.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Interview Question >> SharePoint >> Post New Question Subscribe to Interview Questions

How is security managed in SharePoint?

Posted By :Isha     Posted Date :July 26, 2009    Points :10   Category :SharePoint 
Security can in SharePoint be handled at the machine, domain, or SharePoint level.

You can also find related Interview Question to How is security managed in SharePoint?  below: 

How is security managed in SharePoint?

  
Security can be handled at the machine,domain, or sharepoint level. (More...)

What security levels are assigned to users for a SharePoint Website?

  
Security levels are assigned by the administrator who is adding the user. There are four levels by default and additional levels can be composed as necessary.
* Reader - Has read-only access to the Web site.
* Contributor - Can add content to existing document libraries and lists.
* Web Designer - Can create lists and document libraries and customize pages in the Web site.
* Administrator - Has full control of the Web site. (More...)

What are the security improvements in SharePoint 2010 ?

  
Ans. In SharePoint 2010 a variety of security methods have been introduced.

Claims-Based Authentication - Claims based authentication is based on identity. and trust.

Code Access Security - in which you can specify your own code access
security (CAS) policy for your web parts.

Sandbox Solutions - Sandbox Solutions which when deployed to the server, SharePoint runs in a special process that has limited permissions.

Cross-Site Scripting - Introduced to prevent Cross - Site Scripting (XSS) attacks. (More...)

How many places the SharePoint designer and can be managed

  
There are two places where the SharePoint designer can be managed SharePoint 2010

1) In central administration
2) In site collection administration (More...)

What are the security improvements in SharePoint 2010 ?

  
In SharePoint 2010 a variety of security methods have been introduced.

Claims-Based Authentication - Claims based authentication is based on identity. and trust.

Code Access Security - in which you can specify your own code access
security (CAS) policy for your web parts.

Sandbox Solutions - Sandbox Solutions which when deployed to the server, SharePoint runs in a special process that has limited permissions.

Cross-Site Scripting - Introduced to prevent Cross - Site Scripting (XSS) attacks.

(More...)

What is the managed and unmanaged code in .net?

  
The .NET Framework provides a run-time environment called the Common Language Runtime, which manages the execution of code and provides services that make the development process easier. Compilers and tools expose the runtime's functionality and enable you to write code that benefits from this managed execution environment. Code that you develop with a language compiler that targets the runtime is called managed code; it benefits from features such as cross-language integration, cross-language exception handling, enhanced security, versioning and deployment support, a simplified model for component interaction, and debugging and profiling services. (More...)

What is managed code and managed data?

  
Managed code is code that is written to target the services of the Common Language Runtime (see What is the Common Language Runtime?). In order to target these services, the code must provide a minimum level of information (metadata) to the runtime. All C#, Visual Basic.NET, and _JScript.NET code is managed by default. Visual Studio.NET C++ code is not managed by default, but the compiler can produce managed code by specifying a command-line switch (/CLR).
Closely related to managed code is managed data-data that is allocated and de-allocated by the Common Language Runtime's garbage collector. C#, Visual Basic, and _JScript.NET data is managed by default. C# data can, however, be marked as unmanaged through the use of special keywords. Visual Studio.NET C++ data is unmanaged by default (even when using the /CLR switch), but when using Managed Extensions for C++, a class can be marked as managed by using the __gc keyword. As the name suggests, this means that the memory for instances of the class is managed by the garbage collector. In addition, the class becomes a full participating member of the .NET Framework community, with the benefits and restrictions that brings. An example of a benefit is proper interoperability with classes written in other languages (for example, a managed C++ class can inherit from a Visual Basic class). An example of a restriction is that a managed class can only inherit from one base class. (More...)

ASP.NET Security Fundamental Operations

  
Security in the context of ASP.NET application involves 3 fundamental operations [1,4,5]:
. Authentication: the process of validating the identity of a user to allow or deny a request [4,9,10]. This involves accepting credentials (e.g. username and password) from the users and validating it against a designated authority. After the identity is verified and validated, the user is considered to be legal and the resource request is fulfilled. Future request from the same user ideally are not subject to the authentication process until the user logs out of the web application.
. Authorization: the process of ensuring that users with valid identity are allowed to access specific resources.
. Impersonation: this process enables an application to ensure the identity of the user, and in turn make request to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. In other words, impersonation enables a server process to run using the security credentials of the client [6,9]. Thus, the ASP.NET applications are capable to execute the identity of client on whose behalf they are operating.
Since there are a lot of ASP.NET security features to cover, this paper will only focus on authentication in ASP.NET.


Shashi Ray (More...)

Difference of ASP and ASP.NET Security Flow

  
The security flow for ASP.NET page request is different from the classic ASP security flow. In ASP, IIS impersonates the authenticated user by default, and in ASP.NET, the developer has more control over configuring security at different level [2].


Shasi Ray (More...)

What is a Managed Code?

  
Managed code runs inside the environment of CLR i.e. .NET runtime. In short all IL are managed code. But if you are using some third party software example VB6 or VC++ component they are unmanaged code as .NET runtime (CLR) does not have control over the source code execution of the language. (More...)

What is CODE Access security?

  
CAS is part of .NET security model that determines whether or not a piece of code is allowed to run and what resources it can use while running. Example CAS will allow an application to read but not to write and delete a file or a resource from a folder. (More...)

What is CODE Access security?

  
Code Access Security (CAS), in the Microsoft .NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions.

It performs following function
1. Defines permissions and permission sets that represent the right to access various system resources.
2. Enables administrators to configure security policy by associating sets of permissions with groups of code (code groups).
3. Enables code to request the permissions it requires in order to run, as well as the permissions that would be useful to have, and specifies which permissions the code must never have.
4. Grants permissions to each assembly that is loaded, based on the permissions requested by the code and on the operations permitted by security policy.
5. Enables code to demand that its callers have specific permissions.
6. Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
7. Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have. (More...)

What is Sharepoint?

  
Sharepoint is a Portal Collaboration Software provided by Microsoft , That can be configured to run Intranet, Extranet and Internet sites (More...)

What is the difference between SharePoint Portal Server and Windows SharePoint Services?

  
SharePoint Portal Server is the global portal offering features like global navigation and searching.Windows SharePoint Services is more content management based with document libraries and lists. You apply information to certain areas within your portal from windows share point Services or directly to portal areas. (More...)

Quick Links For Interview Questions Categories:
ASP.Net Windows Application   .NET Framework   C#   VB.Net   ADO.Net  
Sql Server   SharePoint   Silverlight   OOPs   JQuery   JavaScript/VBScript
Biztalk Patten/Practices .IIS WCF WPF WWF
Networking Aptitude Others   All      

Find questions, FAQ's and their answers related to .NET, C#, Vb.Net, Sql Server and many more.

 
Now you can find lots of .NET, C#, Vb.Net, SQL Server,Windows, ASP.Net related Questions and their Answers here at www.dotnetspark.com. Our aim is to help you pass your certification Exams (MCP, MCSD, MCAD etc.,) with flying scores and get good name in your company.

So, Start looking our Interview Question section daily and improve your .NET Skills. You can also help others by posting Interview Questions and their Answers in this section.


Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend