Monday, October 11, 2010

Difference between 2.0/3.0/3.5 frameworks


NET framework 2.0:

It brings a lot of evolution in class of the framework and refactor control including the support of

Generics
Anonymous methods
Partial class
Nullable type
The new API gives a fine grain control on the behavior of the runtime with regards to multithreading, memory allocation, assembly loading and more
Full 64-bit support for both the x64 and the IA64 hardware platforms
New personalization features for ASP.NET, such as support for themes, skins and webparts.
.NET Micro Framework


.NET framework 3.0:

Also called WinFX,includes a new set of managed code APIs that are an integral part of Windows Vista and Windows Server 2008 operating systems and provides

Windows Communication Foundation (WCF), formerly called Indigo; a service-oriented messaging system which allows programs to interoperate locally or remotely similar to web services.
Windows Presentation Foundation (WPF), formerly called Avalon; a new user interface subsystem and API based on XML and vector graphics, which uses 3D computer graphics hardware and Direct3D technologies.
Windows Workflow Foundation (WF) allows for building of task automation and integrated transactions using workflows.
Windows CardSpace, formerly called InfoCard; a software component which securely stores a person's digital identities and provides a unified interface for choosing the identity for a particular transaction, such as logging in to a website


.NET framework 3.5:

It implement Linq evolution in language. So we have the folowing evolution in class:

Linq for SQL, XML, Dataset, Object
Addin system
p2p base class
Active directory
ASP.NET Ajax
Anonymous types with static type inference
Paging support for ADO.NET
ADO.NET synchronization API to synchronize local caches and server side datastores
Asynchronous network I/O API
Support for HTTP pipelining and syndication feeds.
New System.CodeDom namespace.

From
http://faisalmb.com/blog/post/2008/09/Difference-between-NET-203035.aspx

Sunday, October 10, 2010

Basic .NET, C#.NET, ASP.NET interview questions

        1. What is an AppDomain, Process and Thread?
    Process: A computer program is a set of instructions. Operating system executes a computer program by allocating a process for a program. Several processes may be associated with the execution of a single program. A process is an instance of machine code associated with a program. It has memory for instructions, data, a call stack and a heap
    AppDomain: An AppDomain is a light-weight process which separates one application in .NET with another. CLR creates an AppDomain when an application is loaded. Each application will have an AppDomain associated. Each AppDomain can have different threads running in it. Each app domain will have its associated code, data and configuration. Hence when one application crashes, it does not affect other.
    Thread: Each process can have multiple threads. Multiple threads can share same execution code and resources. A multi-threaded process can perform several tasks concurrently. 
             2. What is a runtime host?

    .NET framework supports different type of applications like Web, windows, console etc,. Each type of application needs a runtime host to start it. This runtime host loads the runtime into a process, creates the application with in the process and loads the application code into the process.
    Runtime hosts included in .NET framework are
    ASP.NET: It loads the runtime that can handle a web request into the process. ASP.NET also creates an application domain for each Web application that will run on a Web server.
    Microsoft Internet Explorer: It creates an application domain to run managed controls.
    Shell executables: When ever a runtime executable is launched from the shell, this executable invokes the corresponding runtime host.
             3. What is the diff btwn manageable and unmanageable code?

    Code which targets the .NET framework CLR is manageable meaning CLR can provide its services like type safety, memory management, exceptional handling etc to this type of code. Managed code is always compiled into MSIL. When a .NET application is run this compiled MSIL is compiled to native code using JIT (Just In Time compiler). This JIT generates the native code as per the hardware specification on the system. Since all this process happens under the control of a managed environment CLR, CLR provides all its rich functionality. Managed code provides platform independence since the code is converted to MSIL and then converted to native code depending on the system architecture.
    The code that does not target CLR is unmanageable. It cannot run under CLR. This code directly runs under OS control. Applications written in traditional applications like C++, VB, C generate unmanaged code. This targets the computer architecture. Unmanaged code is always compiled to target a specific architecture and will only run on the intended platform. This means that if you want to run the same code on different architecture then you will have to recompile the code using that particular architecture. Unmanaged code is always compiled directly to the native code which is architecture specific. This code cannot be executed on other platforms that are different than the one on which the code was compiled. All the features provided by CLR are unavailable and are to be taken care by the code. Hence this causes memory leaks in traditional applications. 

