.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Multiple choice security question

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :ASP.Net

Which one of the following attribute would you use to minimize the security risk by limiting the assembly's privileges so that it can access only  the boot.ini file ?

a  [assembly:FileIOPermissionAttribute(SecurityAction.PermitOnly,Read=@"C:\boot.ini")]

b  [assembly:FileIOPermissionAttribute(SecurityAction.RequestMinimum,Read=@"C:\boot.ini")]

c   [assembly:FileIOPermissionAttribute(SecurityAction.RequestOptional,Read=@"C:\boot.ini")]

Is a the correct answer ?

View Complete Post

More Related Resource Links

Can somebody answer this multiple choice question regarding exceptions ?


You are creating a class library that will be used by several applications. You need to create a custom exception that will be thrown if an application attempts to retrieve product information using an invalid product number.

You need to create the ProductNotFoundException class. From which class should you derive ProductNotFoundException?

A: ApplicationException

B: SystemException

C: Exception

D: ArgumentException


Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


Educational question: How server objects are accessed from multiple client threads?

I will appreciate it if someone can help me to undestand how the following scenario works:   There is remoting server that is registered as WellKnownObjectMode.Singleton. Server implementation: It instantiates a class TestServer that implements interface IFoo interface IFoo { IHelper GetHelper() }   interface IHelper { void StoreString(); }   Implementation of TestServer: internal sealed class TestServer: System.MarshalByRefObject, IFoo { private IHelper> helper = new Helper(); public IHelper GetHelper(string helper){return helper;} }   Implementation of Helper: internal sealed class Helper : System.MarshalByRefObject, IHelper { public void StoreString (string val) {}; }   Implementation of a client (simplified; shown to illustrate the question only): static class Program { public static IFoo TestService; public static IHelper Helper; public TestThreads testmultiplecalls; [STAThread] static void Main() { TestService = (IFoo)Activator.GetObject(typeof(IFoo),"ipc://Channel"); Helper = TestService.GetHelper(); testmultiplecalls.Start(); } }   internal class TestThreads { public Start() { for (int i = 0; i < 20; i++) ThreadPool.QueueUserWorkItem((new TestCall(i.ToString())).DoWork); } }     internal class TestCall { private string m_str; public TestCall (string str) {m_str = str;} public void DoWork() { Program.Helper.StoreString(m_str); } }     Que

Question about URL security

Hi I'm creating a website where I want people not to be able to create link to certain pages. The site work like this: The user do a serch for a document and click the link to view it, then he can view the document. If the user somehow adds the URL to favorites he should not be able to view the document when he at some time later tries to view the document. In addition if the user sends the URL to other people they should not be able to view the document. Any suggestions how to implement this?  

public web methods...how to make private? Security question


I understand how to set security for a ASP.NET web page, how to encrypt a Silverlight page, and a WCF application, but my question goes to this:  given a web method, which by definition must be public, how do you keep people from accessing it outside of your client program?

If your program (client) is the only way to access this web method, then there's no problem.  But it is impossible to make a web method private--it won't compile--so how to keep people from using it?  The only thing I can think of is that if you call your web method by an obscure sounding name, it's likely nobody will guess the URL, and if you set your server so it cannot be searched (dir *.*) by the public, it's unlikely anybody will ever guess the name of the web method.  But this is hardly 100% secure.  And what if you call your web method "DoWork", which is the default OperationContract name in Visual Studio?

What am I missing?



//what I have in mind

public interface IService1
        string DoWork();


public string DoWork()
//secret stuff in here
string SecretStuff = "S

Question regarding having multiple versions of the .net framework


Hi guys,

Sorry if this sounds silly, but it's been getting to me for quite a while now.  I've been having some issues installing both .net framework 3.5 and 4.0 on my computer since I have certain software that either requires one or the other to run.  I've tried over and over again to install framework version 3.5 from your web site, but each time, the result is the same.  I always get the error that I mustconfigure the framework from the control panel.  Yet I see nothing about that in the control panel.  Maybe it would help you to know that I had first found .net framework through IIS when I went to put that in there, and so I've been trying to install it from there.  Every other framework version works fine except for version 3.5.  I unfortunately cannot provide any logs since my computer is currently with the Gordon college techs due to another issue, but any help on this would be appreciated.  Thanks. 



security question about dynamic data


apologies if this has been answered before.

it seems that the scaffolding that generates the list, edit, details apsx pages uses querystrings to pass the primary key for the relevant record. thus is i have a list.aspx showing me a grid of records, the edit hyperlink will be something like http://../tblTable/edit.aspx?ID=n where n is the key of the record to edit.

however, obviously this is not secure for a multi-user site as someone else with a valid login could potentially see records which they shouldnt simply by trying different "ID=n" values?

is there a way to change this behaviour in a Dynamic Data site or will i have to manually code to ensure a user only see records intended for them?

any help is gratefully appreciated



Using Sharepoint 2003 - Data Security Question

We need to limit visibility of data in a datasheet to users based on their ID, NOT on who created or loaded the data.  If this is possible, how do we accomplish this?

