.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal

Home >> Interview Question >> ASP.Net >> Post New Question Subscribe to Interview Questions

Explain how the Asp.Net Authentication process work?

Posted By :Deco     Posted Date :October 25, 2010    Points :10   Category :ASP.Net 
ASP.NET does not run by itself, it runs inside the process of IIS. So there are two
authentication layers which exist in ASP.NET system. First authentication happens at
the IIS level and then at the ASP.NET level depending on the WEB.CONFIG file.
Below is how the whole process works:

1. IIS first checks to make sure the incoming request comes from an IP address
that is allowed access to the domain. If not it denies the request.

2. Next IIS performs its own user authentication if it is configured to do so. By
default IIS allows anonymous access, so requests are automatically
authenticated, but you can change this default on a per - application basis
with in IIS.

3. If the request is passed to ASP.net with an authenticated user, ASP.net checks
to see whether impersonation is enabled. If impersonation is enabled, ASP.net
acts as though it were the authenticated user. If not ASP.net acts with its own
configured account.

4. Finally the identity from step 3 is used to request resources from the operating
system. If ASP.net authentication can obtain all the necessary resources it
grants the users request otherwise it is denied. Resources can include much
more than just the ASP.net page itself you can also use .Net's code access
security features to extend this authorization step to disk files, Registry keys
and other resources.

You can also find related Interview Question to Explain how the Asp.Net Authentication process work?  below: 

How does CAS work?

The CAS security policy revolves around two key concepts - code groups and permissions. Each .NET assembly is a member of a particular code group, and each code group is granted the permissions specified in a named permission set.
For example, using the default security policy, a control downloaded from a web site belongs to the 'Zone - Internet' code group, which adheres to the permissions defined by the 'Internet' named permission set. (Naturally the 'Internet' named permission set represents a very restrictive range of permissions.) (More...)

What is Garbage Collection in .Net? Garbage collection process?

The process of transitively tracing through all pointers to actively used objects in order to locate all objects that can be referenced, and then arranging to reuse any heap memory that was not found during this trace. The common language runtime garbage collector also compacts the memory that is in use to reduce the working space needed for the heap. (More...)

Which authentication mode lets you use both SQL Server logins and Windows logins?

Mixed Mode authentication mode lets you use both SQL Server logins and Windows logins? (More...)

Explain the concept of Reentrancy?

It is a useful, memory-saving technique for multiprogrammed timesharing systems. A Reentrant Procedure is one in which multiple users can share a single copy of a program during the same period. Reentrancy has 2 key aspects: The program code cannot modify itself, and the local data for each user process must be stored separately. Thus, the permanent part is the code, and the temporary part is the pointer back to the calling program and local variables used by that program. Each execution instance is called activation. It executes the code in the permanent part, but has its own copy of local variables/parameters. The temporary part associated with each activation is the activation record. Generally, the activation record is kept on the stack.

Note: A reentrant procedure can be interrupted and called by an interrupting program, and still execute correctly on returning to the procedure. (More...)

Explain Belady's Anomaly?

Also called FIFO anomaly. Usually, on increasing the number of frames allocated to a process' virtual memory, the process execution is faster, because fewer page faults occur. Sometimes, the reverse happens, i.e., the execution time increases even when more frames are allocated to the process. This is Belady's Anomaly. This is true for certain page reference patterns. (More...)

Explain manifest & metadata.

Manifest is metadata about assemblies. Metadata is machine-readable information about a resource, or ""data about data." In .NET, metadata includes type definitions, version information, external assembly references, and other standardized information. (More...)

Explain the life cycle of an ASP .NET page.

Life cycle of ASP.Net Web Form
Page Request >> Start >> Page Init >> Page Load >> Validation >>
PostBack Event Handling >> Page Rendering >> Page Unload
Page Request - When the page is requested ASP.Net determines
whether the page is to be parsed and compiled or a cached verion
of the page is to be sent without running the page.
Start - Page propertied REQUEST and RESPONSE are SET, if the
page is pastback request then the IsPostBack property is SET and
in addition to this UICulture property is also SET.
Page Initilization - In this the UniqueID of each property is SET.
If the request was postback the data is not yet loaded from the
Page Load - If it was a postback request then the data gets loaded
in the control from the ViewState and control property are set.
Validation - If any control validation present, they are performed
and IsValid property is SET for each control.
PostBack Event Handling - If it was a postback request then any
event handlers are called.
Page Rendering - Before this the viewstate is saved from the page
and RENDER method of each page is called.
Page Unload - Page is fully rendered and sent to the client(Browser)
and is discarded. Page property RESPONSE and REQUEST are unloaded. (More...)