    4. ExplainValue and reference types?
      “System.Object” is the base class from all the .NET classes.
      Value types: Value types inherit from the System.ValueType class, which in turn, inherits from System.Object. Value types are stored on stack. They are implicitly sealed. Structs and Enumerations are value types and they are always stored on stack. A value type cannot contain a null value. Variables that are value types store data.
      Reference types: Variables to reference types referred to as object, store reference to actual data. Actual data is stored on the heap and reference is stored on the stack. This allows the garbage collector to track outstanding references to a particular instance and free the instance when no references remain.
      Integral types : sbyte, byte, char, short, ushort, int, uint, long, ulong
      Floating Point types: float, double
      Decimal types: decimal

      5. What is the role of garbage collector in .NET?

      Objects created are stored on heap. Since the memory (here heap) is exhaustible, .NET identifies a mechanism to collect the unused memory(heap). GC does an automatic sweep of heap once it is full. GC can only destroy managed objects.
      GC will finalize all the objects in the memory that are not being used anymore and thereby freeing the memory allocated to them.
      .NET uses a three-generation approach to collecting memory. Newly allocated memory tends to be freed more frequently than older allocations, which tend to be more permanent. Gen 0 (Zero) is the youngest generation and, after a garbage collection, any survivors go on to Gen 1. Likewise, any survivors of a Gen 1 collection go on to Gen 2. Usually garbage collection will occur only on Gen 0, and only if after it has reached some limit. Until memory is exhausted, the cost of allocating each new object is that of incrementing a pointer--which is close to the performance of advancing the stack pointer.
      CLR calls the GC when there is a high memory pressure and it is not able to find any exact place to allocate a new object or the applied threshold is reached. 

      6. Can you force Garbage collection if so how?

      In applications with significant memory requirements, you can force garbage collection by invoking the GC.Collect method from the program. 

      7. What is CLR?

      CLR is a runtime environment provided by .NET framework.
      Developers write code in either C# or VB.NET.
      .NET compilers convert this high level code into Microsoft Intermediate Language(MSIL). At runtime JIT compiler converts the MSIL into native code specific to the OS. CLR runs MSIL.
      CLR provides memory management, exceptional handling, security etc to the .NET code.

        
      8. Explain CLS and CTS?

      CLS: Common Language specification is a set of rules that are to be followed by a language in order to be .NET complaint. This facilitates cross-language integration. Programs written in one .NET language can interoperate with programs written in another .NET language.
      CTS: Common Type System Common Type System (CTS) describes how types are declared, used and managed. CTS facilitates cross-language integration, type safety, and high performance code execution. 

      9. What is Type safety in .NET?

      Type-safe code accesses only the memory locations it is authorized to access. For example, type-safe code cannot read values from another object's private fields. It accesses types only in well-defined, allowable ways. If we want to work directly with memory addresses and can manipulate bytes at these addresses then we have to declare that code chunk as unsafe using the unsafe Keyword in C#. So that CLR will not do any extra verification on this code.
      Actually during just-in-time (JIT) compilation, an optional verification process examines the metadata and Microsoft intermediate language (MSIL) of a method to be JIT-compiled into native machine code to verify that they are type safe. This process is skipped if the code has permission to bypass verification. For example, the runtime cannot prevent unmanaged code from calling into native (unmanaged) code and performing malicious operations. When code is type safe, the runtime's security enforcement mechanism ensures that it does not access native code unless it has permission to do so. All code that is not type safe must have been granted Security Permission with the passed enum member SkipVerification to run. 

      10. What is an assembly?

      An assembly is a basic building block for an application. It can be a DLL or EXE. An assembly contains IL. It consists of metadata about the types inside the assembly.

      What is SilverLight?

      Silverlight is a web based technology, launched by Microsoft in April 2007. Silverlight is considered as a competitor to Adobes Flash.

      Silverlight applications are delivered to browsers in a text-based markup language called XAML. One important difference between Flash and XAML is, Flash is a compiled application where as XAML is text based. Search engines can analyze and index such content, which is a huge benefit for webmasters.


      For regular internet users, Silverlight is a browser plug-in that supports video, audio and animations.