question about multi user website and security



i am developing a multi-user website using Dynamic Data and wondered if someone could answer the following or provide advice:

what is the best way of protecting data so someone (who has a login to the site) cannot see records intended ONLY to be viewable by another valid user?

as far as i can see a user can simply tamper with querystring or url values (if using routing) and bring up the details of records they should not.


any help qould be gratefully appreciated. i am drawing a blank so far and the easiest option may be to back to a traditional asp.net site where i can control things simply by use of a Session variable (UserID)



Newbie User Import Question re: One way external trust & Security



There is a business initiative to install a Dev Sharepoint 2007 server in our Trusting Domain. My internal corp network will be Corp.COM. The 3rd party network will be 3rd.COM.  Currently 3rd.COM has a Oneway External Trust pointing inward to Corp.com.  Corp.COM Domain and Forest levels are WIndows 2003. 3rd.com Domain level is Windows 2000 Mixed and the Forest is Windows 2000.

The Dev sharepoint server is located in 3rd.Com domain and the consultant is trying to import Corp.com users by pointing the user profile connection to Corp.com active directory. Needless to say this will fail because there is a one way trust in place so 3rd.com users are allowed to read Corp.Com active directory. Not to mention there are no firewall ports open for this anyway. My questions are...

How can we securely allow this sharepoint server to import in 3rd.com to import users from Corp.com?

Ideally we would like to use a service account from Corp.com to import the accounts. We would also like to either

(A) encrypt the sharepoint servers communication to our Corp.com active directory. because there are Two firewalls between the trust ports would be specifically opened from Sharepoint server <-> Corp.com DC

(b) some how use the existing trust to facilitate this procedures. no additional ports opened on the firewalls.

Any ass

Data Flows in SSIS - Mapping Multiple source tables to Destination table **Newb question**

Hi I am new to SSIS and had a basic question. I have around 30+ tables in a db that needs to be migrated to a newer schema in the DB. The data flow task seems to be ideally suited for my requirement. My question is do I need to create 30+ different data flow tasks for this which will get executed one after the other or is there a better way to migrate large number of tables. Also how are referential constraints taken care of during such migration. Thanks and Regards, Ganesh Ranganathan
Ganesh Ranganathan
[Please mark the post as answer if it answers your question]

"newby" question about packet sniffing and security and fraud prevention


Basically, I am looking for a reliable source of where I can start to learn to master this. While I can continue to work on this using perl, I am hoping there is something in .NET that supports this so that I can get better performance from compiled code.  Having programmed in C++ for so long, C# strikes me as trivially easy to use: the two are so similar, and the more advanced features of C++ don't seem to be there.

I am a "newby" only in the sense that normally I work on application software (such as statistical or data mining applications: I have programmed in FORTRAN and C/C++ for decades).  I am just beginning to examine low level programming tasks such as examining the lower OSI layers.

I have written some code aimed at one form of ecommerce fraud based on CGI programming in perl.

Maybe the question is naive, but I thought I might be able to get a clue about suspicious incoming traffic if I can compare the IP address information at the IP layer with the IP information in selected HTTP headers.  I would guess that the first thing to do is to be able to sniff incoming packets, and the next is to relate the incoming packets to the requests that have been made to our httpd server (I have access to both MS IIS and Apache, so whatever I do, I can host it on either, depending on what will give the best

multiple default value on a choice column



can I have multiple default value on a choice column?



Regex question with multiple replaces


I've never been good with Regex, but I'm sure this can be done. I'm basically trying to regex to avoid using two Replace methods on a string. For example, how would I replace a and b in a string with a space using regex in C#? Or how would I convert this line?

myString.Replace("a", " ").Replace("b", " "); 

Quiz with multiple choice using c#


 Dear all,


My task is online quiz with multiple choice questions and with following constraints

- 20 Random selection of questions every time when user log in

- 30 mins duration.

Front End - asp.net with C#

Backend - sql server 2005



Thanx in advance




Revised Question XML Value Method Return Multiple Rows


Question earlier asked and answered to run query to collect sql data from xml schema

was able to collect the scheme from node but query did not return data but xml string


I ran this query

select x.col.value ('




cross apply



Multiple users system design question.



I am designing a web application that will allow users to accept jobs.  Once accepted, the job is locked until completed or released my an admin. 

I have researched this pretty heavily, everything seems to suggest this.  While I think this might be part of the solution, I am still wondering how to reflect the change on the screen. 

The solution we have come up with is to do polling with ajax, but the case we come back to is even if we check ever second...there can be ( and this is very likely ) that two or more users will click the same job at the same time.

Maybe this is as easy as this:

if( job.isLocked() ) {

    // Notify the user, and refresh grid.
    WarningLabel.Text = "Job is taken!!!!";


Our users use IE7 if this matters.  If anybody can give me a confirmation if this is the 'right' way to go about this, or propose other options I would greatly appreicate it.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend