22 Should user input data validation occur server-side or client-side? Why?
· All user input data validation should occur on the server and minimally on the client-side, though it is a good way to reduce server load and network traffic because we can ensure that only data of the appropriate type is submitted from the form. It is totally insecure. The user can view the code used for validation and create a workaround for it. Secondly, the URL of the page that handles the data is freely visible in the original form page. This will allow unscrupulous users to send data from their own forms to your application. Client-side validation can sometimes be performed where deemed appropriate and feasible to provide a richer, more responsive experience for the user.
23 What is the difference between Server.Transfer and Response.Redirect?
a. Response.Redirect
: This tells the browser that the requested page can be found at a new location. The browser then initiates another request to the new page loading its contents in the browser. This results in two requests by the browser.b. Server.Transfer
: It transfers execution from the first page to the second page on the server. As far as the browser client is concerned, it made one request and the initial page is the one responding with content. The benefit of this approach is one less round trip to the server from the client browser. Also, any posted form variables and query string parameters are available to the second page as well.
24 What is an interface and what is an abstract class?
· In an interface, all methods must be abstract (must not be defined). In an abstract class, some methods can be defined. In an interface, no accessibility modifiers are allowed, whereas it is allowed in abstract classes.
25 Session state vs. View state:
· In some cases, using view state is not feasible. The alternative for view state is session state. Session state is employed under the following situations:
a. Large amounts of data - View state tends to increase the size of both the HTML page sent to the browser and the size of form posted back. Hence session state is used.
b. Secure data - Though the view state data is encoded and may be encrypted, it is better and secure if no sensitive data is sent to the client. Thus, session state is a more secure option.
c. Problems in serializing of objects into view state - View state is efficient for a small set of data. Other types like DataSet are slower and can generate a very large view state.
26 Can two different programming languages be mixed in a single ASPX file?
· ASP.NET’s built-in parsers are used to remove code from ASPX files and create temporary files. Each parser understands only one language. Therefore mixing of languages in a single ASPX file is not possible.
- -
27 Is it possible to see the code that ASP.NET generates from an ASPX file?
· By enabling debugging using a <%@ Page Debug="true" %> directive in the ASPX file or a
28 Can a custom .NET data type be used in a Web form?
· This can be achieved by placing the DLL containing the custom data type in the application root’s bin directory and ASP.NET will automatically load the DLL when the type is referenced.
29 List the event handlers that can be included in Global.asax?
a. Application start and end event handlers
b. Session start and end event handlers
c. Per-request event handlers
d. Non-deterministic event handlers
30 Can the view state be protected from tampering?
· This can be achieved by including an @ Page directive with an EnableViewStateMac="true" attribute in each ASPX file that has to be protected. Another way is to include the
31 Can the view state be encrypted?
· The view state can be encrypted by setting EnableViewStateMac to true and either modifying the
32 When during the page processing cycle is ViewState available?
· The view state is available after the Init() and before the Render() methods are called during Page load.
33 Do Web controls support Cascading Style Sheets?
· All Web controls inherit a property named CssClass from the base class System.Web.UI.WebControls.WebControl which can be used to control the properties of the web control.
34 What namespaces are imported by default in ASPX files?
· The following namespaces are imported by default. Other namespaces must be imported manually using @ Import directives.
a. System
b. System.Collections
c. System.Collections.Specialized
d. System.Configuration
e. System.Text
f. System.Text.RegularExpressions
g. System.Web
h. System.Web.Caching
i. System.Web.Security
j. System.Web.SessionState
k. System.Web.UI
l. System.Web.UI.HtmlControls
m. System.Web.UI.WebControls
35 What classes are needed to send e-mail from an ASP.NET application?
· The classes MailMessage and SmtpMail have to be used to send email from an ASP.NET application. MailMessage and SmtpMail are classes defined in the .NET Framework Class Library’s System.Web.Mail namespace.
36 Why do some web service classes derive from System.Web.WebServices while others do not?
· Those Web Service classes which employ objects like Application, Session, Context, Server, and User have to derive from System.Web.WebServices. If it does not use these objects, it is not necessary to be derived from it.
37 What are VSDISCO files?
· VSDISCO files are DISCO files that enable dynamic discovery of Web Services. ASP.NET links the VSDISCO to a HTTP handler that scans the host directory and subdirectories for ASMX and DISCO files and returns a dynamically generated DISCO document. A client who requests a VSDISCO file gets back what appears to be a static DISCO document.
38 How can files be uploaded to Web pages in ASP.NET?
· This can be done by using the HtmlInputFile class to declare an instance of an tag. Then, a byte[] can be declared to read in the data from the input file. This can then be sent to the server.
39 How do I create an ASPX page that periodically refreshes itself?
· The following META tag can be used as a trigger to automatically refresh the page every n seconds:
40 How do I initialize a TextBox whose TextMode is "password", with a password?
· The TextBox’s Text property cannot be used to assign a value to a password field. Instead, its Value field can be used for that purpose.
ID="Password" RunAt="server" />
No comments:
Post a Comment