Social Networks

Q1. What is the difference between authentication and authorization?

  • Authentication is verifying the identity of a user and authorization is process where we check does this identity have access rights to the system.
  • Authorization is the process of allowing an authenticated user access to resources. Authentication always proceed to Authorization; even if your application lets anonymous users connect and use the application, it still authenticates them as being anonymous.

Q2. What is impersonation in ASP.NET?

By default, ASP.NET executes in the security context of a restricted user account on the local machine. Sometimes you need to access network resources such as a file on a shared drive, which requires additional permissions. One way to overcome this restriction is to use impersonation.

With impersonation, ASP.NET can execute the request using the identity of the client who is making the request, or ASP.NET can impersonate a specific account you specify in web.config.


Q3. Explain in brief how the ASP.NET authentication process works.

ASP.NET does not run by itself, it runs inside the process of IIS. So there are two authentication layers which exist in ASP.NET system. First authentication happens at the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file :

  • IIS first checks to make sure the incoming request comes from an IP address that is allowed access to the domain. If not it denies the request.
  • Next IIS performs its own user authentication if it is configured to do so. By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per – application basis with in IIS.
  • If the request is passed to ASP.Net with an authenticated user, ASP.Net checks to see whether impersonation is enabled. If impersonation is enabled, ASP.Net acts as though it were the authenticated user. If not ASP.Net acts with its own configured account.
  • Finally the identity from step 3 is used to request resources from the operating system. If authentication can obtain all the necessary resources it grants the users request otherwise it is denied. Resources can include much more than just the page itself you can also use .Net’s code access security features to extend this authorization step to disk files, registry keys and other resources.


Q4. What are the various ways of authentication techniques in ASP.NET?

Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider:

  • <authentication mode=”windows”>
  • <authentication mode=”passport”>
  • <authentication mode=”forms”>
  • Custom authentication where you might install an ISAPI filter in IIS that compares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptable address. In that case, you would set the authentication mode to none to prevent any of the .Net authentication providers from being triggered.


Q5. How does authorization work in ASP.NET?

ASP.NET impersonation is controlled by entries in the applications web.config file. The default setting is “no impersonation”. You can explicitly specify that ASP.NET shouldn’t use impersonation by including the following code in the file
<identity impersonate=”false”/>

Q6. What is the difference between Datagrid, Datalist and Repeater?

A Datagrid, Datalist and Repeater are all ASP.NET data Web controls. They have many things in common like DataSource Property, DataBind Method, ItemDataBound and ItemCreated events.

When you assign the DataSource Property of a DataGrid to a DataSet then each DataRow present in the DataRow Collection of DataTable is assigned to a corresponding DataGridItem and this is same for the rest of the two controls also. But The HTML code generated for a DataGrid has an HTML TABLE ROW (TR) element created for the particular DataRow and its a Table form representation with Columns and Rows.

For a Datalist it’s an Array of Rows and based on the Template Selected and the RepeatColumn Property value We can specify how many DataSource records should appear per HTML <table> row. In short in DataGrid we have one record per row, but in DataList we can have five or six rows per row.

For a Repeater Control, the DataRecords to be displayed depends upon the Templates specified and the only HTML generated is the due to the Templates.

In addition to these, DataGrid has a pin-built support for Sort, Filter and paging the data, which is not possible when using a DataList and for a Repeater Control we would require to write an explicit code to do paging.


Q7. From performance point of view how do Datagrid, Datalist and Repeater rate ?

Repeater is fastest, followed by DataList and finally DataGrid.


Q8. What is the method to customize columns in DataGrid?

Use the TemplateColumn.


Q9. How can we format data inside DataGrid?

Use the DataFormatString property.


Q10. How to decide should you use a DataGrid, DataList or Repeater ?

DataGrid provides ability to allow the end-user to sort, page, and edit its data. But it comes at a cost of speed. Second the display format is simple that is in row and columns. Real life scenarios can be more demanding that.

With its templates, the DataList provides more control over the look and feel of the displayed data than the DataGrid. It offers better performance than DataGrid.

Repeater control allows for complete and total control. With the Repeater, the only HTML emitted are the values of the databinding statements in the templates along with the HTML markup specified in the templates—no “extra” HTML is emitted, as with the DataGrid and DataList. By requiring the developer to specify the complete generated HTML markup, the Repeater often requires the longest development time. But repeater does not provide editing features like datagrid so everything has to be coded by programmer. However, the Repeater does boast the best performance of the three data Web controls. Repeater is fastest followed by DataList and finally DataGrid.


Q11. Explain main differences between ASP and ASP.NET?

