application. #ogin6r# attribute of for s ele ent is use$ to set the na e of the Web for to $isplay if the user has not alrea$y been authenticate$. *f o itte$% the $efault is !efault.asp". What is protection attribute in a or)s e#e)ent used or in *eb.con ig i#e? The protection attribute of a for s ele ent of web.config file is use$ for setting how ASP.NET protects the authentication coo#ie store$ on the userGs achine. The $efault is $##% which perfor s encryption an$ $ata vali$ation. :ther possible settings are 8ncryption9 :a#idation9 and 7one. What is ti)eout attribute in a or)s e#e)ent used or in *eb.con ig i#e? Ti eout attribute is use$ to set the nu ber of inutes the authentication coo#ie persists on the userGs achine. The $efault is <J% in$icating <J inutes. ASP.NET renews the coo#ie auto atically if it receives a re&uest fro the user an$ ore than half of the allotte$ ti e has e"pire$.

In *hich na)espace the 1or)s$uthentication c#ass is present? Syste .Web.Security na espace Which )ethod chec(s the user na)e and pass*ord against the user #ist ound in the credentia#s e#e)ent o Web.con ig? The 3or sAuthentication classGs Authenticate etho$ chec#s the user na e an$ passwor$ against the user list foun$ in the cre$entials ele ent of Web.config. Which )ethod can be used to re)ove or)s authentication coo(ie? Use the signout67 etho$ of 3or sAuthentication class to sign out when the user has finishe$ with the application or when you want to re ove the authentication coo#ie fro his or her achine. 3or e"a ple% the following co$e en$s the userGs access to an application an$ re&uires hi or her to sign bac# in to regain access FormsAuthentication.SignOut(); What is the advantage o $uthenticating 6sers *ith a &atabase? 5ou can authenticate users base$ on a list in Web.config. The 3or sAuthentication classGs Authenticate etho$ is set up to rea$ fro web.config file auto atically. ThatGs fine if user na es an$ passwor$s are create$ an$ aintaine$ by a syste a$ inistrator% but if you allow users to create their own user na es or change their passwor$s% youGll nee$ to store that infor ation outsi$e the Web.config file. This is because changing Web.config at run ti e causes the Web application to restart% which resets any Application state an$ Session state variables use$ by the application. What are the advantages o storing user na)es and pass*ords in a database rather than a i#e? 5ou can store user na es an$ passwor$s in any type of fileD however% using a $atabase has the following significant a$vantagesK 9. User na es can be use$ as pri ary #eys to store other infor ation about the user. 8. !atabases can provi$e high perfor ance for accessing user na es an$ passwor$s. <. A$$ing% o$ifying% an$ accessing recor$s are stan$ar$i4e$ through S(). Can you encrypt user na)es and pass*ords stored in a i#e or a database? 5es% you encrypt user na es an$ passwor$s store$ in a file or a $atabase. 5ou can encrypt the using the 3or sAuthentication classGs .ash,ass*ord1orStoringInCon ig1i#e etho$. This etho$ uses the S.$1 or "&; algorith s to encrypt $ata% as shown belowK Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password !SHA"!); Can you change authentication type in a sub o#der<s *eb.con ig i#e? Authentication type 6Win$ows% 3or s% or Passport7 can be set only at the applicationGs root fol$er. To change authentication type in a subfol$er's web.config

file% you ust create a new Web application pro-ect an$ application starting point for that subfol$er. .o* can you contro# access to sub o#ders in a *eb app#ication? The authori4ation settings in the Web.config file apply hierarchically within the fol$er structure of a Web application. 3or instance% you ight want to allow all users access to the root fol$er of a Web application but restrict access to Web for s 6an$ tas#s7 available fro a subfol$er. To $o this% set the authentication type in the root fol$erGs Web.config file% an$ then use the authori4ation ele ent in the subfol$erGs Web.config file to restrict access. $&5.7etWhat is "icroso t $&5.780? .isual Stu$io .NET provi$es access to $atabases through the set of tools an$ na espaces collectively referre$ to as 0icrosoft A!:.NET What are the 3 )a'or types o connection ob'ects in $&5.780? 5#e&bConnection ob'ect = Use an :le!b'onnection ob-ect to connect to a 0icrosoft Access or thir$=party $atabase% such as 0yS(). :)E $atabase connections use the :le!b!ataA$apter ob-ect to perfor co an$s an$ return $ata. S>#Connection ob'ect = Use a S&l'onnection ob-ect to connect to a 0icrosoft S() Server $atabase. S() $atabase connections use the S&l!ataA$apter ob-ect to perfor co an$s an$ return $ata. 5rac#eConnection ob'ect = Use an :racle'onnection ob-ect to connect to :racle $atabases. :racle $atabase connections use the :racle!ataA$apter ob-ect to perfor co an$s an$ return $ata. This connection ob-ect was intro$uce$ in 0icrosoft .NET 3ra ewor# version 9.9. List the 4 co))on $&5.780 7a)espaces? Syste).&ata = 'ontains 'lasses% types% an$ services for creating an$ accessing $ata sets an$ their subor$inate ob-ects Syste).&ata.S>#C#ient = 'ontains 'lasses an$ types for accessing 0icrosoft S() Server $atabases Syste).&ata.5rac#eC#ient = 'ontains 'lasses an$ types for accessing :racle $atabases 60icrosoft .NET 3ra ewor# version 9.9 an$ later7 Syste).&ata.5#e&b = 'ontains 'lasses an$ types for accessing other $atabases List a## the steps in order9 to access a database through $&5.780? 1. 'reate a connection to the $atabase using a connection ob-ect. 2. *nvo#e a co an$ to create a !ataSet ob-ect using an a$apter ob-ect. 3. Use the !ataSet ob-ect in co$e to $isplay $ata or to change ite s in the $atabase. 4. *nvo#e a co an$ to up$ate the $atabase fro the !ataSet ob-ect using an a$apter ob-ect. ;. 'lose the $atabase connection if you e"plicitly opene$ it in step 8 using the :pen etho$. *nvo#ing co an$s without first invo#ing the :pen etho$ i plicitly opens an$ closes the connection with each re&uest.

Why *i## you usua##y create an $S,780 user account in the &atabase or an $S,.780 *eb app#ication? Web applications run using the ASPNET user account. The S() $atabase a$ inistrator will have to set up this account an$ grant it per issions before your Web application will have access to a S() $atabase. 3or file=base$ $atabases% such as 0icrosoft Access% you ust grant per issions on the $atabase file to the ASPNET user account using Win$ows file security settings. What is the di erence bet*een &ata?eader and &ata$dapter? 1. !ata /ea$er is rea$ only forwar$ only an$ uch faster than !ataA$apter. 2. *f you use !ata/ea$er you have to open an$ close connection e"plicitly where as if you use !ataA$apter the connection is auto atically opene$ an$ close$. 3. !ata/ea$er is connection oriente$ where as !ata A$apter is $isconnecte$ Can you inherit ro) S>#Connection C#ass? No% you cannot inheirt fro S&l'onnection 'lass. S&l'onnection 'lass is a seale$ class. *t is a co pile ti e error. Wi## the connection be c#osed9 i the S>#Connection ob'ect goes out o scope? No% *f the S&l'onnection goes out of scope% it won't be close$. Therefore% you ust e"plicitly close the connection by calling 'lose or !ispose. What happens i connection poo#ing is enab#ed? *f connection pooling is enable$ an$ when you call 'lose or !ispose etho$s% then the connection is returne$ to the connection pool. This connection can then be resuse$.*f connection pooling is $isable$ an$ when you call 'lose or !ispose etho$s% the un$erlying connection to the server is actually close$. .o* do you ensure that the database connections are a#*ays c#osed? To ensure that the $atabase connections are always close$% open the connection insi$e of a using bloc#% as shown in the following co$e frag ent. !oing so ensures that the connection is auto atically close$ when the co$e e"its the bloc#. using 6S&l'onnection 'onnection:b-ect @ new S&l'onnection677 ? 'onnection:b-ect.:pen67D CCThe $atabase connection will be close$ when the control e"its the using co$e bloc# E .o* do you read an !"L i#e into a &ataSet? Using the !ataSet ob-ectGs /ea$L0) etho$. When do you use 8+ecute?eader9 8+ecute7onQuery9 8+ecuteSca#ar )ethods? *f the co an$ or store$ proce$ure that is being e"ecute$ returns a set of rows% then we use E"ecute/ea$er etho$.

*f the co an$ or store$ proce$ure that is being e"ecute$ returns a single value then we use E"ecuteScalar etho$. *f the co an$ or store$ proce$ure perfor s *NSE/T% !E)ETE or UP!ATE operations% then we use E"ecuteNon(uery etho$. E"ecuteNon(uery etho$ returns an integer specifying the nu ber of rows inserte$% $elete$ or up$ate$. Can your c#ass inherit ro) S>#Co))and C#ass? No% you cannot inheirt fro S&l'o an$ 'lass. S&l'o class. *t is a co pile ti e error. an$ 'lass is a seale$

@ive an e+a)p#e that sho*s ho* to e+ecute a stored procedure in $&5.780? using 6S&l'onnection 'onnection:b-ect @ new S&l'onnection677 ? CCSpecify the na e of the store$ proce$ure to e"ecute an$ the 'onnection :b-ect to use S&l'o an$ 'o an$:b-ect @ new S&l'o an$6AStore$Proce$ureNa eA% 'onnection:b-ect7D CCSpecify the S() 'o an$ type is a store$ proce$ure 'o an$:b-ect.'o an$Type @ 'o an$Type.Store$Proce$ureD CC:pen the connection 'onnection:b-ect.:pen67D CCE"ecute the Store$ Proce$ure int /ecor$sAffecte$ @ 'o an$:b-ect.E"ecuteNon(uery67D E Can you reuse a S>#Co))and ob'ect? 5es% you can reset the 'o an$Te"t property an$ reuse the S&l'o an$ ob-ect.

What are the )ethods that can ensure asynchronous e+ecution o the 0ransact-SQL state)ent or stored procedure? 2eginE"ecuteNon(uery 2eginE"ecute/ea$er What is S>#Co))and.Co))and0i)eout ,roperty used or? 'o an$Ti eout Property is use$ to 1et or set the wait ti e before ter inating the atte pt to e"ecute a co an$ an$ generating an error. CCSpecify the 'o an$Ti eout property value S&l'o an$ 'o an$:b-ect @ new S&l'o an$6AStore$Proce$ureNa eA% 'onnection:b-ect7D CCWait for 9J secon$s to e"ecute the Store$ proce$ure 'o an$:b-ect.'o an$Ti eout @ 9JD The ti e is in secon$s. The $efault is <J secon$s. .o* do you create an instance o S>#&ata?eader c#ass? To create an instance of S&l!ata/ea$er class% you ust call the E"ecute/ea$er etho$ of the S&l'o an$ ob-ect% instea$ of $irectly using a constructor. CCErrorF 'annot use S&l!ata/ea$er67 constructor

CCto create an instance of S&l!ata/ea$er class S&l!ata/ea$er /ea$er:b-ect @ new S&l!ata/ea$er67D CC'all the E"ecute/ea$er etho$ of the S&l'o an$ ob-ect S&l'o an$ 'o an$:b-ect @ new S&l'o an$67D S&l!ata/ea$er /ea$er:b-ect @ 'o an$:b-ect.E"ecute/ea$er67D 'reating an instance of S&l!ata/ea$er class using S&l!ata/ea$er67 constructor generates a co pile ti e error = The type 'Syste .!ata.S&l'lient.S&l!ata/ea$er' has no constructors $efine$. .o* do you progra)atica##y chec( i a speci ied S>#&ata?eader instance has been c#osed? Use the *s'lose$ property of S&l!ata/ea$er to chec# if a specifie$ S&l!ata/ea$er instance has been close$. *f *s'lose$ property returns true% the S&l!ata/ea$er instance has been close$ else not close$. .o* do you get the tota# nu)ber o co#u)ns in the current ro* o a S>#&ata?eader instance? 3iel$'ount property can be use$ to get the total nu ber of colu ns in the current row of a S&l!ata/ea$er instance. @ive an e+a)p#e or e+ecuting a stored procedure *ith para)eters? CC'reate the 'onnection :b-ect S&l'onnection 'onnection:b-ect @ new S&l'onnection6'onnectionString7D CC'reate the 'o an$ :b-ect S&l'o an$ 'o an$:b-ect @ new S&l'o an$6AStore$Proce$ureNa eA% 'onnection:b-ect7D CCSpecify to 'o an$:b-ect that you inten$ to e"ecute a Store$ Proce$ure 'o an$:b-ect.'o an$Type @ 'o an$Type.Store$Proce$ureD CC'reate an S() Para eter ob-ect S&lPara eter Para eter:b-ect @ new S&lPara eter67D CCSpecify the na e of the S() Para eter Para eter:b-ect.Para eterNa e @ APara eter9AD CCAssign the Para eter value Para eter:b-ect..alue @ ASo e .alueAD CCSpecify the !atabase !ataType of the Para eter Para eter:b-ect.!bType @ !bType.StringD CCSpecify the type of para eter = input=only% output=only% bi$irectional Para eter:b-ect.!irection @ Para eter!irection.*nputD CCAssociate the Para eter to the 'o an$ :b-ect 'o an$:b-ect.Para eters.A$$6Para eter:b-ect7D CC:pen the connection 'onnection:b-ect.:pen67D CCE"ecute the co an$ int /ecor$s+Affecte$ @ 'o an$:b-ect.E"ecuteNon(uery67D CC'lose the 'onnection 'onnection:b-ect.'lose67D

What is the use o S>#,ara)eter.&irection ,roperty? S&lPara eter.!irection Property is use$ to specify the S&l Para eter type = input= only% output=only% bi$irectional% or a store$ proce$ure return value para eter. The $efault is *nput. .o* do you retrieve t*o tab#es o data at the sa)e ti)e by using data reader? *nclu$e 8 select state ents either in a store$ proce$ure or in a select co an$ an$ call the E"ecute/ea$er67 etho$ on the co an$ ob-ect. This will auto atically fill the !ata/ea$er with 8 Tables of $ata. The $atarea$er will always return the $ata fro first table only. *f you want to get the secon$ table then you nee$ to use /ea$er:b-ect.Ne"t/esult67 etho$. The Ne"t/esult67 etho$ will return true if there is another table. The following co$e shows you how $o it. CC'reate the S() (uery with 8 Select state ents string S()(uery @ ASelect M fro 'usto ersDSelect M fro E ployeesDAD CC'reate the 'onnection :b-ect S&l'onnection 'onnection:b-ect @ new S&l'onnection6'onnectionString7D CC'reate the 'o an$ :b-ect S&l'o an$ 'o an$:b-ect @ new S&l'o an$6S()(uery% 'onnection:b-ect7D CC:pen the connection 'onnection:b-ect.:pen67D CCE"ecute the co an$. Now rea$er ob-ect will have 8 tables of $ata. S&l!ata/ea$er /ea$er:b-ect @ 'o an$:b-ect.E"ecute/ea$er67D CC)oop thru the tables in the !ata/ea$er ob-ect while 6/ea$er:b-ect.Ne"t/esult677 ? while 6/ea$er:b-ect./ea$677 ? CC!o So ething E E CC'lose the /ea$er /ea$er:b-ect.'lose67D CC'lose the 'onnection 'onnection:b-ect.'lose67D What are the advantages o using SQL stored procedures instead o adhoc SQL >ueries in an $S,.780 *eb app#ication? Aetter ,er or)ance = As store$ proce$ures are preco pile$ ob-ects they e"ecute faster than S() &ueries. Every ti e we run a S() &uery% the &uery has to be first co pile$ an$ then e"ecute$ where as a store$ proce$ure is alrea$y co pile$. ,ence e"ecuting store$ proce$ures is uch faster than e"ecuting S() &ueries. Aetter Security = 3or a given store$ proce$ure you can specify who has the

rights to e"ecute. 5ou cannot $o the sa e for an S() &uery. Writing the S() state ents insi$e our co$e is usually not a goo$ i$ea. *n this way you e"pose your $atabase sche a 6$esign7 in the co$e which ay be change$. ,ence ost of the ti e progra ers use store$ proce$ures instea$ of plain S() state ents. ?educed 7et*or( 0ra ic = Store$ Proce$ures resi$e on the $atabase server. *f you have to e"ecute a Store$ Proce$ure fro your ASP.NET web application% you -ust specify the na e of the Store$ Proce$ure. So over the networ# you -ust sen$ the na e of the Store$ Proce$ure. With an S() &uery you have to sen$ all the S() state ents over the networ# to the $atabase server which coul$ lea$ to increase$ networ# traffic. Can you update the database using &ata?eader ob'ect? No% 5ou cannot up$ate the $atabase using !ata/ea$er ob-ect. !ata/ea$er is rea$= only% fowar$ only. *t rea$s one recor$ at ati e. After !ata/ea$er finishes rea$ing the current recor$% it oves to the ne"t recor$. There is no way you can go bac# to the previous recor$. What is the di erence bet*een a &ata?eader and a &ataSet? &ata?eader 1. !at/ea$er wor#s on a 'onnection oriente$ architecture. 2. !ata/ea$er is rea$ only% forwar$ only. *t rea$s one recor$ at ati e. After !ata/ea$er finishes rea$ing the current recor$% it oves to the ne"t recor$. There is no way you can go bac# to the previous recor$. So using a !ata/ea$er you rea$ in forwar$ $irection only. 3. Up$ations are not possible with !ata/ea$er. 4. As !ata/ea$er is rea$ only% forwar$ only it is uch faster than a !ataSet. &ataSet 1. !ataSet wor#s on $isconnecte$ architecture. 2. Using a !ataSet you can ove in both $irections. !ataSet is bi $irectional. 3. !atabase can be up$ate$ fro a !ataSet. 4. !ataSet is slower than !ata/ea$er. @ive an e+a)p#e scenario o using a &ataSet and a &ata?eader? *f you want to -ust rea$ an$ $isplay the $ata6No up$ates% $eletes% or inserts7 then use a !ata/ea$er. *f you want to $o a batch inserts% up$ates an$ $eletes then use a !ataSet. 0he)es and S(insWhat is a "the)e" in $S,.780? A Athe eA is a collection of property settings that allow you to $efine the loo# of pages an$ controls% an$ then apply the loo# consistently across pages in a Web application% across an entire Web application% or across all Web applications on a server. What is the e+tension or a s(in i#e? .s#in

What are the 2 types o contro# s(ins in $S,.780? 1. !efault s#ins 2. Na e$ s#ins What is the di erence bet*een 7a)ed s(ins and &e au#t s(ins? A de au#t s(in auto atically applies to all controls of the sa e type when a the e is applie$ to a page. A control s#in is a $efault s#in if it $oes not have a S#in*! attribute. 3or e"a ple% if you create a $efault s#in for a 'alen$ar control% the control s#in applies to all 'alen$ar controls on pages that use the the e. 6!efault s#ins are atche$ e"actly by control type% so that a 2utton control s#in applies to all 2utton controls% but not to )in#2utton controls or to controls that $erive fro the 2utton ob-ect.7 A na)ed s(in is a control s#in with a S#in*! property set. Na e$ s#ins $o not auto atically apply to controls by type. *nstea$% you e"plicitly apply a na e$ s#in to a control by setting the control's S#in*! property. 'reating na e$ s#ins allows you to set $ifferent s#ins for $ifferent instances of the sa e control in an application. What are the 3 #eve#s at *hich a the)e can be app#ied or a *eb app#ication? 1. At the page level = Use the The e or StyleSheetThe e attribute of the ; Page $irective. 2. At the application level = 'an be applie$ to all pages in an application by setting the ele ent in the application configuration file. 3. At the web server level = !efine the ele ent in achine.config file. This will apply the the e to all the web applications on that web server. What is the na)e o the o#der that contains the app#ication the)es? App+The es What is a g#oba# the)e? A g#oba# the)e is a the e that you can apply to all the Web sites on a server. 1lobal the es allow you to $efine an overall loo# for your $o ain when you aintain ultiple Web sites on the sa e server. What is the di erence bet*een the)es and CSS? 1. The es can $efine any properties of a control or page% not -ust style properties. 3or e"a ple% using the es% you can specify the graphics for a Tree.iew control% the te plate layout of a 1ri$.iew control% an$ so on. 2. The es can inclu$e graphics. 3. The es $o not casca$e the way style sheets $o. 2y $efault% any property values $efine$ in a the e reference$ by a page's The e property overri$e the

property values $eclaratively set on a control% unless you e"plicitly apply the the e using the StyleSheetThe e property. 4. :nly one the e can be applie$ to each page. 5ou cannot apply ultiple the es to a page% unli#e style sheets where ultiple style sheets can be applie$. What are the security concerns to (eep in )ind *hen using the)es? The es can cause security issues when they are use$ on your Web site. 0alicious the es can be use$ toK 1. Alter a control's behavior so that it $oes not behave as e"pecte$. 2. *n-ect client=si$e script% therefore posing a cross=site scripting ris#. 3. E"pose sensitive infor ation. 4. The itigations for these co on threats areK

;. Protect the global an$ application the e $irectories with proper access control settings. :nly truste$ users shoul$ be allowe$ to write files to the the e $irectories. B. !o not use the es fro an untruste$ source. Always e"a ine any the es fro outsi$e your organi4ation for alicious co$e before using the on you Web site. C. !o not e"pose the the e na e in &uery $ata. 0alicious users coul$ use this infor ation to use the es that are un#nown to the $eveloper an$ thereby e"pose sensitive infor ation. $rraysWhat is the di erence bet*een arrays in CD and arrays in other progra))ing #anguages? Arrays in 'N wor# si ilarly to how arrays wor# in ost other popular languages There are% however% a few $ifferences as liste$ below 1. When $eclaring an array in 'N% the s&uare brac#ets 6OP7 ust co e after the type% not the i$entifier. Placing the brac#ets after the i$entifier is not legal synta" in 'N. intEF Integer$rrayG HH not int Integer$rrayEFG 2. Another $ifference is that the si4e of the array is not part of its type as it is in the ' language. This allows you to $eclare an array an$ assign any array of int ob-ects to it% regar$less of the array's length.

intOP *ntegerArrayD CC $eclare *ntegerArray as an int array of any si4e *ntegerArray @ new intO9JPD CC *ntegerArray is a 9J ele ent array *ntegerArray @ new intOIJPD CC now *ntegerArray is a IJ ele ent array What are the 3 di erent types o arrays that *e have in CD? 1. Single !i ensional Arrays 2. 0ulti !i ensional Arrays also calle$ as rectangular arrays 3. Array :f Arrays also calle$ as -agge$ arrays $re arrays in CD va#ue types or re erence types? /eference types. What is the base c#ass or a## arrays in CD? Syste .Array .o* do you sort an array in CD? The Sort static etho$ of the Array class can be use$ to sort array ite s. @ive an e+a)p#e to print the nu)bers in the array in descending order? using Syste D na espace 'onsoleApplication ? class Progra ? static voi$ 0ain67 ? intOP Nu bers @ ? 8% I% <% 9% > ED CCPrint the nu bers in the array without sorting 'onsole.Write)ine6APrinting the nu bers in the array without sortingA7D foreach 6int i in Nu bers7 ? 'onsole.Write)ine6i7D E CCSort an$ then print the nu bers in the array 'onsole.Write)ine6APrinting the nu bers in the array after sortingA7D Array.Sort6Nu bers7D foreach 6int i in Nu bers7 ? 'onsole.Write)ine6i7D E CCPrint the nu bers in the array in $esce$ing or$er 'onsole.Write)ine6APrinting the nu bers in the array in $esce$ing or$erA7D

Array./everse6Nu bers7D foreach 6int i in Nu bers7 ? 'onsole.Write)ine6i7D E E E E What property o an array ob'ect can be used to get the tota# nu)ber o e#e)ents in an array? )ength property of array ob-ect gives you the total nu ber of ele ents in an array. An e"a ple is shown below. using Syste D na espace 'onsoleApplication ? class Progra ? static voi$ 0ain67 ? intOP Nu bers @ ? 8% I% <% 9% > ED 'onsole.Write)ine6ATotal nu ber of ele ents @ A QNu bers.)ength7D E E E @ive an e+a)p#e to sho* ho* to copy one array into another array? We can use 'opyTo67 etho$ to copy one array into another array. An e"a ple is shown below. using Syste D na espace 'onsoleApplication ? class Progra ? static voi$ 0ain67 ? intOP Nu bers @ ? 8% I% <% 9% > ED intOP 'opy:fNu bers@new intOIPD Nu bers.'opyTo6'opy:fNu bers%J7D foreach 6int i in 'opy:fNu bers7 ? 'onsole.Write)ine6i7D E

E E E
Caching-

What is caching? ,igh=perfor ance Web applications shoul$ be $esigne$ with caching in in$. 'aching is the techni&ue of storing fre&uently use$ ite s in e ory so that they can be accesse$ ore &uic#ly. 'aching is i portant to Web applications because each ti e a Web for is re&ueste$% the host server ust process the Web for Gs ,T0) an$ run Web for co$e to create a response. 2y caching the response% all that wor# is bypasse$. *nstea$% the re&uest is serve$ fro the reponse alrea$y store$ in e ory. 'aching an ite incurs consi$erable overhea$% so itGs i portant to choose the ite s to cache wisely. A Web for is a goo$ can$i$ate for caching if it is fre&uently use$ an$ $oes not contain $ata that fre&uently changes. 2y storing a Web for in e ory% you are effectively free4ing that for Gs server=si$e content so that changes to that content $o not appear until the cache is refreshe$. What directive is used to cache a *eb or)? The /5utputCache page $irective is use$ to cache a Web for

in the serverGs

e ory.

What is the use o duration attribute o /5utputCache page directive? The /5utputCache $irectiveGs &uration attribute controls how long the page is cached. 3or e"a ple if you set the $uration attribute to RJ secon$s% the Web for is cache$ for RJ secon$s. The first ti e any user re&uests the Web for % the server loa$s the response in e ory an$ retains that response for RJ secon$s. Any subse&uent re&uests $uring that ti e receive the cache$ response. After the cache $uration has e"pire$% the ne"t re&uest for the Web for generates a new response% which is then cache$ for another RJ secon$s. Thus the server processes the Web for once every RJ secon$s at ost. What are the 2 re>uired attributes o the /5utputCache directive? The ;:utput'ache $irective has two re&uire$ attributesK 1. &uration 2. :aryAy,ara). .o* do you cache )u#tip#e responses ro) a sing#e Web or)? The :aryAy,ara) attribute lets you cache ultiple responses fro a single Web for base$ on varying ,TTP P:ST or &uery string para eters. Setting .ary2yPara to None caches only one response for the Web for % regar$less of the para eters sent. 5ou can also cache ultiple responses fro .ary2y'usto attribute. a single Web for using the .ary2y,ea$ers or

The .ary2y'usto attribute lets you cache $ifferent responses base$ on a custo string. To use .ary2y'usto % overri$e the 1et.ary2y'usto String etho$ in the Web applicationGs 1lobal.asa"

file. Is it possib#e to cache a *eb or) *ithout using /5utputCache directive? 5es% you can cache a web for using the ?esponse ob-ectGs Cache property% which returns an ,ttp'achePolicy ob-ect for the response. The ,ttp'achePolicy ob-ect provi$es e bers that are si ilar to the 5utputCache $irectiveGs attributes. @ive a si)p#e e+a)p#e to sho* ho* to cache a *eb or) *ithout using /5utputCache directive? 3or e"a ple% the following co$e caches the Web for Gs response for RJ secon$sK private voi$ Page+)oa$6ob-ect sen$er% Syste .EventArgs e7 ? CC 'ache this page !ateTi e)abel.Te"t @ Syste .!ateTi e.Now.ToString67D CC Set :utput'ache !uration. /esponse.'ache.SetE"pires6Syste .!ateTi e.Now.A$$Secon$s6RJ77D CC Set :utput'ache .ary2yPara s. /esponse.'ache..ary2yPara sOANoneAP @ trueD CC Set :utput'ache )ocation. /esponse.'ache.Set'acheability6,ttp'acheability.Public7D E The prece$ing co$e is e&uivalent to the following :utput'ache $irectiveK ; :utput'ache !uration@AIA .ary2yPara @ANoneA )ocation@AAnyA What is /5utputCache directiveIs Location attribute and the .ttpCache,o#icy ob'ectIs SetCacheabi#ity property used or? The /5utputCache $irectiveGs )ocation attribute an$ the ,ttp'achePolicy ob-ectGs Set'acheability property $eter ine where 0icrosoft ASP.NET stores cache$ responses. 2y $efault% ASP.NET caches responses at any available location that accepts cache ite s = the client% pro"y servers% or the host server. *n practice% those locations ight or ight not allow caching% so you can thin# of the LocationHSetCacheabi#ity setting as ore of a re&uest than a co an$. What is .ttpCache,o#icy ob'ectIs Set$##o*?esponseInAro*ser.istory )ethod used or? 5ou can overri$e the cache #ocation settings using the .ttpCache,o#icy ob-ectGs SetAllow/esponse*n2rowser,istory etho$. Setting that etho$ to True allows the response to be store$ in the clientGs history fol$er even if the location setting is None or Server. Which ob-ect can use$ to store fre&uently use$ ite s in the serverGs e ory for &uic# retrieval? 'ache ob-ect can be use$ to store fre&uently use$ ite s in the serverGs e ory for &uic# retrieval. Is the cache ob'ect avai#ab#e or a## *eb or)s *ith in a *eb app#ication? 5es% the 'ache ob-ect is global% that is% $ata store$ in the 'ache ob-ect is available anywhere within a Web application. *n this way% the 'ache ob-ect is very si ilar to the intrinsic Application ob-ect. What are the 3 di erent *ays to store data in the Cache ob'ect? 6se assign)ent. Assigning a value to an unuse$ #ey in the 'ache ob-ect auto atically creates that #ey an$ assigns the value to that #ey. Assigning a value to a #ey that alrea$y e"ists replaces the cache$ value with

the assigne$ value. 6se the Insert )ethod. The *nsert etho$ uses para eters rather than assign ent to create or change cache$ $ata. *nsert optionally accepts para eters to establish $epen$encies an$ set e"piration policy. 6se the $dd )ethod. The A$$ etho$ is si ilar to *nsertD however% it re&uires all para eters an$ returns an ob-ect reference to the cache$ $ata. 3or e"a ple% the following 'ache state ents all a$$ the sa e ite to the cacheK

using Syste .Web.'achingD private voi$ Page+)oa$6ob-ect sen$er% Syste .EventArgs e7 ? if6F*sPost2ac#7 ? 'acheOANew*te AP @ ASo e string $ataAD 'ache.A$$6ANew*te A% ASo e string $ataA% null% 'ache.NoAbsoluteE"piration% Syste .Ti eSpan.3ro 0inutes697% 'ache*te Priority.!efault% null7D 'ache.*nsert6ANew*te A% ASo e string $ataA7D E E What are abso#ute8+piration and s#iding8+piration par)eters o the Insert and $dd )ethods? abso#ute8+piration A !ateTi e ob-ect that i$entifies when the $ata shoul$ be re ove$ fro the cache. *f youGre using sli$ing e"piration% specify 'ache.NoAbsoluteE"piration for this para eter. s#iding8+piration A Ti eSpan ob-ect that i$entifies how long the $ata shoul$ re ain in the cache after the $ata was last accesse$. *f youGre using absolute e"piration% specify 'ache.NoSli$ingE"piration for this para eter. Which de#egate can be used to noti y the app#ication *hen ite)s are re)oved ro) the cache? on/e ove'allbac# is use$ to notify the application when ite s are re ove$ fro the cache. .o* do you retrieve the va#ue o a cache ite) stored in the servers )e)ory? 5ou can retrieve the value of a cache ite store$ in the servers e ory through the ite Gs #ey% -ust as you $o with the Application an$ Session ob-ects. 2ecause cache$ ite s ight be re ove$ fro e ory% you shoul$ always chec# for their e"istence before atte pting to retrieve their value% as shown in the following co$eK private voi$ 2utton9+'lic#6ob-ect sen$er% EventArgs e7 ? if 6'acheOA'hache$*te AP @@ null7 ? )able9.Te"t @ A'ache$ *te not foun$.AD E else ?