      For web developers, Silverlight offers much more. Silverlight supports video and audio files without need of much programming. It allows them to handle events from web pages (like handle start/end of video playing etc)

      Authentication in ASP.NET



      There are two closely interlinked concepts at the heart of security for distributed applications - authentication and authorization. Authentication is the process of obtaining some sort of credentials from the users and using those credentials to verify the user's identity. Authorization is the process of allowing an authenticated user access to resources. Authentication is always precedes to Authorization; even if your application lets anonymous users connect and use the application, it still authenticates them as being anonymous.
      ASP.net provides flexible set of alternatives for authentication. You can perform authentication yourself in code or delegate authentication to other authorities (such as Microsoft Passport). In fact sometimes it seems ASP.net authentication is a bit too flexible; it can be difficult for a new developer to know just where to start. In this article, we review the settings in ASP.net and Internet Information Services (IIS) that control authentication and authorization in ASP.net applications.
      An ASP.net application has two separate authentication layers. That is because ASP.net is not a standalone product. Rather it is a layer on top of IIS. All requests flow through IIS before they are handed to ASP.net. As a result, IIS can decide to deny access without the ASP.net process even knowing that someone requested a particular page. Here is an overview of the steps in the joint IIS and ASP.net authentication process.
      1. IIS first checks to make sure the incoming request comes from an IP address that is allowed access to the domain. If not it denies the request.
      2. Next IIS performs its own user authentication if it configured to do so. By default IIS allows anonymous access, so requests are automatically authenticated, but you can change this default on a per - application basis with in IIS.
      3. If the request is passed to ASP.net with an authenticated user, ASP.net checks to see whether impersonation is enabled. If impersonation is enabled, ASP.net acts as though it were the authenticated user. If not ASP.net acts with its own configured account.
      4. Finally the identity from step 3 is used to request resources from the operating system. If ASP.net authentication can obtain all the necessary resources it grants the users request otherwise it is denied. Resources can include much more than just the ASP.net page itself you can also use .Net's code access security features to extend this authorization step to disk files, Registry keys and other resources.
      As you can see several security authorities interact when the user requests and ASP.net page. If things are not behaving the way you think they should, it can be helpful to review this list and make sure you have considered all the factors involved
      Authentication providers Assuming IIS passes a request to ASP.net, what happens next? The answer depends on the configuration of ASP.net itself. The ASP.net architecture includes the concept of and authentication provider a piece of code whose job is to verify credentials and decide whether a particular request should be considered authenticated. Out of the box ASP.net gives you a choice of three different authentication providers.
      • The windows Authentication provider lets you authenticates users based on their windows accounts. This provider uses IIS to perform the authentication and then passes the authenticated identity to your code. This is the default provided for ASP.net.
      • The passport authentication provider uses Microsoft's passport service to authenticate users.
      • The forms authentication provider uses custom HTML forms to collect authentication information and lets you use your own logic to authenticate users. The user's credentials are stored in a cookie for use during the session.
      Selecting an authentication provider is as simple as making an entry in the web.config file for the application. You can use one of these entries to select the corresponding built in authentication provider:
      <authentication mode="windows">authentication mode="passport">
      <
      authentication mode="forms">
      ASP.net also supports custom authentication providers. This simply means that you set the authentication mode for the application to none, then write your own custom code to perform authentication. For example, you might install an ISAPI filter in IIS that compares incoming requests to list of source IP addresses, and considers requests to be authenticated if they come from an acceptable address. In that case, you would set the authentication mode to none to prevent any of the .net authentication providers from being triggered.
      The fig below illustrates the authorization and authentication mechanisms provided by ASP.NET and IIS.
      Windows authentication and IIS If you select windows authentication for your ASP.NET application, you also have to configure authentication within IIS. This is because IIS provides Windows authentication. IIS gives you a choice for four different authentication methods:
      Anonymous, basic digest, and windows integrated
      If you select anonymous authentication, IIS doesn't perform any authentication, Any one is allowed to access the ASP.NET application.
      If you select basic authentication, users must provide a windows username and password to connect. How ever this information is sent over the network in clear text, which makes basic authentication very much insecure over the internet.
      If you select digest authentication, users must still provide a windows user name and password to connect. However the password is hashed before it is sent across the network. Digest authentication requires that all users be running Internet Explorer 5 or later and that windows accounts to stored in active directory.
