Security Interview Questions on ASP.Net(21)
1. What is CAS?
A.CAS is the part of the .NET security
model that determines whether or not a piece of code is allowed to run, and
what resources it can use when it is running. For example, it is CAS that will
prevent a .NET web applet from formatting your hard disk. How does CAS work?
The CAS security policy revolves around two key concepts - code groups and
permissions. Each .NET assembly is a member of a particular code group, and
each code group is granted the permissions specified in a named permission set.
For example, using the default security policy, a control downloaded from a web
site belongs to the 'Zone - Internet' code group, which adheres to the
permissions defined by the 'Internet' named permission set. (Naturally the
'Internet' named permission set represents a very restrictive range of
permissions.)
2. What is Code group?
A.Code groups represent collections of
code and each code group has an associated set of permissions.
3. What is Role-Based security?
A.A role is a named set of principals
that have the same privileges with respect to security (such as a teller or a
manager). A principal can be a member of one or more roles. Therefore,
applications can use role membership to determine whether a principal is
authorized to perform a requested action.
4.What type of Security MS.Net supports?
A.MS.Net Supports Role-Based Security.
5.How can you provide security with
ASP.Net?
A.In ASP.Net security can be provided
by using Authentication.
6.Define Authentication?
A.Authentication is the process of validating a
user with the credentials i.e username and password.
7.How many types of Authentication?
A.There are 4 types of Authentication.
8.List the different types of
authentication?
A.Authentication are listed in the following
way:
1.Windows Authentication
2.Forms Authentication
3.Passport Authentication
4.None
9.How can we implemented authentication?
A.Authentication can be implemented
using Web.Config file.
10.Implement the process of
authentication in ASP.Net?
A.Authentication can be implemented
using web.config file with the following way
<authentication
mode=”windows”>
<authentication mode=”passport”>
<authentication mode=”forms”>
<authentication
mode=”none”>
Custom authentication where you might install
an ISAPI filter in IIS that
compares incoming requests to list of
source IP addresses, and considers
requests to be authenticated if they
come from an acceptable address. In that
case, you would set the authentication
mode to none to prevent any of the
.net authentication providers from being
triggered.
11.How Windows Authentication
implemeneted?
A.If you select windows authentication for your
ASP.NET application, you also have to
configure authentication within IIS.
This is because IIS provides Windows authentication.
IIS gives you a choice for four
different authentication methods:
Anonymous, basic digest and windows
integrated
If you select anonymous authentication,
IIS doesn’t perform any authentication, Any one
is allowed to access the ASP.NET
application.
If you select basic authentication,
users must provide a windows username and password
to connect. How ever this information is
sent over the network in clear text, which makes
basic authentication very much insecure
over the internet.
If you select digest authentication,
users must still provide a windows user name and
password to connect. However the
password is hashed before it is sent across the network.
Digest authentication requires that all
users be running Internet Explorer 5 or later and
that windows accounts to stored in
active directory.
12.What is Forms Authentication?
A.Forms authentication provides you with a way
to handle authentication using your own
custom logic with in an ASP.NET
application.
13.What is Passport Authentication?
A.Passport authentication lets you to use
Microsoft’s passport service to authenticate users
of your application. If your users have
signed up with passport, and you configure the
authentication mode of the application
to the passport authentication, all authentication
duties are off-loaded to the passport
servers.
14.What is Impersonation in ASP.Net?
A.By default, ASP.NET executes in the security
context of a restricted user account on the
local machine. Sometimes you need to
access network resources such as a file on a shared
drive, which requires additional
permissions. One way to overcome this restriction is to
use impersonation. With impersonation,
ASP.NET can execute the request using the
identity of the client who is making the
request, or ASP.NET can impersonate a specific
account you specify in web.config.
15.How can we enable impersonation?
A.Enable impersonation in the web.confing
file, you need to include the <identity> element in the web.config file
and set the impersonate attribute to true as shown in the following code
snippet:
<identity impersonate =
"true" />
16. How do I sign out in forms
authentication ?
A.FormsAuthentication.Signout()
17.Define Authorization?
A.Authorization is the process of checking
whether the user has certain permission to access the resource.
Or
Authorization is
the process of allowing an authenticated user access to resources.
18.How does authorization work in
ASP.NET?
A.ASP.NET impersonation is controlled by entries
in the applications web.config file. The
default setting is “no impersonation”.
You can explicitly specify that ASP.NET shouldn’t
use impersonation by including the
following code in the file
<identity impersonate=”false”/>
19.What do you mean by authentication
and authorization?
A.Authentication is the process of
validating a user on the credentials (username and password) and authorization
performs after authentication.After Authentication a user will be verified for
performing the various tasks, It access is limited it is known as
authorization.
20.What setting must be added in the
configuration file to deny a particular user from accessing the secured
resources?
A.To deny a particular user form
accessing the secured resources, the web.config file must contain the following
code:
<authorization >
<deny users="username"
/>
</authorization>
21.What is the appSettings Section in
the web.config file?
A.The web.config file sets the
configuration for a Web project. The appSettings block in configuration file
sets the user-defined values for the whole application.
For example, in the following code
snippet, the specified ConnectionString section is used throughout the project
for database connection:
<configuration>
<appSettings>
<add key="ConnectionString"
value="server=indiabixserver; pwd=dbpassword; database=indiabix"
/>
</appSettings>
0 comments:
Post a Comment