)able9.Te"t @ 'acheOA'hache$*te AP.ToString67D E E Which )ethod can be used to re)ove data ro) the cache? 'ache ob-ectGs /e ove etho$ can be use$ to re ove $ata fro the cache as shown in the following co$e e"a ple C sa ple. private voi$ /e ove2utton+'lic#6ob-ect sen$er% Syste .EventArgs e7 ? 'ache./e ove6A'ache$*te A7D E .o* do you contro# ho* #ong data is cached? The 'ache ob-ectGs A$$ an$ *nsert etho$ para eters allow you to control how long an ite is store$ in the serverGs e ory. *n practice% these para eter settings provi$e only in$irect control of how long $ata re ains in e ory. *f your server runs low on available e ory% ASP.NET recovers as uch e ory as possible fro e"pire$ cache ite s. *f thatGs not enough% ASP.NET will unloa$ une"pire$ ite s fro the cache base$ on their priority an$ when they were last accesse$. What is CacheIte),riority enu)eration used or? 'ache*te Priority enu eration is use$ to set the relative i portance of cache$ ite s. 'ache*te Priority.Not/e oveable has the highest priority an$ 'ache*te Priority.)ow has the lowest priority. Which is the on#y "eventJ provided by Cache ob'ect? 'ache*te /e ove$ AeventS is the only AeventS provi$e$ by 'ache ob-ect. .o* do you update the Cache ob'ect *hen data changes? *te s store$ in the cache are often copies of $ata that is store$ an$ aintaine$ elsewhere% such as recor$s in a $atabase. Use the A$$ an$ *nsert etho$sG $epen$ency para eter to establish a relationship between a cache$ $ata ite an$ an e"ternal source% such as a file% a fol$er% or a group of files. The $epen$ency para eter accepts a 'ache!epen$ency ob-ect% which in turn i$entifies the file% fol$er% or set of files to watch for changes. ASP.NET chec#s the ti e sta p of the ite s in the 'ache!epen$ency ob-ect% if one of those ti e sta ps is later than the !ateTi e entere$ for the cache$ ite % ASP.NET unloa$s that ite fro the cache. What is frag ent caching? 'aching parts of web for is calle$ as rag)ent caching. So eti es you want to cache only part of a Web for response. 3or instance% a Web for ight contain any pieces of variable infor ation plus a single large table that al ost never changes. *n this case% you ight place that table in a Web user control an$ store the response for that control in cache. This techni&ue is calle$ rag)ent caching. What are the steps to o##o* to cache parts o *eb or)? To cache part of a Web for % follow these stepsK 1. Place the controls an$ content that you want to cache in a Web user control. 2. Set the caching attributes for that Web user control.

3. 'reate an instance of the Web user control on the Web for . What is ,artia#Caching attribute used or? 5ou can inclu$e the ,artia#Caching attribute in the controlGs class $eclaration to enable rag)ent caching. What are the 5utputCache directive attributes that app#y on#y to user contro#s? Shared 'ache a single response fro a user control for use on ultiple Web for s. 2y $efault% ASP.NET caches a separate response for each Web for that uses a cache$ user control. This attribute is only available in the .NET 3ra ewor# version 9.9 or later. :aryAyContro# 'ache ultiple responses for a single user contro# based on the value of one or ore controls containe$ in the user control. 'an you cache ultiple versions of a user control?5es% 5ou can cache ultiple versions of a user control base$ on the value of controls containe$ in a user control 6.ary2y'ontrol7 or base$ on a custo string 6.ary2y'usto 7. I a user contro# is read ro) the cache9 can you access its )e)bers ro) code? No% *n general% cache$ controls are use$ to present $ata such as &ueries fro a $atabase% rather than as interactive co ponents. ,owever% if you $o nee$ to access a cache$ control fro co$e% you ust first chec# that the control e"ists. *f the control is rea$ fro the cache% you canGt access its e bers fro co$e. 'ontrol e bers are available only when the control is not rea$ fro the cache% such as when the control is first instantiate$ an$ when it is reloa$e$ after its cache $uration has e"pire$. When caching is set at both the Web or) and user contro# #eve#s9 .o* does the cache settings interact? The cache location is $eter ine$ by the Web for setting. )ocation settings on a user control have no affect. *f the Web for Gs cache $uration is longer than the user controlGs% both the Web for response an$ the user control response will e"pire using the Web for setting. Coo(iesWhat are 'oo#ies in ASP.NET? 'oo#ies are s all pieces of infor ation store$ on the client co puter.Use coo#ies to store s all a ounts of infor ation on the clientGs achine. Web sites often use coo#ies to store user preferences or other infor ation that is client=specific. 2ecause coo#ies can be refuse$% it is i portant to chec# whether the browser allows the before you try to create the .They are li ite$ to storing only character $ata an$ they are li ite$ to >H in si4e. What are di erent types o Coo(ies? Session 'oo#ies Persistent 'oo#ies What are Session Coo(ies? Session coo#ies are store$ in= e ory $uring the client browser session. When the browser is close$ the session coo#ies are lost.

.o* can you create Session Coo(ies? 5ou can create session coo#ies by calling the A$$ etho$ of the 'oo#ies collection on the /esponse ob-ect. The 'oo#ies collection contains in$ivi$ual coo#ie ob-ects of type ,ttp'oo#ie. CC'o$e to create a UserNa e coo#ie containing the na e !avi$. ,ttp'oo#ie 'oo#ie:b-ect @ new ,ttp'oo#ie6AUserNa eA% A!avi$A7D /esponse.'oo#ies.A$$6'oo#ie:b-ect7D CC'o$e to rea$ the 'oo#ie create$ above /e&uest.'oo#iesOAUserNa eAP..alueD What is the di erence bet*een Session Coo(ies and ,ersistent Coo(ies? Persistent 'oo#ies are sa e as Session 'oo#ies e"cept that% persistent coo#ies have an e"piration $ate. The e"piration $ate in$icates to the browser that it shoul$ write the coo#ie to the client's har$ $rive. Heep in in$ that because a user can $elete coo#ies fro their achine that there is no guarantee that a coo#ie you A$ropA on a user achine will be there the ne"t ti e they visit your site. What are ,ersistent Coo(ies used or? Persistent coo#ies are generally use$ to store infor ation that i$entifies a returning user to a Web site. Typical infor ation foun$ in Persistent 'oo#ies inclu$es user na es or user *!s. .o* do you create a ,ersistent Coo(ie? 5ou create a persistent coo#ie the sa e way as session coo#ies e"cept that you set the E"pires property to a !ate in the future which will store the 'oo#ie to the client co puter har$$rive. CC'o$e to create a UserNa e Persistent 'oo#ie that lives for 9J $ays ,ttp'oo#ie 'oo#ie:b-ect @ new ,ttp'oo#ie6AUserNa eA% A!avi$A7D 'oo#ie:b-ect.E"pires @ !ateTi e.Now.A$$!ays69J7D /esponse.'oo#ies.A$$6'oo#ie:b-ect7D CC'o$e to rea$ the 'oo#ie create$ above /e&uest.'oo#iesOAUserNa eAP..alueD What is Coo(ie &ictionary? A coo#ie $ictionary is a single coo#ie ob-ect that stores ultiple pieces of infor ation. 5ou use the .alues property to access an$ assign new values to the coo#ie $ictionary. @ive an e+a)p#e using Coo(ie &ictionary? CC'o$e to create a 'oo#ie !ictionary ,ttp'oo#ie 'oo#ie:b-ect @ new ,ttp'oo#ie6AUserPreferenceA7D CCUse the .alues property to assign new values to the coo#ie $ictionary 'oo#ie:b-ect..alues.A$$6AUserNa eA% A!avi$A7D 'oo#ie:b-ect..alues.A$$6A'ountryA% AUSAA7D 'oo#ie:b-ect..alues.A$$6APrevious.isitA% !ateTi e.Now.ToString677D 'oo#ie:b-ect.E"pires @ !ateTi e.0a".alueD CCA$$ the 'oo#ie to the client achine using the /esponse ob-ect /esponse.'oo#ies.A$$6'oo#ie:b-ect7D

CC'o$e to rea$ the 'oo#ie create$ above ,ttp'oo#ie :b-ect'oo#ie @ /e&uest.'oo#iesOAUserPreferenceAPD string UserNa e @ :b-ect'oo#ie..aluesOAUserNa eAPD string 'ountry @ :b-ect'oo#ie..aluesOA'ountryAPD string Previous.isit @ :b-ect'oo#ie..aluesOAPrevious.isitAPD What are the advantages o 6sing Coo(ies? 1. 'oo#ies $o not re&uire any server resources since they are store$ on the client. 2. 'oo#ies are easy to i ple ent. 3. 5ou can configure coo#ies to e"pire when the browser session en$s 6session coo#ies7 or they can e"ist for a specifie$ length of ti e on the client co puter 6persistent coo#ies7. What are the disadvantages o 6sing Coo(ies? 1. Users can $elete a coo#ies. 2. Users browser can refuse coo#ies%so your co$e has to anticipate that possibility. 3. 'oo#ies e"ist as plain te"t on the client achine an$ they ay pose a possible security ris# as anyone can open an$ ta per with coo#ies. .o* do you create a Coo(ie that never e+pires? To create a 'oo#ie that never e"pires set the E"pires property of the 'oo#ie ob-ect to !ateTi e.0a".alue. $re Coo(ies secure? No% 'oo#ies are not secure. 5ou ust pay attention to the type of $ata you store in coo#ies. 1. 'oo#ies are not $esigne$ to store critical infor ation so storing passwor$s in a coo#ie is a ba$ i$ea. 2. Heep the lifeti e of a coo#ie as short as practically possible. 3. Encrypt coo#ie $ata to help protect the values store$ in the coo#ie. 8+ception .and#ingWhat are E"ceptions? E"ceptions are unusual occurrences that happen within the logic of an application. What are the 3 approaches to hand#e e+ceptions in a Web app#ication? 1. Use e"ception=han$ling structures to $eal with e"ceptions within the scope of a proce$ure. This techni&ue is calle$ structure$ e"ception han$ling 6SE,7 in the .isual Stu$io .NET $ocu entation. try catch ina##y 2. Use error events to $eal with e"ceptions within the scope of an ob-ect. ,age%8rror @#oba#%8rror $pp#ication%8rror 3. Use custo error pages to $isplay infor ational essages for unhan$le$ e"ceptions within the scope of a Web application. Where *i## the contro# #o* i an e+ception occurs inside a try b#oc(? *f a state ent in a try bloc# causes an e"ception% control flow passes i e$iately to the ne"t

catch state ent. When control flow passes to a catch bloc#% the state ents containe$ in the catch bloc# are processe$ to correct the error or otherwise han$le the e"ception. Wi## the ina##y b#oc( gets e+ecuted9 i an e+ception occurs? 5es% a finally bloc# will always be e"ecute$ irrespective of whether an e"ception has occure$ or not. What is the )ain use o a ina##y b#oc( in e+ception hand#ing? 3inally bloc# is ainly use$ to free resources use$ within the try bloc#. .o* do you raise an e+ception? Use the throw #eywor$ to raise an e"ception. Use this #eywor$ within your e"ception=han$ling structure to i e$iately pass control flow to the catch state ent. Wi## the o##o*ing code b#oc( co)pi#e? try ? throw new Syste .*:.3ileNot3oun$E"ception67D E catch 6E"ception E7 ? /esponse.Write6E.0essage7D E catch 6Syste .*:.3ileNot3oun$E"ception 3N3E7 ? /esponse.Write63N3E.0essage7D E 7o9 a co)pi#e ti)e error A previous catch clause alrea$y catches all e"ceptions of this or of a super type 6'Syste .E"ception'7. 'atch bloc#s are evaluate$ in the or$er in which they appear in co$e. The e"ception $eclaration of each catch bloc# $eter ines which type of e"ception the catch bloc# han$les. Always or$er catch bloc#s fro ost specific to ost general. So% in the prece$ing sa ple% 3ileNot3oun$E"ception shoul$ be place$ before the general E"ception catch bloc#. What is $pp#ication8+ception c#ass used or? *f you are creating a large application or creating co ponents that are use$ by other applications% you ight want to $efine your own e"ception classes base$ on the ApplicationE"ception class. 3or e"a ple% the following co$e $efines a class for the User)ogge$:nE"ceptionK public class User)ogge$:nE"ception K Syste .ApplicationE"ception ? CC E"ception constructor 6overloa$e$7. public User)ogge$:nE"ception67 K this6AThe user is alrea$y logge$ on to the serverA% null7 ? E public User)ogge$:nE"ception6string essage7 K this6 essage% null7 ?

E public User)ogge$:nE"ception6string essage% E"ception inner7 K base6 essage% inner7 ? E E The prece$ing User)ogge$:nE"ception class inherits its properties an$ etho$s fro the ApplicationE"ception base class. The new e"ception class provi$es only its own constructor to set the $efault essage to $isplay. This is a stan$ar$ practice. What are 8rror 8vents? Another way to han$le e"ceptions is through the Web ob-ectsG built=in error events. When an unhan$le$ e"ception occurs in a Web application% ASP.NET fires the error events shown below. ,age%8rror = :ccurs when an unhan$le$ e"ception occurs on the page. This event proce$ure resi$es in the Web for . @#oba#%8rror = :ccurs when an unhan$le$ e"ception occurs in the application. This event proce$ure resi$es in the 1lobal.asa" file. $pp#ication%8rror = :ccurs when an unhan$le$ e"ception occurs in the application. This event proce$ure resi$es in the 1lobal.asa" file. Error events let you han$le e"ceptions for an entire ob-ect in a single% centrali4e$ locationTthe error event proce$ure. This is $ifferent fro using e"ception=han$ling structures% in which e"ceptions are han$le$ within the proce$ure where they occurre$. 5ou can use error events in the following waysK $s a substitute or e+ception-hand#ing structures = 2ecause error events occur outsi$e the scope of the proce$ure in which the error occurre$% you have less infor ation about the steps lea$ing up to the e"ception an$ therefore less ability to correct the e"ception con$ition for the user. ,owever% using e"ception=han$ling events is fine for tas#s where you ight not be able to correct the e"ception in co$e. $s an ad'unct to e+ception-hand#ing structures = Error events can provi$e a centrali4e$ Ubac#stopS against e"ceptions that were not foreseen or han$le$ elsewhere. Using the two e"ception=han$ling techni&ues together lets you catch all e"ceptions before the user sees the % $isplay a reasonable essage% an$ even recor$ the e"ception in a log as part of an ongoing effort to i prove your application. @ive an e+a)p#e to sho* ho* error events can be used to hand#e e+ceptions? To han$le an e"ception using error events% follow these stepsK 1. *n the Page+Error event proce$ure% get the e"ception that occurre$ using the 1et)astError etho$. 2. !o so ething with the e"ception% such as $isplay a essage to the user% ta#e steps to correct the proble % or write to an error log. 3. 'lear the e"ception using the 'learError etho$. 4. /e$isplay the page. Web for processing stops i e$iately when an e"ception occurs% so server controls an$ other ite s on the page ight not be $isplaye$ after the e"ception is cleare$. ;. A$$ the following co$e to Page+Error event proce$ure on the web page. private voi$ Page+Error6ob-ect sen$er% Syste .EventArgs e7 ? CC 1et the error.

E"ception e" @ Server.1et)astError67D CC Store the essage in a session ob-ect. SessionOAErrorAP @ e".0essageD CC 'lear the error essage. Server.'learError67D CC /e$isplay this page. Server.Transfer6AErrorEvents.asp"A7D E The prece$ing co$e stores the e"ception essage as a Session state variable before clearing the e"ception so that the essage can be $isplaye$ when the page is reloa$e$ by the Transfer etho$. The following co$e $isplays the save$ e"ception essage when the page is re$isplaye$K A$$ the following co$e to Page+)oa$ event proce$ure on the web page. private voi$ Page+)oa$6ob-ect sen$er% Syste .EventArgs e7 ? CC !isplay error. if any. if 6SessionOAErrorAP F@ null7 ? litError.Te"t @ AThe following error occurre$K AQ SessionOAErrorAP.ToString67D CC 'lear the Session state variable. SessionOAErrorAP @ nullD E E Can you have a try b#oc( *ithout a catch or a ina##y b#oc(? No% you cannot have a try bloc# without a catch or a finally bloc#. A try bloc# cannot e"ist in isolation. A try bloc# shoul$ be followe$ by either a catch bloc# or a finally bloc# or both. Is the o##o*ing code #ega#? try ? /esponse.Write6ATry bloc# e"ecute$A7D E finally ? /esponse.Write6A3inally bloc# e"ecute$A7D E 5es% it's legal. A try state ent $oes not have to have a catch state ent if it has a finally state ent. What is *rong *ith using the o##o*ing type o e+ception hand#er? catch6E"ception E7 ? CCSo e 'o$e E This han$ler catches e"ceptions of type E"ception% therefore% it catches any e"ception. This can be a poor i ple entation because you are losing valuable infor ation about the type of e"ception

being thrown an$ a#ing your co$e less efficient. As a result% your progra ay be force$ to $eter ine the type of e"ception before it can $eci$e on the best recovery strategy.

Wi## the second catch b#oc( hand#e the e+ception thro*n by the irst catch b#oc(? try ? throw new Syste .*:.3ileNot3oun$E"ception67D E catch 6Syste .*:.3ileNot3oun$E"ception 3N3E7 ? /esponse.Write63N3E.0essage7D throw new E"ception67D E catch6E"ception E7 ? /esponse.Write6E.0essage7D E No. 3or a catch bloc# to han$le the e"ception% the state ent that raise$ the e"ception insi$e a try bloc#. ust be

What *i## happen to the e+ception raised by the code in the o##o*ing Autton1%C#ic( event procedure? protecte$ voi$ 2utton9+'lic#6ob-ect sen$er% EventArgs e7 ? throw new E"ception67D try ? /esponse.Write6A,elloA7D E catch 6E"ception E7 ? /esponse.Write6E.0essage7D E E The e"ception will not be han$le$ by the catch bloc# because the state ent that raise$ the e"ception ust be insi$e a try bloc#. "anaged and 6n)anaged CodeWhat is 0anage$ 'o$e an$ Un anage$ 'o$e? 0icrosoft ASP.NET Web applications run un$er the control of the co on language runti e 6')/7. The ')/ controls how the applicationGs asse bly e"ecutes% allocates% an$ recovers e oryD therefore% ASP.NET applications are sai$ to use anage$ co$e. *n contrast% ost other Win$ows e"ecutables use un anage$ co$e because the e"ecutable itself $eter ines how e ory is use$. E"a ples of un anage$ co$e inclu$e the 0icrosoft Win<8 AP*% legacy !))s an$ ELEs create$ for Win$ows applications prior to the 0icrosoft .NET 3ra ewor#% an$ ':0 ob-ects.

What is ,#at or) Invo(e or pinvo(e? The process of e"ecuting native co$e fro within a .NET asse bly is calle$ platfor invo#e% or pinvo#e for short. 5ou use platfor invo#e to call the Win<8 AP* $irectly% to access e"isting 6legacy7 !))s your co pany uses% or to access proce$ures co pile$ to native co$e for perfor ance reasons. What are the steps to o##o* to use ,#at or) Invo(e? To use platfor invo#e% follow the following stepsK 1. * port the Syste ./unti e.*nteropServices na espace. 2. !eclare the un anage$ proce$ure using the !ll* port attribute or the !eclare state ent. 3. 0ap the $ata types of the proce$ures para eters to the e&uivalent .NET types. 4. 'all the un anage$ proce$ure an$ test its return value for success. ;. *f the proce$ure $i$ not succee$% retrieve an$ han$le the e"ception co$e using the 0arshal ob-ectGs 1et)astWin<8Error etho$. What are the #i)itations o using 6n)anaged Code ro) *ithin a .780 asse)b#y? ,er or)ance = Although native=co$e !))s can perfor so e operations ore &uic#ly than e&uivalent co$e anage$ by the ')/% these benefits ight be offset by the ti e it ta#es to arshal the $ata to pass between the un anage$ proce$ure an$ the .NET asse bly. 0ype sa ety = Unli#e .NET asse blies% un anage$ proce$ures ight not be type=safe. This can affect the reliability of your .NET application. *n general% reliability is a para ount concern with ASP.NET Web applications. Code security = Un anage$ proce$ures $o not use the .NET 3ra ewor#Gs o$el for co$e security. .ersioningKUn anage$ co$e $oes not support .NET versioningD therefore% asse blies that call un anage$ proce$ures ight lose the benefit of being able to coe"ist with other versions of the sa e asse bly. What are C5" ob'ects? ':0 ob-ects are another type of un anage$ co$e that you can use fro .NET asse blies. 2ecause ':0 is wi$ely use$% .isual Stu$io inclu$es built=in tools for i porting an$ using ':0 ob-ects within .NET asse blies. .isual Stu$io also inclu$es the option of auto atically registering .NET class library asse blies for use fro ':0. What happens when you a$$ a reference to a ':0 ob-ect fro with in a $ot net application? When you a$$ a reference to a ':0 ob-ect% .isual Stu$io auto atically generates an interop asse bly for the ob-ect an$ places it in the pro-ectGs Cbin fol$er. The interop asse bly is create$ fro the ':0 ob-ectGs type infor ation an$ contains the eta$ata that the ')/ uses to call the un anage$ co$e in the ':0 ob-ect. 5ou can then use ':0 ob-ects fro within .NET co$e the sa e way that you use .NET classes. 5ou can view this interop asse bly using the 0icrosoft *nter e$iate )anguage !isasse bler 6*l$as .e"e7 inclu$e$ in the .NET 3ra ewor#. Can *e create a .780 ob'ect or use ro) C5"? 5es% .isual Stu$io can auto atically generate type library infor ation an$ register a .NET class library asse bly for use fro ':0. These auto atic tools $o not wor# for ASP.NET Web applications% so you ust isolate the co$e you want to use fro ':0 in its own 'lass )ibrary pro-ect.