ASP.NET supports new features:

Better Language Support

  • New ADO.NET Concepts have been implemented.
  • ASP.NET supports full language (C#, VB.NET, C++) and not simple scripting like Vbscript.

Better controls than ASP

  • ASP.NET covers large sets of HTML controls.
  • Better Display grid like Datagrid, Repeater and DataList. Many of the display grids have paging support.

Compiled Code

  • The first request for an ASP.NET page on the server will compile the ASP.NET code and keep a cached copy in memory. The result of this is greatly increased performance.
  • Better Display grid like Datagrid, Repeater and DataList. Many of the display grids have paging support.

Controls have events support

  • All ASP.NET controls support events.
  • Load, Click and Change events handled by code makes coding much simpler and much better organized.

Compiled Code

  • The first request for an ASP.NET page on the server will compile the ASP.NET code and keep a cached copy in memory. The result of this is greatly increased performance.

Better Authentication Support

  • ASP.NET supports forms-based user authentication, including cookie management and automatic redirecting of unauthorized logins. (You can still do your custom login page and custom user checking).

User Accounts and Roles

  • ASP.NET allows for user accounts and roles, to give each user (with a given role) access to different server code and executables.

High Scalability

  • Server to server communication has been greatly enhanced, making it possible to scale an application over several servers. One example of this is the ability to run XML parsers, XSL transformations and even resource hungry session objects on other servers.

Easy Configuration

  • Configuration of ASP.NET is done with plain text files.
  • Configuration files can be uploaded or changed while the application is running. No need to restart the server, deal with metabase or registry.

Easy Deployment

  • No more server restart to deploy or replace compiled code. ASP.NET simply redirects all new requests to the new code.


12. What are major events in GLOBAL.ASAX file ?

The Global.asax file, which is derived from the HttpApplication class, maintains a pool of HttpApplication objects, and assigns them to applications as needed. The Global.asax file contains the following events

Application_Init: Fired when an application initializes or is first called. It is invoked for all HttpApplication object instances.

Application_Disposed: Fired just before an application is destroyed. This is the ideal
location for cleaning up previously used resources.

Application_Error: Fired when an unhandled exception is encountered within the application.

Application_Start: Fired when the first instance of the HttpApplication class is created. It allows you to create objects that are accessible by all HttpApplication instances.

Application_End: Fired when the last instance of an HttpApplication class is destroyed. It is fired only once during an application’s lifetime.

Application_BeginRequest: Fired when an application request is received. It is the first event fired for a request, which is often a page request (URL) that a user enters.

Application_EndRequest: The last event fired for an application request.

Application_PreRequestHandlerExecute: Fired before the ASP.NET page framework begins executing an event handler like a page or Web service.

Application_PostRequestHandlerExecute: Fired when the ASP.NET page framework has finished executing an event handler.

Application_PreSendRequestHeaders: Fired before the ASP.NET page framework sends HTTP headers to a requesting client (browser).

Application_PreSendContent: Fired before the ASP.NET page framework send content to a requesting client (browser).(browser).

Application_AcquireRequestState:Fired when the ASP.NET page framework gets the current state (Session state) related to the current request.

Application_ReleaseRequestState:Fired when the ASP.NET page framework completes execution of all event handlers. This results in all state modules to save their current state data.

Application_ResolveRequestCache: Fired when the ASP.NET page framework completes an authorization request. It allows caching modules to serve the request from the cache, thus bypassing handler execution.

Application_UpdateRequestCache:Fired when the ASP.NET page framework completes handler execution to allow caching modules to store responses to be used to handle subsequent requests.

Application_AuthenticateRequest: Fired when the security module has established the current user’s identity as valid. At this point, the user’s credentials have been validated.

Application_AuthorizeRequest: Fired when the security module has verified that a user can access resources.

Session_Start: Fired when a new user visits the application Web site.

Session_End:Fired when a user’s session times out, ends, or they leave the application Web site.



13. What order they are triggered?

They’re triggered in the following order:

  • Application_BeginRequest
  • Application_AuthenticateRequest
  • Application_AuthorizeRequest
  • Application_ResolveRequestCache
  • Application_AcquireRequestState
  • Application_PreRequestHandlerExecute
  • Application_PreSendRequestHeaders
  • Application_PreSendRequestContent
  • ..code is executed..
  • Application_PostRequestHandlerExecute
  • Application_ReleaseRequestState
  • Application_UpdateRequestCache
  • Application_EndRequest


None found.
  1. samuel goldsmith says:

    This is very interesting, You’re a very professional blogger. I have joined your rss feed and look ahead to searching for extra of your great post. Also, I have shared your website in my social networks

Leave a Reply

Your email address will not be published. Required fields are marked *

Allowed Tags:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>