1)What is
the difference between Authentication and Authorization?
Authentication is the process of identifying users. Authorization is the process of granting access to those users based on identity. Together, authentication and authorization provide the means to keeping your Web application secure from intruders.
Authentication is the process of identifying users. Authorization is the process of granting access to those users based on identity. Together, authentication and authorization provide the means to keeping your Web application secure from intruders.
2)What is
Anonymous access?
Anonymous access is the way most public Web sites work. Sites containing public information allow anyone to see that information, so they don’t authenticate users. ASP.NET Web applications provide anonymous access to resources on the server by impersonation. Impersonation is the process of assigning a user account to an unknown user.
Anonymous access is the way most public Web sites work. Sites containing public information allow anyone to see that information, so they don’t authenticate users. ASP.NET Web applications provide anonymous access to resources on the server by impersonation. Impersonation is the process of assigning a user account to an unknown user.
3)What is
the account that is associated with Anonymous access?
By default, the anonymous access account is named IUSER_machinename. You use that account to control anonymous users’ access to resources on the server.
By default, the anonymous access account is named IUSER_machinename. You use that account to control anonymous users’ access to resources on the server.
4)What is
the default user account under which an ASP.NET web application run on a web
server?
Under the default settings, ASP.NET uses the ASPNET account to run the Web application. This means that if the application attempts to perform any tasks that are not included in the ASPNET account’s privileges, a security exception will occur and access will be denied.
Under the default settings, ASP.NET uses the ASPNET account to run the Web application. This means that if the application attempts to perform any tasks that are not included in the ASPNET account’s privileges, a security exception will occur and access will be denied.
5)How do you
restrict the access of anonymous users?
You restrict the access of anonymous users by setting Windows file permissions. To be secure, your server must use the Microsoft Windows NT file system (NTFS). The earlier FAT or FAT32 file systems do not provide file-level security.
You restrict the access of anonymous users by setting Windows file permissions. To be secure, your server must use the Microsoft Windows NT file system (NTFS). The earlier FAT or FAT32 file systems do not provide file-level security.
6)What is
the namespace where all security related classes are present?
System.Web.Security
System.Web.Security
7)What type
of authentication can be used for Public Internet Web application?
Anonymous access. This is the common access method for most Web sites. No logon is required, and you secure restricted resources using NTFS file permissions.
Anonymous access. This is the common access method for most Web sites. No logon is required, and you secure restricted resources using NTFS file permissions.
8)What type
of authentication can be used for Intranet Web application?
Windows authentication. Windows authentication authenticates network users through the domain controller. Network users have access to Web application resources as determined by their user privileges on the server.
Windows authentication. Windows authentication authenticates network users through the domain controller. Network users have access to Web application resources as determined by their user privileges on the server.
9)What type
of authentication can be used for Private corporate Web application?
Windows authentication. Corporate users can access the Web application using their corporate network user names and passwords. User accounts are administered using the Windows network security tools.
Windows authentication. Corporate users can access the Web application using their corporate network user names and passwords. User accounts are administered using the Windows network security tools.
10)What type
of authentication can be used for Commercial Web application?
Forms authentication. Applications that need to collect shipping and billing information should implement Forms authentication to gather and store customer information.
Forms authentication. Applications that need to collect shipping and billing information should implement Forms authentication to gather and store customer information.
11)What type
of authentication can be used for Multiple commercial Web applications?
Passport authentication. Passport authentication allows users to sign in once through a central authority. The user’s identity is then available to any application using the Passport SDK. Customer information is maintained in a Passport profile, rather than in a local database.
Passport authentication. Passport authentication allows users to sign in once through a central authority. The user’s identity is then available to any application using the Passport SDK. Customer information is maintained in a Passport profile, rather than in a local database.
12)Can you
use ASP.NET Authentication with HTM and HTML Files?