.o* do you hide ,ub#ic .780 C#asses and other pub#ic )e)bers ro) C5"? *n so e cases% you ight want to hi$e selecte$ .NET classes fro ':0 but #eep the public for use fro other .NET asse blies. The 'o .isible attribute allows you to select which public .NET classes an$ e bers are inclu$e$ in the generate$ type library. This attribute applies hierarchically for the asse bly% class% an$ e ber levels. .o* do you hand#e e+ceptions bet*een .780 and C5"? .NET han$les errors through e"ception classes. ':0 han$les errors through <8=bit $ata types calle$ ,/ESU)Ts. All of the .NET e"ception classes inclu$e ,/esult properties that ap to ':0 ,/ESU)T co$es. *f an e"ception occurs in a .NET ob-ect% the e"ception is auto atically appe$ to the appropriate ,/ESU)T an$ returne$ to ':0. Si ilarly% if an e"ception occurs in a ':0 ob-ect% the ':0 ,/ESU)T is appe$ to the appropriate e"ception class% which is returne$ to .NET% where it can be han$le$ -ust li#e any other e"ception. *f you are creating your own .NET e"ception classes for use with ':0% be sure to set the classGs ,/esult property so that the e"ception can be han$le$ within ':0. What are the technica# #i)itations o C5" Interop? The .NET 3ra ewor# was $evelope$ to a$$ress the li itations of ':0. 2ecause of this evolution% there are li its to the .NET features that you can use fro ':0. The following list $escribes these li itsK Static )e)bers = ':0 re&uires ob-ects to be create$ before use% so it $oes not support .NET Static e bers. 7e* )e)bers = ':0 flattens the inheritance tree of .NET ob-ects% so e bers in a $erive$ class that hi$es e bers inherite$ fro a base class are not callable. Constructors *ith para)eters = ':0 canGt pass para eters to an ob-ectGs constructor. What are the practica# #i)itations o using C5" ob'ects? The following are the practical li itations of using ':0 ob-ects fro .NETK Shared so#utions )ight not a##o* C5" ob'ects = ASP.NET host service provi$ers that use non$e$icate$ servers can li it or prohibit the installation of ':0 ob-ects on their servers. C5" ob'ects are prone to )e)ory #ea(s = ':0 uses reference counting to $eter ine when to $estroy ob-ects an$ free e ory. *t is possible for this reference count to beco e incorrect% leaving ob-ects in e ory in$efinitely. 0ype #ibraries )ight be inaccurate = 2ecause ':0 separates the ob-ectGs $escription fro its i ple entation% itGs possible for this $escription to not accurately reflect the ob-ect. *n this case% the generate$ interop asse bly will also inclu$e those inaccuracies. C5" is un)anaged code = All the li itations of un anage$ co$e apply to ':0 ob-ects as well. 0racingWhat is an e"ception log? An e"ception log is a list of han$le$ e"ceptions that occur while your application is running. /eviewing the e"ception log perio$ically helps you verify that e"ceptions are being han$le$ correctly% are not occurring too fre&uently% an$ are not preventing users fro acco plishing tas#s with your application. What is 0racing and *hat are the adavantages o using tracing to #og e+ceptions? Tracing is a techni&ue for recor$ing events% such as e"ceptions% in an application. There have

always been ways to recor$ errors in an application = usually by opening a file an$ writing error essages to it. 2ut tracing offers the following significant a$vantagesK StandardiKation=2uil$ing tracing into the .NET 3ra ewor# ensures that progra ing techni&ues are the sa e across all the applications you $evelop with the .NET 3ra ewor#. Aui#t-in Web support=ASP.NET e"ten$s the .NET 3ra ewor# tools by inclu$ing infor ation relate$ to the perfor ance an$ behavior of Web re&uests. Con iguration=5ou can turn tracing on an$ off using settings in your applicationGs configuration file. 5ou $onGt have to reco pile your application to enable or $isable tracing. ,er or)ance=While $isable$% tracing state ents $o not affect application perfor ance. .o* do you turn tracing on and o or an $S,.780 *eb app#ication? Tracing can be turne$ on or off for an entire Web application or for an in$ivi$ual page in the applicationK 1. To turn tracing on for an entire application% in the applicationGs Web.config file% set the trace ele entGs Enable$ attribute to True. :r 2. To turn tracing on for a single page% set the !:'U0ENT ob-ectGs Trace property to True in the .isual Stu$io .NET Properties win$ow. This sets the ; Page $irectiveGs Trace attribute to True in the Web for Gs ,T0). Where is the trace output disp#ayed by de au#t? 2y $efault% trace output is $isplaye$ at the en$ of each Web page. While this is fine for $ebugging purposes% youGll generally want to write trace output to a log file when you start testing your co plete$ application. To write trace essages to a log file for an entire application% in the applicationGs Web.config file% set the trace ele entGs Page:utput attribute to 3alse. ASP.NET then writes trace output to the Trace.a"$ file in your applicationGs root fol$er. .o* do you speci y9 ho* )any page re>uets shou#d be *ritten to the trace #og? The ele ent's /e&uest)i it attribute can be use$ to specify how any page re&uests to write to the trace log. 3or e"a ple% the following line fro a Web.config file turns on tracing for the application an$ writes the first 9J re&uests to the Trace.a"$ fileK .o* do you *rite trace )essages to a #og i#e or on#y se#ected pages in an app#ication? To write trace essages to a log file for only selecte$ pages in an application% follow these stepsK *n the applicationGs Web.config file% set the trace ele entGs Enable$ attribute to True an$ Page:utput attribute to 3alse. 3or each Web page you want to e"clu$e fro tracing% set the ; Page $irectiveGs Trace attribute to 3alse. What is the di erence bet*een 0race.Write23 and 0race.Warn23 )ethods o a trace ob'ect? The Trace ob-ect provi$es the Write an$ Warn etho$s to allow you to write essages to a re&uestGs trace infor ation. The two etho$s are i$entical with one $ifferenceK essages written with Trace.Write are $isplaye$ in blac#% whereas essages written with Trace.Warn are $isplaye$ in re$. .o* do you progra)atica##y chec( i tracing is enab#ed? The Trace ob-ectGs *sEnable$ property can be use$ to progra atically chec# if tracing is enable$.

.o* do you prevent ro) trace output being *ritten at the botto) o the *eb page? 5ou can prevent fro trace output being written at the botto of the web page by setting the trace ele entGs Page:utput attribute to 3alse in the Web.config file. What is the na)e o the i#e to *hich trace #og is *ritten? Trace.a"$ Can you vie* 0race.a+d ro) a re)ote )achine? No% by $efault% you can view Trace.a"$ only fro the local server running the application. *f you want to view the trace log fro a re ote achine% set the trace ele entGs )ocal:nly attribute to 3alse in the Web.config file Session State and $pp#ication StateWhat is a Session? A Session is a uni&ue instance of the browser. A single user can have ultiple instances of the browser running on his or her achine. *f each instance visits your Web application% each instance has a uni&ue session.A session starts when a user accesses a page on a Web site for the first ti e% at which ti e they are assigne$ a uni&ue session *!. The server stores the user's session *! in the Session.Session*! property. What is the de au#t session ti)eout period? 8J inutes. Where do you genera##y speci y the Session 0i)eout? 5ou specify the Session Ti eout setting in the web.config file. Can you speci y Session 0i)eout in a code behind i#e? 5es% can specify the Session.Ti eout property as shown below in a co$e behin$ file. Session.Ti eout @ 9JD .o* do you end a user session? 5ou can call the Session.Aban$on67 etho$ to en$ a user session. *f a user then tries to access a page the server will assign the a new session *! an$ it will clear all the previous session variables. 5ou'll typically use Session.Aban$on67 on log=out pages. What type o data can you store in $pp#ication State and Session State variab#es? Application State an$ Session State variables are use$ to store $ata that you want to #eep for the lifeti e of an application or for the lifeti e of a session. 5ou can store any type of $ata in the Application or Session state% inclu$ing ob-ects. $re $pp#ication State or Session State variab#es type sa e? No% Application an$ Session state variables are create$ on the fly% without variable na e or type chec#ing. &o )aintaining Session state a ects per or)ance? 5es Can you turn o Session state? 5es% Session state can be turne$ off at the application an$ page levels.

$re $pp#ication state variab#es avai#ab#e throughout the current process? 5es% Application state variables are available throughout the current process% but not across processes. *f an application is scale$ to run on ultiple servers or on ultiple processors within a server% each process has its own Application state. .o* do you disab#e Session state or a Web or)? To turn Session state off for a Web for set EnableSessionState property of the Page to 3alse. .o* do you turn Session state o or an entire *eb app#ication? *n the Web.config file% set the sessionstate tag to 3alse. What are $pp#ication State variab#es? Application State variables are global variables that are available fro application. All Sessions can access Application State variables. .o* to add and re)ove data to $pp#ication State :ariab#es? CC'o$e to a$$ $ata to Application State Application.A$$6AAppNa eA% ASa pleA7D CC'o$e to re ove $ata fro Application State Application./e ove6AAppNa eA7D .o* do you re)ove a## $pp#ication State :ariab#es data? CC'o$e to re ove all Application State .ariables $ata Application./e oveAll67D 0ransactionWhat is a transaction? A transaction is a group of co an$s that change the $ata store$ in a $atabase. The transaction% which is treate$ as a single unit% assures that the co an$s are han$le$ in an all=or=nothing fashion. if one of the co an$s fails% all of the co an$s fail% an$ any $ata that was written to the $atabase by the co an$s is bac#e$ out. *n this way% transactions aintain the integrity of $ata in a $atabase. A!:.NET lets you group $atabase operations into transactions. What is the )ain purpose o database transactions? The ain purpose of $atabase transactions is to aintain the integrity of $ata in a $atabase. .o* do you deter)ine *hich SQL co))ands are part o a transaction? 5ou can $eter ine what $atabase co an$s belong in a transaction by using the A'*! test. 'o an$s ust be ato ic% consistent% isolate$% an$ $urable. 'o an$s belong in a transaction if they areK $to)ic=*n other wor$s% they a#e up a single unit of wor#. 3or e"a ple% if a custo er oves% you want your $ata entry operator to change all of the custo erGs a$$ress fiel$s as a single unit% rather than changing street% then city% then state% an$ so on. Consistent=All the relationships between $ata in a $atabase are aintaine$ correctly. 3or e"a ple% if custo er infor ation uses a ta" rate fro a state ta" table% the state entere$ for the custo er ust e"ist in the state ta" table. Iso#ated='hanges a$e by other clients canGt affect the current changes. 3or e"a ple% if two $ata entry operators try to a#e a change to the sa e custo er at the sa e ti e% one of two things occursK either one operatorGs changes are accepte$

anywhere in the

an$ the other is notifie$ that the changes werenGt a$e% or both operators are notifie$ that their changes were not a$e. *n either case% the custo er $ata is not left in an in$eter inate state. &urab#e=:nce a change is a$e% it is per anent. *f a syste error or power failure occurs before a set of co an$s is co plete% those co an$s are un$one an$ the $ata is restore$ to its original state once the syste begins running again. Why is transaction processing very i)portant or *eb app#ications? Transaction processing is very i portant for Web applications that use $ata access% because Web applications are $istribute$ a ong any $ifferent clients. *n a Web application% $atabases are a share$ resource% an$ having any $ifferent clients $istribute$ over a wi$e area can present the below #ey proble s. Contention or resources=Several clients ight try to change the sa e recor$ at the sa e ti e. This proble gets worse the ore clients you have. 6ne+pected ai#ures=The *nternet is not the ost reliable networ# aroun$% even if your Web application an$ Web server are 9JJ percent reliable. 'lients can be une"pecte$ly $isconnecte$ by their service provi$ers% by their o$e s% or by power failures. Web app#ication #i e cyc#e=Web applications $onGt follow the sa e life cycle as Win$ows applicationsTWeb for s live for only an instant% an$ a client can leave your application at any point by si ply typing a new a$$ress in his or her browser. List the steps in order to process a transaction? 9.2egin a transaction. 8.Process $atabase co an$s. <.'hec# for errors. >.*f errors occurre$% restore the $atabase to its state at the beginning of the transaction. *f no errors occurre$% co it the transaction to the $atabase. 8+p#ain ho* a &ataSet provides transaction processing? !ataSet provi$e transaction processing through the /e-ect'hanges an$ Up$ate etho$s. !ataSet also provi$e an Accept'hanges etho$ that resets the state of recor$s in a $ata set to Unchange$. !ata sets provi$e i plicit transaction processing% because changes to a $ata set are not a$e in the $atabase until you invo#e the Up$ate etho$ on the $ata a$apter ob-ect. This lets you perfor a set of co an$s on the $ata an$ then choose a point at which to a#e the changes per anent in the $atabase. *f an error occurs $uring the Up$ate etho$% none of the changes fro the $ata set is $atabase. At that point% you can either atte pt to correct the error an$ try the Up$ate again or un$o the changes pen$ing in the $ata set using the $ata setGs /e-ect'hanges a$e in the etho$ etho$.

