Microsoft's Passport Authentication

What is Passport Authentication?

There are three types of authentications in ASP.NET i.e.

• Windows Authentication
• Forms Authentication
• Passport Authentication
• Anonymous access

Windows Authentication:

If your application is targeted for use inside an organization, and users accessing the application have existing user accounts within the local user database of the Web server or Active Directory, you should authenticate users with Windows authentication.

Form Authentication:

Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.

Passport authentication:

You can also authenticate users using a service from Microsoft called Passport. Passport 
is a centralized directory of user information that Web sites can use, in exchange for a fee, to authenticate users. Users can choose to allow the Web site access to personal 
information stored on Passport, such as the users' addresses, ages, and interests.

We don’t need to implement our own custom authentication mechanism if implementing .NET Passport Single Sign-In (SSI) service.

Anonymous access 
You can explicitly disable authentication for your application if you know that it will be used only by anonymous users. 
<configuration> 
<system.web> 
<authentication mode="None" /> 
</system.web> 
</configuration>

                                     --------------**--------------

Can you briefly explain how Passport Authentication works?

As discussed above that Passport Authentication is a central service. It just authenticate (validate the credentials), no authorization (grant or deny access to a site). So, implementing application will check for the Passport Authentication Cookie. In case of unavailability of Passport Cookie, user is redirected to passport Sign-In page. User provides the credentials on Sign-In page, if validated,  Authentication Cookie is stored on client machine and redirected to the requested page.

Below picture clearly explains step by step process of Passport authentication in ASP.NET.

                                     --------------**--------------

What are the advantages of using Passport Authentication?

Advantages of Passport Authentication are:

• We don’t need to care of authentication mechanism our self, Passport SSI does this for us.
• Single login credentials can be used to access multiple sites. User don’t need to remember separate credentials for individual site.

                                     --------------**--------------

What is Role-based Security?

We have discussed about authentication in above questions but another different but related concept is Authorization. Authorization is a process of granting privileges or permissions on resources to an authenticated user. So,
“Role Based Security is a technique we use to implement authorization on the basis of user’s roles within an   organization. It’s more granular approach to grant or revoke permissions on resources through user’s roles.“

                                     --------------**--------------

What are the different Security Controls in ASP.NET?

ASP.NET provides several security controls which are actually Web Server controls. We can see in Visual Studio Toolbox.

Login Control:
In almost every application we need to take user credentials on a typical login page. Login control provides the same standard functionality and reduces the effort for building it from scratch.

LoginName:
After a user successfully logged in to an application, we normally display his/her username to top right or some other place on the page. Now, this functionality is provided by LoginName control.

LoginView Control:
LoginView control displays different view for different users. Using AnonymousTemplate and LoggedInTemplate, different information can be presented to different users.

LoginStatus Control:
LoginStatus control implies whether a user is authenticated or not. For an unathenticated user, it displays a link to login page. On the other hand, for authenticated user, a logout link is displayed.

LoginRecovery Control:
Password recovery is another important functionality simplified through PasswordRecovery control. It sends an email with login credentials to registered user email.

                                     --------------**--------------

What is Code-Access Security (CAS)?

 Role Based Security that restrict access to resources on the basis of user’s role. CAS (Code Access Security) is entirely a different concept. It’s .NET CLR’s security system that restrict the code to perform an unwanted task by applying security policies.
                                     --------------**--------------

What are the key functions of Code Access Security?

Key functions of Code Access Security are :

• Defines permissions and permission sets that represent the right to access various system resources.
• Enables code to demand that its callers have specific permissions.
• Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
• Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have.

                                     --------------**--------------

What .NET Tool can be used to Enable/Disable CAS?

Code Access Security Tool (Caspol.exe) can be used to turn Code Access Security ON or OFF as follows:

• caspol -security on
• caspol -security off

We can also list all code groups using following command.

• caspol -listgroups

                                     --------------**--------------

What is Impersonation in ASP.NET?

Impersonation is an act of a user to pretend itself to be another user. By default, ASP.NET executes application code using the same user account as that of ASP.NET process i.e. Network Service. But with impersonation enabled, it executes code with the windows identity of the user making the request.

For example, if a user ‘user1′ logged in and IIS is setup to run as Network Service. If ‘user1′ call a piece of code on another computer (may be a web service call), the other computer will see the IIS user instead of ‘user1′. But we can enable impersonation to allow ‘user1′ to access the web service using its windows identity instead of Network Service.

                                     --------------**--------------

How to configure Impersonation in ASP.NET??

By default, impersonation is disabled in ASP.NET. Impersonation can be Enabled/Disabled as follows:

</configuration>
      <system.web>
          <identity impersonate=”true”/> <! — To disable set impersonate=”false” –>
       </system.web>
 </configuration>

Impersonate a specific user account as:

<identity impersonate=”true” userName=”user” password=”pwd” />

                                     --------------**--------------

AJAX

Define Ajax
Ajax is a client-side script that communicates to and from a server or database without the need for a postback or a complete page refresh. 
 Ajax is “the method of exchanging data with a server, and updating parts of a web page - without reloading the entire page.
How it works?

In this way an ajax script will work.

Please elaborate XMLHttpRequest Object further?

The XMLHttpRequest object is used to exchange data with a server behind the scenes. The XMLHttpRequest object is the developers dream, because you can: Update a web page without reloading the page.

JavaScript uses this Object to exchange XML as well as text data between client and server. An AJAX implementation uses this object and communicate with server but it doesn't require the complete page to be refreshed.

How to send a request to server using XMLHttpRequest Object?

We can send a request to server using HTTP GET and POST methods.

// Simple GET Request

var xmlHttp = new XMLHttpRequest();

xmlHttp.open("GET", "TestFile.txt", true);

xmlHttp.send();

//Simple POST Request 

var xmlHttp = new XMLHttpRequest();

xmlHttp.open("POST", "TestFile.txt", true);

xmlHttp.send();

What is ASP.NET AJAX?

Microsoft simplified the usage of these techniques with its own implementation. ASP.NET AJAX is a set of extensions to ASP.NET and comes with reusable AJAX controls. Using ASP.NET AJAX, we can develop applications that can update partial page instead of a complete page refresh.

Difference between Synchronous and Asynchronous Postback?

Synchronous Postback	Asynchronous Postback
complete web page is sent to server and in return rendering the output	partial page goes to the server and renders only partial (required) part of the page.
synchronous postback executes all the actions at once.	Asynchronous postback executes only one postback at a time, that is, if you have two buttons doing asynchronous postback, the actions will be performed one by one
Synchronous postback modifies the entire page.	Asynchronous postback only modifies the update panel that raises the postback

What are the basic controls in ASP.NET AJAX?

Following controls can be considered as core AJAX controls in ASP.NET.

• ScriptManager
• ScriptManagerProxy
• UpdatePanel
• UpdateProgress
• Timer

Later more controls are added to ASP.NET AJAX library e.g. Script Loader, Client Data Context, Client Data Access, jQuery Integration etc.

What is a ScriptManager in ASP.NET AJAX?

In order to use AJAX functionality on a web page, we add a ScriptManager control to the page in most of the scenarios, because ScriptManager control register AJAX library scripts to that particular web page.

ScriptManager Vs ScriptManagerProxy?

As we understand that we can have only one ScriptManager control on a page but we can have multipleScriptManagerProxy controls. Consider a scenario that we have ScriptManager in our MasterPage that is available for all content pages. Now, we wanted to register a web service in a particular page. So, we will not add another ScriptManager to that page instead we will add ScriptManagerProxy to it in order to avoid error

What is the role of UpdatePanel in ASP.NET AJAX?

UpdatePanel is the control that facilitate the partial page rendering functionality in an ASP.NET application. As discussed earlier that using ASP.NET AJAX, we can communicate with a web server asynchronously and update a part of a page without a complete page postback.

What are the limitations of AJAX?

• AJAX on an application will not work if JavaScript is disabled.
• In some scenarios, it exposes vulnerability.
• It will always be difficult to bookmark application state.
• Application behavior may be slow in some scenarios, because of different loading time of controls on a single page.

Web API

What is ASP.NET Web API?
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices.
It is an Ideal platform for building RESTful applications on the .NET framework.
    People are very smart, using different devices for different applications for making the life easy. It shows we are moving from web towards app world.
     So expose your service data to the browsers and as well as all modern devices apps in fast and simple way.



Web API is open source an ideal platform for building REST-ful services.

-------------------------------------------

What are the advantages of using ASP.NET Web API?

    Using ASP.NET Web API has a number of advantages, but core of the advantages are:

• It works the HTTP way using standard HTTP verbs like GET, POST, PUT, DELETE etc for all CRUD operations.
• Complete support for routing.
• Response generated in JSON or XML format using MediaTypeFormatter.
• It has the ability to be hosted in IIS as well as self-host outside of IIS.
• Supports Model binding and Validation.
• Support for OData.
• and more....

For implementation on performing all CRUD operations using ASP.NET Web API, click here.

                         -------------------------------------------

What new features are introduced in ASP.NET Web API 2.0?
 More new features introduced in ASP.NET Web API framework v2.0 are as follows:

• Attribute Routing
• External Authentication
• CORS (Cross-Origin Resource Sharing)
• OWIN (Open Web Interface for .NET) Self Hosting
• IHttpActionResult
• Web API OData

                      -------------------------------------------

WCF Vs ASP.NET Web API?
     Actually, Windows Communication Foundation is designed to exchange standard SOAP-based messages using variety of transport protocols like HTTP, TCP, NamedPipes or MSMQ etc.
On the other hand, ASP.NET API is a framework for building non-SOAP based services over HTTP only.                  For details,Click here
                       -------------------------------------------

Is it true that ASP.NET Web API? has replaced WCF?

      It's a misconception that ASP.NET Web API has replaced WCF. It's another way of building non-SOAP based services, for example, plain XML or JSON string etc.

Yes, it has some added advantages like utilizing full features of HTTP and reaching more clients such as mobile devices etc.

But WCF is still a good choice for following scenarios:

• If we intended to use transport other than HTTP e.g. TCP, UDP or Named Pipes.
• Message Queuing scenario using MSMQ.
• One-way communication or Duplex communication

A good understanding for WCF(Windows Communication Foundation), please follow WCF Tutorial.                    
                       -------------------------------------------


MVC Vs ASP.NET Web API?
 As in previous ASP.NET Web API Interview Questions, we discussed that purpose of Web API framework is to generate HTTP services that reaches more clients by generating data in raw format, for example, plain XML or JSON string. So, ASP.NET Web API creates simple HTTP services that renders raw data.

On the other hand, ASP.NET MVC framework is used to develop web applications that generates Views as well as data. ASP.NET MVC facilitates in rendering HTML easy.

                          -------------------------------------------

How to return view from ASP.NET Web API method?
No, we can't return view from ASP.NET Web API Method.

                          -------------------------------------------

How to restrict access to Web API method to specify HTTP verb?
Attribute programming plays it's role here. We can easily restrict access to an ASP.NET Web API method to be called using a specific HTTP method. For example, we may required in a scenario to restrict access to a Web API method through HTTP POST only

                          -------------------------------------------

Can we use Web API with ASP.NET Web Form?
 Yes, ASP.NET Web API is bundled with ASP.NET MVC framework but still it can be used with ASP.NET Web Form.
It can be done in three simple steps as follows:

1. Create a Web API Controller.
2. Add a routing table to Application_Start method of Global.asax.
3. Make a jQuery AJAX Call to Web API method and get data.

                         -------------------------------------------

Technical Questions on ASP.NET

Life Cycle of Asp.Net

Step-1: User requests an application resource from the Web server.

• Life cycle of an ASP.NET application starts with a request sent by a browser to the Web server, typically IIS 

Step-2: ASP.NET receives the first request for the application.

• When ASP.NET receives the first request for any resource in an application, a class named ApplicationManager creates an application domain. 

Step-3:ASP.NET core objects are created for each request.

• After the application domain has been created and the HostingEnvironment object instantiated, ASP.NET creates and initializes core objects such as
•  HttpContext
•  HttpRequest
•  HttpResponse.

Step-4: AnHttpApplication object is assigned to the request

• When an instance of HttpApplication is created, any configured modules are also created. For instance, if the application is configured to do so, ASP.NET creates a SessionStateModule module. After all configured modules are created, theHttpApplication class's Init method is called.

Step-5: The request is processed by the HttpApplication pipeline

• In the HttpApplication pipeline the rewuest is processed in several stages and sends response to the client through HttpRespose.

Overview of ASP.Net Page Life Cycle:

1. Page request
2. Start
3. Initialization
4. Load
5. Post-back event handling.
6. Rendering
7. Unload

                ---------------------------------

Differences between HTML and ASP.NET

HTML	ASP.NET
A simple ASP.NET page looks just like an ordinary HTML page.	ASP.NET page is just the same as an HTML page.
An HTML page has the extension .htm.	An ASP.NET page has the extension .aspx.
If a browser requests an HTML page from the server, the server sends the page to the browser without any modifications.	If a browser requests an ASP.NET page, the server processes any executable code in the page, before the result is sent back to the browser.
HTML is a client-side language	ASP is a server side language
It is used to design static web pages	ASP is used to design user-interactive pages or dynamic pages
HTML page cannot connect to the database	ASP and ASP.NET Pages can. The content on an ASP.NET page is derived from a data source, such as a database.
It cannot reuse the code	ASP.NET allows one to use and create reusable complex html controls, using programming languages.

                ---------------------------------

What is the Purpose of a model?

Model:

• Responsible for making all updates, calling Business and Data layers, loading all data
• Handles all validation and errors, and returns these to the Controller
• Contains properties of all data that is required for the View, and populates itself.
• The Models contain the business logic, represent the things in your application. 
• The views present the data to the user.
•  The controllers decide what to do with the various user actions. When you stick to that, the code is easy to read because things are as simple as possible.
• 
• Simply,  the model manages the behavior and data of the application domain, responds to requests for information about its state (usually from the view), and responds to instructions to change state (usually from the controller).

                ---------------------------------

How do we call a model in Controller?

While Creating the controller, you will give name(default) name of the controller. Next select the template which you would like to use. 

Then you can notice a Model class here you will specify which model class would be used to the current controller.

Here we can also specify the Data Context class.

For example please go through the link as follows:

Click here

Or by using assembly directives like 

using Projectname.Models;

                ---------------------------------

jQuery

Getting started with jQuery

What is jQuery?

jQuery is a lightweight, "write less, do more", JavaScript library.

The purpose of jQuery is to make it much easier to use JavaScript on your website.

jQuery takes a lot of common tasks that require many lines of JavaScript code to accomplish, and wraps them into methods that you can call with a single line of code.

jQuery also simplifies a lot of the complicated things from JavaScript, like AJAX calls and DOM manipulation.

The jQuery library contains the following features:

• HTML/DOM manipulation
• CSS manipulation
• HTML event methods
• Effects and animations
• AJAX
• Utilities

The jQuery library is a single JavaScript file, and you reference it with the HTML <script> tag (notice that the <script> tag should be inside the <head> section):

<head>
<script src="jquery-1.12.2.min.js"></script>
</head>

jQuery Syntax

The jQuery syntax is tailor-made for selecting HTML elements and performing some action on the element(s).

Basic syntax is: $(selector).action()

• A $ sign to define/access jQuery
• A (selector) to "query (or find)" HTML elements
• A jQuery action() to be performed on the element(s)

The Document Ready Event

·         You might have noticed that all jQuery methods in our examples, are inside a document ready event:

·         $(document).ready(function(){

   // jQuery methods 

});

·         This is to prevent any jQuery code from running before the document is finished loading (is ready).

·         It is good practice to wait for the document to be fully loaded and ready before working with it.

jQuery Selectors

jQuery selectors allow you to select and manipulate HTML element(s).

jQuery selectors are used to "find" (or select) HTML elements based on their name, id, classes, types, attributes, values of attributes and much more. It's based on the existing CSS Selectors, and in addition, it has some own custom selectors.

All selectors in jQuery start with the dollar sign and parentheses: $().

Examples:

$("*")            Selects all elements.

$("this")        Selects the current html element   

$("p")           Selects all <p> elements on a page

$(".test")       Selects all elements with class="test".

$("#test")      Selects all the element with id="test". etc..

jQuery Event Methods

An event represents the precise moment when something happens.

Examples:

• moving a mouse over an element

• selecting a radio button

• clicking on an element

jQuery Effects 

The term "fires/fired" is often used with events. Example: "The keypress event is fired, the moment you press a key".

Hide, Show, Toggle, Slide, Fade, and Animate.

jQuery contains powerful methods for changing and manipulating HTML elements and attributes.

jQuery Ajax

AJAX = Asynchronous JavaScript and XML.AJAX is the art of exchanging data with a server, and updating parts of a web page - without reloading the whole page.

jQuery provides several methods for AJAX functionality.

With the jQuery AJAX methods, you can request text, HTML, XML, or JSON from a remote server using both HTTP Get and HTTP Post - And you can load the external data directly into the selected HTML elements of your web page