The three ASP.NET authentication modes apply to files that are part of the Web application. That includes Web forms (.aspx), modules (.asax), and other resources that are processed through the Web application’s executable. It does not automatically include HTML pages (.htm or .html). Those pages are handled by Internet Information Services (IIS), rather than ASP.NET. If you want to authenticate users who access HTML pages from within your Web application using Windows, Forms, or Passport authentication modes, you must map those files to the ASP.NET executable.
The three ASP.NET authentication modes apply to files that are part of the Web application. That includes Web forms (.aspx), modules (.asax), and other resources that are processed through the Web application’s executable. It does not automatically include HTML pages (.htm or .html). Those pages are handled by Internet Information Services (IIS), rather than ASP.NET. If you want to authenticate users who access HTML pages from within your Web application using Windows, Forms, or Passport authentication modes, you must map those files to the ASP.NET executable.
13)How do
map .htm and .html files to the ASP.NET executable using the IIS snap-in?
To map .htm and .html files to the ASP.NET executable using the IIS snap-in, follow these steps:
1. In the IIS snap-in, select the folder containing your Web application, and then choose Properties from the Action menu. IIS displays the Properties dialog box.
2. Click the Home Directory or Virtual Directory tab, and then click Configuration. IIS displays the Application Configuration dialog box, as shown in the diagram below.
To map .htm and .html files to the ASP.NET executable using the IIS snap-in, follow these steps:
1. In the IIS snap-in, select the folder containing your Web application, and then choose Properties from the Action menu. IIS displays the Properties dialog box.
2. Click the Home Directory or Virtual Directory tab, and then click Configuration. IIS displays the Application Configuration dialog box, as shown in the diagram below.
3. Click Add. IIS displays the Add/Edit Application
Extension Mapping dialog box, as shown in the diagram below.
4. Click Browse, and select the aspnet_isapi.dll file.
That file is stored in the Windows Microsoft .NET Framework directory; the path
will be something like C:\Windows\Microsoft.NET\Framework\versionnumber\aspnet_isapi.dll.
5. Type .htm in the File Extension box, and click OK.
6. Repeat steps 3 through 5 for the .html file extension. Click OK to close the IIS dialog boxes when you’ve finished.
5. Type .htm in the File Extension box, and click OK.
6. Repeat steps 3 through 5 for the .html file extension. Click OK to close the IIS dialog boxes when you’ve finished.
14)Give any five names of the asp.net Security Controls?
·
<asp:Login>: Provides a
standard login capability that allows the users to enter their credentials
· <asp:LoginName>: Allows you to display the name of the
logged-in user
· <asp:LoginStatus>: Displays whether the user is authenticated
or not
· <asp:LoginView>: Provides various login views depending on
the selected template
·
<asp:PasswordRecovery>:email
the users their lost password
15)How do
you provide secured communication in ASP.NET?
ASP.NET
provides secured communication using Secure Sockets Layer. The application to
use SSL need to have an encryption key called a server certificate configured
in IIS. When a user requests a secured page, the server generates an encryption
key for the user’s session. The encrypted response is then sent along with
encryption key generated. In the client side, the response is then decrypted
using same encryption key.
16)What are
the Windows authentication types?
The
Windows authentication workflow uses one of the following authentication
techniques:
·Basic
authentication
·Digest
authentication
·Windows Integrated Authentication
·Anonymous
Authentication.
Basic Authentication: The Windows user name and password has to
be provided to connec and this information is sent over the network in plain
text, and, hence, this is an insecure method of authentication.
Digest
Authentication: It is the same as basic authentication except that the password is hashed before it is sent
across the network.
Integrated Windows Authentication: In this
kind of authentication technique,
passwords are not sent across the network. The application here uses either the
kerberos or challenge/response protocols to authenticate users.
Anonymous Authentication: IIS allows
any user to access the ASP.NET application.
17)Define
secured sockets layer?
Secured Socket Layer (SSL) ensures a secured web application by encrypting the
data sent over
internet.