@ive an e+a)p#e to sho* ho* &ataSets provide transaction processing? )et us assu e we have a !ata1ri$ that $isplays e ployee infor ation. Every row also has a $elete button% which when you clic# will $elete that row. :n this page we also have a /estore an$ 'o it buttons. When you clic# the /estore button you shoul$ be able to restore the $ata to its previous state. When you clic# the 'o it button you shoul$ be able to up$ate the $atabase with the $eletions a$e in the !ataSet. The co$e for 'o it an$ /estore buttons is shown below. private voi$ but/estore+'lic#6ob-ect sen$er% Syste .EventArgs e7 ? CC /estore the $ata set to its original state.

$s'ontacts./e-ect'hanges67D CC /efresh the $ata gri$. gr$'ontacts.!ata2in$67D E private voi$ but'o it+'lic#6ob-ect sen$er% Syste .EventArgs e7 ? int int/owsD CC Up$ate the $atabase fro the $ata set. int/ows @ a$pt'ontacts.Up$ate6$s'ontacts7D CC Save changes to state variable. SessionOA$s'ontactsAP @ $s'ontactsD CC /efresh the $ata gri$. gr$'ontacts.!ata2in$67D E The /e-ect'hanges etho$ in the prece$ing but/estore+'lic# event proce$ure returns the $ata set to its state before the row was $elete$. The $ata setGs Accept'hanges etho$ is the inverse of /e-ect'hangesTit resets the !ata/owState property for all the change$ rows in a $ata set to Unchange$ an$ re oves any $elete$ rows. The Accept'hanges etho$ prevents the Up$ate etho$ fro a#ing those changes in the $atabase% however% because Up$ate uses the rowsG !ata/owState property to $eter ine which rows to o$ify in the $atabase. 3or this reason% the Accept'hanges etho$ is useful only when you $o not inten$ to up$ate a $atabase fro the $ata set. What are the 3 types o transaction ob'ects avai#ab#e in $&5.780? As we have < types of $atabase connections in A!:.NET% there are also < types of transaction ob-ectsK S&lTransaction :racleTransaction :le!bTransaction What are the steps invo#ved in using a transaction ob'ect in $&5.780? 9.:pen a $atabase connection. 8.'reate the transaction ob-ect using the $atabase connection ob-ectGs 2eginTransaction etho$. <.'reate co an$ ob-ects to trac# with this transaction% assigning the Transaction property of each co an$ ob-ect to the na e of the transaction ob-ect create$ in step 8. >.E"ecute the co an$s. 2ecause the purpose of transaction processing is to $etect an$ correct errors before $ata is written to the $atabase% this is usually $one as part of an error=han$ling structure. I.'o it the changes to the $atabase or restore the $atabase state% $epen$ing on the success of the co an$s. 'lose the $atabase connection. What property o a transaction ob'ect deter)ines ho* concurrent changes to a database are hand#ed? *solation)evel property of the transaction ob-ect is use$ to $eter ine how concurrent changes to a $atabase are han$le$. What are di erent iso#ation #eve#s o a transaction ob'ect in $&5.780?

?ead6nco))itted=!oes not loc# the recor$s being rea$. This eans that an unco itte$ change can be rea$ an$ then rolle$ bac# by another client% resulting in a local copy of a recor$ that is not consistent with what is store$ in the $atabase. This is calle$ a $irty rea$ because the $ata is inconsistent. Chaos=2ehaves the sa e way as /ea$Unco itte$% but chec#s the isolation level of other pen$ing transactions $uring a write operation so that transactions with ore restrictive isolation levels are not overwritten. ?eadCo))itted=)oc#s the recor$s being rea$ an$ i e$iately frees the loc# as soon as the recor$s have been rea$. This prevents any changes fro being rea$ before they are co itte$% but it $oes not prevent recor$s fro being a$$e$% $elete$% or change$ by other clients $uring the transaction. This is the $efault isolation level. ?epeatab#e?ead=)oc#s the recor$s being rea$ an$ #eeps the loc# until the transaction co pletes. This ensures that the $ata being rea$ $oes not change $uring the transaction. Seria#iKab#e=)oc#s the entire $ata set being rea$ an$ #eeps the loc# until the transaction co pletes. This ensures that the $ata an$ its or$er within the $atabase $o not change $uring the transaction. What is the de au#t iso#ation #eve# in a transaction? /ea$'o itte$ What is a Save ,oint in a transaction in $&5.780? S&l'onnection ob-ect provi$e one transaction capability that is unavailable for :)E $atabase connectionsK the ability to create save points within a transaction. Save points let you restore the $atabase state to a specific position within the current transaction. To set a save point within a S() transaction% use the Save etho$ as shown below. Transaction:b-ect.Save6A3irstStepA7D .o* do you restore a SQL transaction to a speci ic save point? To restore a S() transaction to a save point% specify the na e of the save point in the /ollbac# etho$ as shown below. Transaction:b-ect./ollbac#6A3irstStepA7D 6ser Contro#sWhat are ASP.NET 'usto controls? 'usto controls e"ten$ the tools available to Web $evelopers. Using custo controls% you can encapsulate #ey aspects of the visual interface an$ progra logic that you want to reuse throughout your application% or throughout your organi4ation. What are the 3 types o custo) contro#s in $S,.780? 0icrosoft .isual Stu$io .NET provi$es three types of custo control for use on Web for s. 1. Web user contro#s These co bine e"isting server an$ ,T0) controls by using the .isual Stu$io .NET !esigner to create functional units that encapsulate so e aspect of the user interface. User controls resi$e in content files% which ust be inclu$e$ in the pro-ect in which the controls are use$. 2. Co)posite custo) contro#s These create new controls fro e"isting server an$ ,T0) controls. Although si ilar to user controls% co posite controls are create$ in co$e rather than visually% an$ therefore they can be co pile$ into an asse bly 6.$ll7% which can be share$ between ultiple applications an$ use$ fro the Toolbo" in .isual Stu$io .NET.

3. ?endered custo) contro#s These create entirely new controls by ren$ering ,T0) $irectly rather than using co position. These controls are co pile$ an$ can be use$ fro the Toolbo"% -ust li#e co posite controls% but you ust write e"tra co$e to han$le tas#s that are perfor e$ auto atically in co posite controls. What are the #i)itations o user contro#s in $S,.780? As the user controls are not co pile$ into asse blies% they have the following li itationsK 1. A copy of the control ust e"ist in each Web application pro-ect in which the control is use$. 2. User controls canGt be loa$e$ in the .isual Stu$io .NET Toolbo"D instea$% you ust create the by $ragging the control fro Solution E"plorer to the Web for . 3. User control co$e is initiali4e$ after the Web for loa$s% which eans that user control property values are not up$ate$ until after the Web for Gs )oa$ event. What are the steps to o##o* or creating and using a user contro# in a Web app#ication? 1. A$$ a Web user control page 6.asc"7 to your pro-ect. 2. !raw the visual interface of the control in the $esigner. 3. Write co$e to create the controlGs properties% etho$s% an$ events. 4. Use the control on a Web for by $ragging it fro Solution E"plorer to the Web for on which you want to inclu$e it. ;. Use the control fro a Web for Gs co$e by $eclaring the control at the o$ule level an$ then using the controlGs etho$s% properties% an$ events as nee$e$ within the Web for . .o* do you identi y user contro#s? User controls are i$entifie$ by their .asc" file e"tensions. What is the base c#ass ro) *hich user contro#s derive? User controls $erive fro Syste .Web.U*.User'ontrol base class. This base class provi$es the base set of properties an$ etho$s you use to create the control. What are the steps to o##o* to create properties and )ethods or the user contro# that you can use ro) a Web or)? To create properties an$ etho$s for the user control that you can use fro a Web for % follow these stepsK 1. 'reate the public property or etho$ that you want to a#e available on the containing Web for . 2. Write co$e to respon$ to events that occur for the controls containe$ within the user control. These event proce$ures $o the bul# of the wor# for the user control. 3. *f the property or etho$ nee$s to retain a setting between page $isplays% write co$e to save an$ restore settings fro the controlGs .iewState. What happens *hen you drag a user contro# ro) so#ution e+p#orer and drop it on a *eb or)? When you $rag a user control fro solution e"plorer an$ $rop it on a web for % .isual Stu$io .NET generates a ;/egister $irective an$ ,T0) tags to create the control on the Web for . Custo) Contro#sWhat are co posite custo controls? 'o posite custo controls co bine one or ore server or ,T0) controls within a single control class% which can be co pile$ along with other control classes to create an asse bly 6.$ll7 that

contains a custo control library. :nce create$% the custo control library can be loa$e$ into .isual Stu$io .NET an$ use$ in the sa e way as the stan$ar$ server an$ ,T0) controls. 'o posite custo controls are functionally si ilar to user controls% but they resi$e in their own asse blies% so you can share the sa e control a ong ultiple pro-ects without having to copy the control to each pro-ect% as you ust $o with user controls. ,owever% co posite controls are so ewhat ore $ifficult to create because you canGt $raw the visually using the .isual Stu$io .NET !esigner. What are the steps to o##o* create and use a custo) contro# in a Web app#ication? 1. 'reate a solution containing a custo control pro-ect. 2. A$$ a Web application pro-ect to the solution% an$ set it as the startup pro-ect. 5ou will use the Web application pro-ect to test the custo control $uring $evelop ent. 3. A$$ a pro-ect reference fro the Web application to the custo control pro-ect% an$ a$$ an ,T0) ;/egister $irective an$ control ele ent to use the custo control on a Web for . 4. 'reate the custo controlGs visual interface by a$$ing e"isting controls to it through the custo controlGs 'reate'hil$'ontrols etho$. ;. A$$ the properties% etho$s% an$ events that the custo control provi$es. B. 2uil$ an$ test the custo control. In genera# *hat is the base c#ass or every co)posite custo) contro#? Syste .Web.U*.Web'ontrols.Web'ontrol Which directive is used to add a custo) contro# to a Web or)? /egister $irective. What are the 3 ?egister directive<s attributes? 0ag,re i+ This na e i$entifies the group that the user control belongs to. 3or e"a ple% the tag prefi" for ASP.NET server controls is UaspS. 5ou use this prefi" to create a na ing convention to organi4e your custo controls. 7a)espace This is the pro-ect na e an$ na espace within the custo control asse bly that contains the controls to register. 0icrosoft .isual 2asic .NET uses the pro-ect na e as an i plicit na espace% so for controls written in .isual 2asic .NET% use the pro-ect na e. $sse)b#y This is the na e of the asse bly 6.$ll7 containing the custo controls. The control asse bly ust be reference$ by the Web application. /eferencing the asse bly aintains a copy of it in the Web applicationGs Cbin $irectory. What are the di erences bet*een 6ser Contro#s and Custo) Contro#s? 1. User 'ontrols are easy to create where as 'usto 'ontrols are $ifficult to create. 2. User 'ontrols cannot be co pile$ into an asse bly% where as 'usto 'ontrols can be co pile$ into an asse bly. 3. User 'ontrols cannot be a$$e$ to tool bo"% where as 'usto controls can be a$$e$ to the toolbo". 4. 5ou nee$ to have a copy of user control in every pro-ect where you want to use it% where as this is not the case with custo controls. 5ou can install a single copy of the Web custo control in the global asse bly cache an$ share it between applications% which a#es aintenance easier.

;. User controls are use$ for reusing e"isting user interface ele ents an$ co$e% but are not useful for $eveloping reusable co ponents for ultiple web applications.

What is 1lobali4ation? 1lobali4ation is the process of creating an application that eets the nee$s of users fro ultiple cultures. This process involves translating the user interface ele ents of an application into ultiple languages% using the correct currency% $ate an$ ti e for at% calen$ar% writing $irection% sorting rules% an$ other issues. Acco o$ating these cultural $ifferences in an application is calle$ locali4ation. The 0icrosoft .NET 3ra ewor# si plifies locali4ation tas#s substantially by a#ing its for atting% $ateCti e% sorting% an$ other classes culturally aware. Using classes fro the Syste .1lobali4ation na espace% you can set the applicationGs current culture% an$ uch of the wor# is $one auto aticallyF What are the 3 di erent *ays to g#oba#iKe *eb app#ications? &etect and redirect approach = *n this approach we create a separate Web application for each supporte$ culture% an$ then $etect the userGs culture an$ re$irect the re&uest to the appropriate application. This approach is best for applications with lots of te"t content that re&uires translation an$ few e"ecutable co ponents. ?un-ti)e ad'ust)ent approach = *n this approach we create a single Web application that $etects the userGs culture an$ a$-usts output at run ti e using for at specifiers an$ other tools. This approach is best for si ple applications that present li ite$ a ounts of content. Sate##ite asse)b#ies approach = *n this approach we create a single Web application that stores culture=$epen$ent strings in resource files that are co pile$ into satellite asse blies. At run ti e% $etect the userGs culture an$ loa$ strings fro the appropriate asse bly. This approach is best for applications that generate content at run ti e or that have large e"ecutable co ponents. In $S,.7809 ho* do you detect the user<s #anguage pre erence on hisHher co)puter? Use the /e&uest ob-ectGs User)anguages property to return a list of the userGs language preferences. The first ele ent of the array returne$ by User)anguages is the userGs current language on hisCher co puter. What are the steps to o##o* to get user<s cu#ture at run ti)e? To get the userGs culture at run ti e% follow these stepsK 1. 1et the /e&uest ob-ectGs User)anguages property. 2. Use the returne$ value with the 'ulture*nfo class to create an ob-ect representing the userGs current culture. 3or e"a ple% the following co$e gets the userGs culture an$ $isplays the English na e an$ the abbreviate$ na e of the culture in a label the first ti e the page is

$isplaye$K private voi$ Page+)oa$6ob-ect sen$er% Syste .EventArgs e7 ? CC /un the first ti e the page is $isplaye$ if 6F*sPost2ac#7 ? CC 1et the user's preferre$ language. string s)ang @ /e&uest.User)anguagesOJPD CC 'reate a 'ulture*nfo ob-ect fro it. 'ulture*nfo 'urrent'ulture @ new 'ulture*nfo6s)ang7D lbl'ulture.Te"t @ 'urrent'ulture.EnglishNa e Q AK A Q 'urrent'ulture.Na eD E E What are the advantages o using detect and redirect approach to g#oba#iKing *eb app#ications? 1. 'ontent is aintaine$ separately% so this approach allows the $ifferent applications to present very $ifferent infor ation% if nee$e$. 2. Users can be auto atically $irecte$ to sites that are li#ely to be geographically close% an$ so can better eet their nee$s. 3. 'ontent files 6Web for s an$ ,T0) pages% for e"a ple7 can be authore$ in the appropriate natural language without the co ple"ity of inclu$ing resource strings. What are the disadvantages o using detect and redirect approach to g#oba#iKing *eb app#ications? 1. Using this approach re&uires that the e"ecutable portion of the Web application be co pile$ an$ $eploye$ separately to each culture=specific Web site. 2. This approach re&uires ore effort to aintain consistency an$ to $ebug proble s across Web sites. What is the use o cu#ture attribute o the g#oba#iKation e#e)ent in *eb.con ig? The Web.config fileGs globali4ation ele ent is use$ to create a culture=specific Web application. The culture attribute of the globali4ation ele ent specifies how the Web application $eals with various culture=$epen$ent issues% such as $ates% currency% an$ nu ber for atting. Web.config globali4ation settings in subor$inate fol$ers overri$e the globali4ation settings in the applicationGs root Web.config file. 5ou can store content for various cultures in subfol$ers within your application% a$$ Web.config files with the globali4ation settings for each culture% then $irect users to the appropriate fol$er base$ on the userGs 'urrent'ulture. 0he te+t on the *eb or) is usua##y *ritten ro) #e t to right. .o* do you change the *riting direction to "right to #e t"? The wrting $irection of a webfor can be change$ using the ,T0) $ir attribute as shown below.

5ou can use the $ir attribute in$ivi$ually in panels% te"t bo"es% or other controls as well. Setting the $ir attribute on the bo$y ele ent applies right=to=left for atting to the entire page. What do you )ean by neutra# cu#tures? Neutral cultures represent general languages% such as English or Spanish% rather than a specific language an$ region. When you set the culture attribute for a Web application in Web.config% ASP.NET assigns that culture to all the threa$s running for that Web application. Threa$s are the basic unit to which the server allocates processor ti e. ASP.NET aintains ultiple threa$s for a Web application within the aspnet+wp.e"e wor#er process. What are advantages o setting the cu#ture dyna)ica##y at the thread #eve# over creating separate Web app#ications or each cu#ture? 1. All cultures share the sa e application co$e% so the application $oesnGt have to be co pile$ an$ $eploye$ for each culture. 2. The application resi$es at a single Web a$$ress% you $onGt nee$ to re$irect users to other Web applications. 3. The user can choose fro a full array of available cultures. 1or *hat type o *eb app#ications setting the cu#ture dyna)ica##y is best suited? Setting the culture $yna ically is best suite$ for si ple Web applications that $onGt contain large a ounts of te"t that ust be translate$ into $ifferent languages.

&ataSet= What is a &ataSet? !ataSet is an in= e ory cache of $ata. In *hich na)espace is the &ataSet c#ass present? Syste .!ata Can you add )ore than one tab#e to a dataset? 5es Can you en orce constarints and re#ations on tab#es inside a &ataSet? 5es% the !ataSet consists of a collection of !ataTable ob-ects that you can relate to each other with !ata/elation ob-ects. 5ou can also enforce $ata integrity in the !ataSet by using the Uni&ue'onstraint an$ 3oreignHey'onstraint ob-ects. What happens *hen you invo(e $cceptChanges23 )ethod on a &ataSet? *nvo#ing Accept'hanges67 etho$ on the !ataSet causes Accept'hanges67 etho$ to be calle$ on each table within the !ataSet.

2oth the !ata/ow an$ !ataTable classes also have Accept'hanges67 etho$s. 'alling Accept'hanges67 at the !ataTable level causes the Accept'hanges etho$ for each !ata/ow to be calle$. When you call Accept'hanges on the !ataSet% any !ata/ow ob-ects still in e$it= o$e en$ their e$its successfully. The /owState property of each !ata/ow also changes. A$$e$ an$ 0o$ifie$ rows beco e Unchange$% an$ !elete$ rows are re ove$. *f the !ataSet contains 3oreignHey'onstraint ob-ects% invo#ing the Accept'hanges etho$ also causes the Accept/e-ect/ule to be enforce$. Is there a *ay to c#ear a## the ro*s ro) a## the tab#es in a &ataSet at once? 5es% use the !ataSet.'lear67 etho$ to clear all the rows fro all the tables in a !ataSet at once. What is the di erence bet*een &ataSet.Copy23 and &ataSet.C#one23? !ataSet.'lone67 copies the structure of the !ataSet% inclu$ing all !ataTable sche as% relations% an$ constraints. !oes not copy any $ata. !ataSet.'opy67 copies both the structure an$ $ata. .o* do you get a copy o the &ataSet containing a## changes )ade to it since it *as #ast #oaded? Use !ataSet.1et'hanges67 etho$ What is the use o &ataSet..asChanges23 "ethod? !ataSet.,as'hanges etho$ returns a boolean true if there are any changes a$e to the !ataSet% inclu$ing new% $elete$% or o$ifie$ rows. This etho$ can be use$ to up$ate a !ataSource only if there are any changes. .o* do you ro## bac( a## the changes )ade to a &ataSet since it *as created? *nvo#e the !ataSet./e-ect'hanges67 etho$ to un$o or roll bac# all the changes a$e to a !ataSet since it was create$. What happnes *hen you invo(e ?e'ectChanges )ethod9 on a &ataSet that contains 3 tab#es in it? /e-ect'hanges67 etho$ will be auto atically invo#e$ on all the < tables in the $ataset an$ any changes that were $one will be rolle$ bac# for all the < tables. When the !ataTable./e-ect'hanges etho$ is calle$% any rows that are still in e$it= o$e cancel their e$its. New rows are re ove$. 0o$ifie$ an$ $elete$ rows return bac# to their original state. The !ata/owState for all the o$ifie$ an$ $elete$ rows will be flippe$ bac# to unchange$. What is the &ataSet.CaseSensitive property used or?

When you set the 'aseSensitive property of a !ataSet to true% string co parisons for all the !ataTables within $ataset will be case sensitive. 2y $efault the 'aseSensitive property is false