      If you select windows integrated authentication, passwords never cross the network. Users must still have a username and password, but the application uses either the Kerberos or challenge/response protocols authenticate the user. Windows-integrated authentication requires that all users be running internet explorer 3.01 or later Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos is a solution to network security problems. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise
      Passport authentication Passport authentication lets you to use Microsoft's passport service to authenticate users of your application. If your users have signed up with passport, and you configure the authentication mode of the application to the passport authentication, all authentication duties are offloaded to the passport servers.
      Passport uses an encrypted cookie mechanism to indicate authenticated users. If users have already signed into passport when they visit your site, they'll be considered authenticated by ASP.NET. Otherwise they'll be redirected to the passport servers to log in. When they are successfully log in, they'll be redirected back to your site
      To use passport authentication you have to download the Passport Software Development Kit (SDK) and install it on your server. The SDK can be found at http://msdn.microdoft.com/library/default.asp?url=/downloads/list/websrvpass.aps. It includes full details of implementing passport authentication in your own applications.
      Forms authentication Forms authentication provides you with a way to handle authentication using your own custom logic with in an ASP.NET application. The following applies if you choose forms authentication.
      1. When a user requests a page for the application, ASP.NET checks for the presence of a special session cookie. If the cookie is present, ASP.NET assumes the user is authenticated and processes the request.
      2. If the cookie isn't present, ASP.NET redirects the user to a web form you provide
      3. You can carry out whatever authentication, checks you like in your form. When the user is authenticated, you indicate this to ASP.NET by setting a property, which creates the special cookie to handle subsequent requests.
      Configuring Authorization
      After your application has authenticated users, you can proceed to authorize their access to resources. But there is a question to answer first: Just who is the user to whom your are grating access? It turns out that there are different answers to that question, depending on whether you implement impersonation. Impersonation is a technique that allows the ASP.NET process to act as the authenticated user, or as an arbitrary specified user
      ASP.NET impersonation is controlled by entries in the applications web.config file. The default setting is "no impersonation". You can explicitly specify that ASP.NET shouldn't use impersonation by including the following code in the file
      <identity impersonate="false"/>
      With this setting ASP.NET does not perform impersonation. It means that ASP.NET will runs with its own privileges. By default ASP.NET runs as an unprivileged account named ASPNET. You can change this by making a setting in the processModel section of the machine.config file. When you make this setting, it automatically applies to every site on the server. To user a high-privileged system account instead of a low-privileged, set the userName attribute of the processModel element to SYSTEM. Using this setting is a definite security risk, as it elevates the privileges of the ASP.NET process to a point where it can do bad things to the operating system.
      When you disable impersonation, all the request will run in the context of the account running ASP.NET: either the ASPNET account or the system account. This is true when you are using anonymous access or authenticating users in some fashion. After the user has been authenticated, ASP.NET uses it own identity to request access to resources.
      The second possible setting is to turn on impersonation.
      <identity impersonate="true"/>
      In this case, ASP.NET takes on the identity IIS passes to it. If you are allowing anonymous access in IIS, this means ASP.NET will impersonate the IUSR_ComputerName account that IIS itself uses. If you aren't allowing anonymous access,ASP.NET will take on the credentials of the authenticated user and make requests for resources as if it were that user. Thus by turning impersonation on and using a non-anonymous method of authentication in IIS, you can let users log on and use their identities within your ASP.NET application.
      Finally, you can specify a particular identity to use for all authenticated requests
      <identity impersonate="true" username="DOMAIN\username" password="password"/>
      With this setting, all the requests are made as the specified user (Assuming the password it correct in the configuration file). So, for example you could designate a user for a single application, and use that user's identity every time someone authenticates to the application. The drawback to this technique is that you must embed the user's password in the web.config file in plain text. Although ASP.NET won't allow anyone to download this file, this is still a security risk if anyone can get the file by other means.
      Best practices Now that you know what the choices are for ASP.NET authentication, here are some points that tell which to choose.
      • If there is nothing sensitive about the application, stick with no authentication in ASP.NET and anonymous authentication in IIS. That lets anyone who can reach the host computer use the application.
      • If you have to authenticate users, there are several choices. If all users have accounts on your network, use Windows authentication in ASP.net with one of the strong IIS authentication settings. If users don't have network accounts, own custom authentication scheme is preferred, means forms authorization.
      • If different users must have different privileges, impersonation in ASP.net configuration files needs to be turn on.