When an application is using SSL facility, the server generates an encryption
key for the
session and
page is encrypted before it sent. The client browse uses this encryption key to
decrypt the
requested Web page.
18)How do you provide Secure Communication over the world
wide web?
Security is not just a matter of identifying users and preventing unauthorized users from accessing your Web applications, but it’s just as important to ensure that sensitive data sent across the Internet can’t be read by others.
To provide secure communication across the Internet, IIS supports a standardized means of encrypting and decrypting Web requests and responses. This cryptography requires that you request an encryption key called a server certificate from an independent third party called a certificate authority.
Security is not just a matter of identifying users and preventing unauthorized users from accessing your Web applications, but it’s just as important to ensure that sensitive data sent across the Internet can’t be read by others.
To provide secure communication across the Internet, IIS supports a standardized means of encrypting and decrypting Web requests and responses. This cryptography requires that you request an encryption key called a server certificate from an independent third party called a certificate authority.
19)What is the largest certificate authority?
The largest certificate authority is VeriSign.
The largest certificate authority is VeriSign.
21)How can
you set the web application to run under a specific user’s account?
You can set the application to run under a specific user’s account by setting the application’s identity element to enable impersonation .
You can set the application to run under a specific user’s account by setting the application’s identity element to enable impersonation .
22)How do
you impersonate the authenticated user in ASP.NET?
Impersonation
means delegating one user identity to another user. In ASP.NET, the anonymous
users impersonate the ASPNET user account by default. You can use
<identity> element of web.config file to impersonate user.
E.g. <identity
impersonate="true"/>
23)What is the account that is associated with Anonymous
access?
By default, the anonymous access account is named IUSER_machinename. You use that account to control anonymous users’ access to resources on the server.
By default, the anonymous access account is named IUSER_machinename. You use that account to control anonymous users’ access to resources on the server.
24).Why is "Connecting to SQL Server using
Integrated Security" considered a best practice?Connecting
to SQL Server using integrated security instead of using an explicit user name
and password, helps avoid the possibility of the connection string being
compromised and your user ID and password being exposed.
25).What is
the difference between Windows authentication and Forms authentication?
The difference between Windows authentication and Forms authentication is that in Forms authentication your application performs all the authentication and authorization tasks. You must create Web forms and write code to collect user names and passwords and to check those items against a list of authorized users.
The difference between Windows authentication and Forms authentication is that in Forms authentication your application performs all the authentication and authorization tasks. You must create Web forms and write code to collect user names and passwords and to check those items against a list of authorized users.
26).In which
namespace the FormsAuthentication class is present?
System.Web.Security namespace
System.Web.Security namespace
27)What is
the default authentication method when you create a new Web application
project?
Windows authentication is the default authentication method when you create a new Web application project.
Windows authentication is the default authentication method when you create a new Web application project.
28).What is
Role-Based authorization in windows authentication?
Role-based authorization lets you identify groups of users to allow or deny based on their role in your organization. In Windows NT and Windows XP, roles map to names used to identify user groups. Windows defines several built-in groups, including Administrators, Users, and Guests. You can view, modify, or add groups using the Computer Management console
Role-based authorization lets you identify groups of users to allow or deny based on their role in your organization. In Windows NT and Windows XP, roles map to names used to identify user groups. Windows defines several built-in groups, including Administrators, Users, and Guests. You can view, modify, or add groups using the Computer Management console
To
allow or deny access to certain groups of users, add the element to the
authorization list in your Web application’s Web.config file.
29).What is
the user account under which an ASP.NET web application runs by default?
Web application runs under the identity of the ASP.NET user account by default.
Web application runs under the identity of the ASP.NET user account by default.
30).What is
the use of mode attribute in authentication element in a web.config file?
You use the mode attribute to specify the type of authentication your web application is using. Set the mode attribute to forms to enable Forms authentication.
You use the mode attribute to specify the type of authentication your web application is using. Set the mode attribute to forms to enable Forms authentication.
No comments:
Post a Comment