Explain manifest & metadata?

Manifest is metadata about assemblies. Metadata is machine-readable information about a resource, or ""data about data." In .NET, metadata includes type definitions, version information, external assembly references, and other standardized information.

Manifest: Manifest describes assembly itself. Assembly Name, version number, culture, strong name, list of all files, Type references, and referenced assemblies.

Metadata: Metadata describes contents in an assembly classes, interfaces, enums, structs, etc., and their containing namespaces, the name of each type, its visibility/scope, its base class, the nterfaces it implemented, its methods and their scope, and each method's parameters, type's properties, and so on.

Shashi Ray (More...)

Windows Authentication

This type of authentication is possibly the easiest of all to implement. Windows authentication can be used in conjunction with almost all authentication methods provided by IIS (e.g. Basic, Digest, NTLM or Kerberos Authentication), except Anonymous Authentication [2,4]. There is no need to write any code to validate the user as IIS has already authenticated their Windows credentials. Basically, Windows authentication makes use of the authentication capabilities of IIS. IIS will complete its authentication first then ASP.NET will use the authenticated identity's token to decide whether the access is granted or denied.
This mechanism is usually implemented when the users are part of Windows domain and the authenticated users are to be impersonated so that the code is executed in the same security context of the user's Windows account [4].
When a user requests specific resources, this request will go to IIS. IIS authenticates the user and attaches the security token to it. It will then pass the authenticated request and security token to ASP.NET. If impersonation is enabled, ASP.NET impersonates the user using the security token attached and sees whether the user is authorized to access the resources in the section in Web.config file. If the access is granted, ASP.NET will send the requested resources through IIS, or else, it sends error message to the user.

Shashi Ray (More...)

Passport Authentication

As stated above, this authentication mechanism provides a centralized authentication service that offers single sign-in for access the member sites. The following scenarios support the use of Passport Authentication [2]:
. The username and password database or login page is not maintained; and
. Willing to provide personalized content; and
. The site will be used in conjunction with other Passport sites; and
. Willing to give single sign-in capability to the users (More...)

Forms-Based Authentication

Forms-based authentication is used to implement customized logic for authenticating users without having to worry about session management using cookie. It gives developer more access to specify which files on the site can be accessed and by whom, and allows identification of a login page [3,7].
This mechanism will automatically redirect the unauthenticated user to login page and ask them to provide proper credentials (e.g. username/password combination). If login is successful, ASP.NET then issues the cookie to the user and redirects them to specific resources that they originally requested. This cookie allows the user to revisit particular protected resources without having to repeatedly log in.

Shashi Ray (More...)

Authentication in ASP.NET

Authentication is one of the foremost features of web application's security. In ASP.NET, authentication is done at two levels [2]. First, IIS* will perform the required authentication then send out the request to ASP.NET, as described in Figure 1. For ASP.NET application, the underlying web server is IIS. Therefore, every ASP.NET application can continue to leverage the security options provided by IIS. (More...)

Quick Links For Interview Questions Categories:
ASP.Net Windows Application   .NET Framework   C#   VB.Net   ADO.Net  
Sql Server   SharePoint   Silverlight   OOPs   JQuery   JavaScript/VBScript
Biztalk Patten/Practices .IIS WCF WPF WWF
Networking Aptitude Others   All      

Find questions, FAQ's and their answers related to .NET, C#, Vb.Net, Sql Server and many more.

Now you can find lots of .NET, C#, Vb.Net, SQL Server,Windows, ASP.Net related Questions and their Answers here at www.dotnetspark.com. Our aim is to help you pass your certification Exams (MCP, MCSD, MCAD etc.,) with flying scores and get good name in your company.

So, Start looking our Interview Question section daily and improve your .NET Skills. You can also help others by posting Interview Questions and their Answers in this section.

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend