.NET Interview Questions (5)

ASP.NET (UI) Developers

· Describe how a browser-based Form POST becomes a Server-Side event like Button1_OnClick.
In ASP.NET, a button server control is rendered as a HTML submit control and an unique name is assigned to the submit control. In the client side, when a button is clicked, the page is posted to itself, ASP.Net uses the id value of the submit control to match the button server control and raises the OnClick event of the button control on the server side.

· What is a PostBack?
A web page post is submitted to itself on the web server when some client events occur, like a button is clicked.

· What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?
ViewState is a encoded string stored in a hidden page field. The data in the ViewState preserves the value of form controls between page round trips. Web server uses ViewState to re-populate value of form controls when a page is posted back.

· What is the element and what two ASP.NET technologies is it used for?
Machinekey element configures key to use for encryption and decryption. Forms authentication cookie and viewstate data uses it to encrypt and decrypt. It’s also used to verify out-of-process session state in a clustered server environment.

· What three Session State providers are available in ASP.NET 1.1? What are the pros and cons of each?
InProc – session is stored in the memory of same worker process of asp.net (aspnet_wp.exe or w3wp.exe). It’s fast but takes extra memory and not scalable.
StateServer – session is stored in another process (aspnet_state.exe) and can be another server. It’s slower but more robust and easier to manage.
SQLServer – session is serialized and stored in a Sql Server database. It’s slowest but very robust.

· What is Web Gardening? How would using it affect a design?
Web Garden model enables multiple worker process to run at the same time on a multiprocessor machine. ASP.NET launches multiple worker processes, and incoming requests are partitioned among running processes to balance the workload. Each process has its own copy of application state, in-process session state, ASP.NET cache and static data.
The web garden model is configurable through a section of machine.config, which affects all applications running on the server.
Side effects: Web Gardening is not suitable for heavy stateful applications.
Session state must be configured to an out-of-process provider – an NT Service or SQL Server.
Application state is per process not per computer.
Caching is per process not per computer.

· Given one ASP.NET application, how many application objects does it have on a single proc box? A dual? A dual with Web Gardening enabled? How would this affect a design?
For worker process - One worker process per CPU. On a dual CPU machine without Web Gardening enabled, it’s still one worker process. If Web Gardening is enabled on a dual CPU machine, it’s two worker prcesses.
For HttpApplication objects – asp.net creates an AppDomain for each virtual directory. Each AppDomain has an HttpApplication object pool. An individual HttpApplication object is created for each Http request. The number of HttpApplication objects is not configurable.

· Are threads reused in ASP.NET between reqeusts? Does every HttpRequest get its own thread? Should you use Thread Local storage with ASP.NET?
Threads are reused between requests. Each HttpRequest is served by an HttpApplication object, which is pooled.
We shouldn’t use Tread Local Storage. TLS is a mechanism to store data that is unique to a thread. Using TLS in a thread-pooling environment is tricky because you don’t know which thread is called as they are pooled.

· Is the [ThreadStatic] attribute useful in ASP.NET? Are there side effects? Good or bad?
[TreadStatic] attribute is not useful in ASP.NET. static fields marked with this attribute are not shared between threads. Each thread has a separate set of value. If a field is accessed in a different thread, it will have different value. ASP.NET uses thread pooling, different threads may be used for different requests. So the value of the static fields may be different.

· Give an example of how using an HttpHandler could simplify an existing design that serves Check Images from an .aspx page.
Just like .aspx page is an HttpHandler that handles Http Request. You can implement your own HttpHandler to return other MEMI type (image, download file, pdf etc) to browser. Then register your HttpHandler in the web.config (or you can register it in machine.config or IIS Application Configuration properties page if implements IHttpHandlerFactory).

· What kinds of events can an HttpModule subscribe to? What influence can they have on an implementation? What can be done without recompiling the ASP.NET Application?
An HttpMoudle can subscribe to following events:
AcquireRequestState When ASP.NET acquires the current state (for example, session state) associated with the current request.
AuthenticateRequest When a security module has established the identity of the user
AuthorizeRequest When a security module has verified user authorization
BeginRequest When the first event in the HTTP pipeline chain of execution responds to a request
Disposed When ASP.NET completes the chain of execution when responding to a request
EndRequest When the last event in the HTTP pipeline chain of execution responds to a request
Error When an unhandled exception is thrown
PostRequestHandlerExecute When the ASP.NET handler (page, XML Web Service) finishes execution
PreRequestHandlerExecute Just before ASP.NET begins executing a handler such as a page or XML Web Service
PreSendRequestContent Just before ASP.NET sends content to the client
PreSendRequestHeaders Just before ASP.NET sends HTTP headers to the client
ReleaseRequestState After ASP.NET finishes executing all request handlers; also causes state modules to save the current state data
ResolveRequestCache When ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the handler (the page or XML Web Service, for example)
UpdateRequestCache When ASP.NET finishes executing a handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache
The ASP.NET runtime calls the module's Init and Dispose methods. Init is called when the module attaches itself to the HttpApplication object and Dispose is called when the module is detached from HttpApplication. The Init and Dispose methods represent the module's opportunity to hook into a variety of events exposed by HttpApplication.

· Describe ways to present an arbitrary endpoint (URL) and route requests to that endpoint to ASP.NET.


· Explain how cookies work. Give an example of Cookie abuse.
Cookie is a text file that contains a collection of values and an expiry date. Cookie data is sent to client browser from web server, and sent back to the web server by client browser later to identify the client.
Cookie abuse means a web server using cookie to collect personal information of a user without user consent.

· Explain the importance of HttpRequest.ValidateInput()?
ValicateInput() checks QueryString, Form and Cookie data for HTML markup tags to prevent potentially dangerous data.
The ValidateInput is called during the page’s ProcessRequest process stage if configured in page’s directive with validation=”true”. And this method can be called by code manually if not configured in the page.

· What kind of data is passed via HTTP Headers?
HTTP Headers contain metadata about the document. Eg.
HTTP/1.1 200 OK
Date: Wed, 13 Aug 1997 02:35:50 GMT
Server: IIS
Last-Modified: Fri, 04 Jul 1997 22:18:24 GMT
Content-Length: 2064
Accept-Ranges: bytes
Connection: close
Content-Type: text/html

· Juxtapose the HTTP verbs GET and POST. What is HEAD?
HTTP-Get passes information to the web server through URL parameter. The total length of the url is limited.
HTTP-Post send data to the web server through an input stream, the length of data is not limited.
HEAD – contains information of a HTML document. The server only returns header information like last modified date, file size, and the type of document.
One use of header information is to enable search engine to retrieve information of a document by defining additional metadata element.

· Name and describe at least a half dozen HTTP Status Codes and what they express to the requesting client.
100: Continue; 101: Switch protocols

200: OK; 201 Created; 202 Accepted

300 Multiple Choices; 301 Moved Permanently; 302: Redirect request found;

400: Bad request; 401:Unauthorized; 403: Forbidden; 404: Resource Not Found;

500: Internal Server Error; 501 Not Implemented; 502 Bad Gateway; 503 Service Unavailable.

· How does if-not-modified-since work? How can it be programmatically implemented with ASP.NET?
If-not-modified-since header allows the server to send 304 reponse (not modified) and not the full content of the page. You implement this by capturing the headers, checking for the presence of if-not-modified-since value, and then returning 304 status code

· Explain <@OutputCache%> and the usage of VaryByParam, VaryByHeader, VaryByCustom.
<@OutputCache%> Declaratively controls the output caching policies of an ASP.NET page or a user control contained in a page. Cached page/control is placed in memory.

VaryByParam: VaryByParam means that the cache hold different copies of the page for different parameters, and the same is true for different header for VaryByHeader. Different versions of the page are stored based on the query string values.
If there are one thousand different ids are queried in 30 sec, there will be one thousand pages cached. On the other hand queries page.aspx?id=1, page.aspx?id=1&Num=1, and page.aspx?id=1&Num=2 will receive the same cached page.

VaryByHeader: Different versions of the page are stored based on the specified HTTP header values.

Four requests arrive for the page with the following Accept-Language headers: 1) de-lu; 2) en-us; 3) fr; 4) en-us, three cached pages is created and the second en-us request reads from cache.

VaryByCustom: Different versions of the page are stored based on browser type and major version. Additionally, you can extend output caching by defining custom strings.

Then override the HttpApplication.GetVaryByCustomString method in the Global.asax file. This string is built by you and used as a key to store and retrieve a cached version of your page. The key can be anything and build from anything. You can create a composite key from other pieces of information available to you like cookies, user-languages, browser capabilities, whatever.

public override string GetVaryByCustomString(HttpContext context, string arg){
if(arg.ToLower() == "mycustomstring"){
HttpCookie cookie = context.Request.Cookies["ID"];
if(cookie != null)
return cookie.Value;
}
return base.GetVaryByCustomString (context, custom);
}

· How would one implement ASP.NET HTML output caching, caching outgoing versions of pages generated via all values of q= except where q=5 (as in http://localhost/page.aspx?q=5)?
Use AddValidationCallBack. It provides a mechanism to programmatically check the validity of an item in the cache before the item is returned from the cache. Before the response is served from the Web server cache, all registered handlers are queried to ensure resource validity. If any handler sets a flag indicating that the resource is invalid, the entry is marked invalid and evicted from the cache. The request is then handled as if it were a cache miss.