It’s a continuation in series of ASP.NET Interview Questions and Answers for beginners as well as professional developers. If you haven’t gone through the previous ASP.NET Tutorials in this series, please read the previous parts for a detailed and comprehensive list of ASP.NET Interview Questions here.
- Top 10 ASP.NET Interview Questions for experienced
(Top Questions covering almost all ASP.NET technology area)
- ASP.NET Interview Questions – Part 1
(ASP.NET State Management, View State, Session & Controls etc.)
- ASP.NET Interview Questions – Part 2
(ASP.NET Interview Questions for Globalization and Localization, Culture & Controls etc.)
- ASP.NET Interview Questions – Part 3
(ASP.NET Cache Management, Security)
- ASP.NET Interview Questions – Part 4
- ASP.NET Interview Questions – Part 5
(Top 10 ASP.NET AJAX Interview Questions)
- ASP.NET Interview Questions – Part 6
(Top 10 ASP.NET Web API Interview Questions)
For a comprehensive list of ASP.NET MVC Interview Questions, follow here.
ASP.NET Interview Questions List – Part 4
- What is Passport Authentication?
- Can you briefly explain how Passport Authentication works?
- What are the advantages of using Passport Authentication?
- What is Role-based Security?
- What are the different Security Controls in ASP.NET?
- What is Code-Access Security (CAS)?
- What are the key functions of Code Access Security?
- What .NET Tool can be used to Enable/Disable CAS?
- What is Impersonation in ASP.NET?
- How to configure Impersonation in ASP.NET?
As we have discussed previously that there are three types of authentications in ASP.NET i.e.
- Windows Authentication
- Forms Authentication
- Passport Authentication
Windows and Forms Authentications are already explained.
Passport Authentication actually validates against a centralized authentication service i.e. Microsoft Passport Service. We don’t need to implement our own custom authentication mechanism if implementing .NET Passport Single Sign-In (SSI) service.
Advantages of Passport Authentication are:
- We don’t need to care of authentication mechanism our self, Passport SSI does this for us.
- Single login credentials can be used to access multiple sites. User don’t need to remember separate credentials for individual site.
“Role Based Security is a technique we use to implement authorization on the basis of user’s roles within an organization. It’s more granular approach to grant or revoke permissions on resources through user’s roles.“
An example of granting or revoking permissions in configuration file using windows built-in groups as follows:
<allow roles=”MyDomain1Administrators” / > < !– Allow Admin of this domain — >
<deny users=”*” / > < !– Deny anyone else. — >
In almost every application we need to take user credentials on a typical login page. Login control provides the same standard functionality and reduces the effort for building it from scratch.
After a user successfully logged in to an application, we normally display his/her username to top right or some other place on the page. Now, this functionality is provided by LoginName control.
LoginView control displays different view for different users. Using AnonymousTemplate and LoggedInTemplate, different information can be presented to different users.
LoginStatus control implies whether a user is authenticated or not. For an unathenticated user, it displays a link to login page. On the other hand, for authenticated user, a logout link is displayed.
Password recovery is another important functionality simplified through PasswordRecovery control. It sends an email with login credentials to registered user email.
As per documentation, key functions of Code Access Security are (straight from MSDN):
- Defines permissions and permission sets that represent the right to access various system resources.
- Enables code to demand that its callers have specific permissions.
- Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
- Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have.
Code Access Security Tool (Caspol.exe) can be used to turn Code Access Security ON or OFF as follows:
- caspol -security on
- caspol -security off
- caspol -listgroups
By default, impersonation is disabled in ASP.NET. Impersonation can be Enabled/Disabled as follows:
<identity impersonate=”true”/> <! — To disable set impersonate=”false” –>
Impersonate a specific user account as:
Back to top
On completing Part 4 of this ASP.NET Interview Questions and Answers series, we have completed major questions on ASP.NET Security. Hopefully, this series will be beneficial in terms of preparing an ASP.NET Interview.
Other Related Articles:
- MVC 3 Vs MVC 4 Vs MVC 5
- ASP.NET MVC Web API Service step by step
- Solution to browser back button event
- Difference between ASP.NET WebForms and ASP.NET MVC
- What’s new in WCF 4.5
- WCF Tutorial by Example
- Creating your first WCF REST Service
- Practical Guide to ASP.NET Web API
Top 10 Interview Questions and Answers Series:
- Top 10 ASP.NET AJAX Interview Questions
- Top 10 WCF Interview Questions
- Comprehensive Series of WCF Interview Questions
- Top 10 HTML5 Interview Questions
- Top 10 ASP.NET Interview Questions
- Comprehensive Series of ASP.NET Interview Questions
- Top 10 ASP.NET MVC Interview Questions
- Top 10 ASP.NET Web API Interview Questions