Sunday, May 25, 2014

Security Interview Questions on ASP.Net(21)



Security Interview Questions on ASP.Net(21)

 
1. What is CAS?

A.CAS is the part of the .NET security model that determines whether or not a piece of code is allowed to run, and what resources it can use when it is running. For example, it is CAS that will prevent a .NET web applet from formatting your hard disk. How does CAS work? The CAS security policy revolves around two key concepts - code groups and permissions. Each .NET assembly is a member of a particular code group, and each code group is granted the permissions specified in a named permission set. For example, using the default security policy, a control downloaded from a web site belongs to the 'Zone - Internet' code group, which adheres to the permissions defined by the 'Internet' named permission set. (Naturally the 'Internet' named permission set represents a very restrictive range of permissions.)

2. What is Code group?

A.Code groups represent collections of code and each code group has an associated set of permissions.

3. What is Role-Based security?

A.A role is a named set of principals that have the same privileges with respect to security (such as a teller or a manager). A principal can be a member of one or more roles. Therefore, applications can use role membership to determine whether a principal is authorized to perform a requested action.

4.What type of Security MS.Net supports?

A.MS.Net Supports Role-Based Security.

5.How can you provide security with ASP.Net?

A.In ASP.Net security can be provided by using Authentication.

6.Define Authentication?

A.Authentication is the process of validating a user with the credentials i.e username and password.

7.How many types of Authentication?

A.There are 4 types of Authentication.

8.List the different types of authentication?

A.Authentication are listed in the following way:
1.Windows Authentication
2.Forms Authentication
3.Passport Authentication
4.None

9.How can we implemented authentication?

A.Authentication can be implemented using Web.Config file.

10.Implement the process of authentication in ASP.Net?

A.Authentication can be implemented using web.config file with the following way
<authentication mode=”windows”>
 <authentication mode=”passport”>
 <authentication mode=”forms”>
<authentication mode=”none”>
 Custom authentication where you might install an ISAPI filter in IIS that
compares incoming requests to list of source IP addresses, and considers
requests to be authenticated if they come from an acceptable address. In that
case, you would set the authentication mode to none to prevent any of the
.net authentication providers from being triggered.

11.How Windows Authentication implemeneted?

A.If you select windows authentication for your ASP.NET application, you also have to
configure authentication within IIS. This is because IIS provides Windows authentication.
IIS gives you a choice for four different authentication methods:
Anonymous, basic digest and windows integrated

If you select anonymous authentication, IIS doesn’t perform any authentication, Any one
is allowed to access the ASP.NET application.

If you select basic authentication, users must provide a windows username and password
to connect. How ever this information is sent over the network in clear text, which makes
basic authentication very much insecure over the internet.

If you select digest authentication, users must still provide a windows user name and
password to connect. However the password is hashed before it is sent across the network.

Digest authentication requires that all users be running Internet Explorer 5 or later and
that windows accounts to stored in active directory.

12.What is Forms Authentication?

A.Forms authentication provides you with a way to handle authentication using your own
custom logic with in an ASP.NET application.

13.What is Passport Authentication?

A.Passport authentication lets you to use Microsoft’s passport service to authenticate users
of your application. If your users have signed up with passport, and you configure the
authentication mode of the application to the passport authentication, all authentication
duties are off-loaded to the passport servers.

14.What is Impersonation in ASP.Net?

A.By default, ASP.NET executes in the security context of a restricted user account on the
local machine. Sometimes you need to access network resources such as a file on a shared
drive, which requires additional permissions. One way to overcome this restriction is to
use impersonation. With impersonation, ASP.NET can execute the request using the
identity of the client who is making the request, or ASP.NET can impersonate a specific
account you specify in web.config.

15.How can we enable impersonation?

A.Enable impersonation in the web.confing file, you need to include the <identity> element in the web.config file and set the impersonate attribute to true as shown in the following code snippet:
<identity impersonate = "true" />

16. How do I sign out in forms authentication ?

A.FormsAuthentication.Signout()

17.Define Authorization?

A.Authorization is the process of checking whether the user has certain permission to access the resource.
                                                Or
Authorization is the process of allowing an authenticated user access to resources.

18.How does authorization work in ASP.NET?

A.ASP.NET impersonation is controlled by entries in the applications web.config file. The
default setting is “no impersonation”. You can explicitly specify that ASP.NET shouldn’t
use impersonation by including the following code in the file
<identity impersonate=”false”/>

19.What do you mean by authentication and authorization?

A.Authentication is the process of validating a user on the credentials (username and password) and authorization performs after authentication.After Authentication a user will be verified for performing the various tasks, It access is limited it is known as authorization.

20.What setting must be added in the configuration file to deny a particular user from accessing the secured resources?

A.To deny a particular user form accessing the secured resources, the web.config file must contain the following code:
<authorization >
<deny users="username" />
</authorization>

21.What is the appSettings Section in the web.config file?

A.The web.config file sets the configuration for a Web project. The appSettings block in configuration file sets the user-defined values for the whole application.
For example, in the following code snippet, the specified ConnectionString section is used throughout the project for database connection:
<configuration>
<appSettings>
<add key="ConnectionString" value="server=indiabixserver; pwd=dbpassword; database=indiabix" />
</appSettings>

0 comments:

Post a Comment