.Net code security

  Home  Microsoft .Net Technologies  .Net code security


“.Net code security frequently Asked Questions in various Dot Net Code Security job Interviews by interviewer. The set of .Net code security interview questions here ensures that you offer a perfect answer to the interview questions posed to you. Get preparation of .Net code security job interview”



10 .Net Code Security Questions And Answers

1⟩ Explain dot net Security Controls?

With the large amount of business being done on the web, security is vitally important for protecting not only confidential information such as credit card numbers, but also users’ personal details and preferences. Thus, most of the web applications require the capability to authenticate users on their web sites. Although this was easy to do in ASP.NET 1.x, you still had to write code. With ASP.NET 2.0, things have changed for the better. For security-related functionalities, ASP.NET 2.0 introduces a wide range of new controls:

<asp:Login>: Provides a standard login capability that allows the users to enter their credentials

<asp:LoginName>: Allows you to display the name of the logged-in user

<asp:LoginStatus>: Displays whether the user is authenticated or not

<asp:LoginView>: Provides various login views depending on the selected template

<asp:PasswordRecovery>: Provides the web site administrators with the capability to email the users their lost password

The login controls described here abstract most of the common tasks for which developers have to manually write code for a secured web site. Although this could be achieved in ASP.NET 1.x, you still had to add controls manually and write code. Apart from providing the user interface, ASP.NET 2.0 also provides the capability to retrieve and validate user information using Membership functionality. To this end, ASP.NET ships with a new Membership API, the aim of which is to abstract the required membership functionality from the storage of the member information.

 156 views

3⟩ Do you know role-based and code based security?

Based on the credentials of the user, the access is provided to the user.

Role-based authorization is provided by the CLR to an account. It mostly involves the code running with the privileges of the current user.

Code security is about granting and denying permissions from the permission sets.

 167 views

4⟩ Do you know Principal object?

The Principal object represents authenticated users. It contains information about user’s identity and role. You have PrincipalPermission object in .Framework that specifies user and its role. It has Demand method that checks the current user or Principal against the name and role specified in the PrincipalPermission.

 148 views

5⟩ Explain code security types?

Framework provides the security features to secure code from unauthorized users and unauthorized uses.

There are two types of code security:

Role based security: This authorizes user.

Code access security: This protects system resources from unauthorized calls.

 155 views

6⟩ What is declarative and imperative security?

Security checks can be applied imperatively or declaratively. Declarative security is applied by associating attribute declarations that specify a security action with classes or methods. Imperative security is applied by calling the appropriate methods of a Permission object that represents the Principal (for role-based security) or system resource (for code access security).

 150 views

7⟩ Tell me the differences between declarative and imperative security?

Declarative and imperative are the different syntax schemes used to implement security declarations in .NET Framework. In declarative security, attribute syntax is used. The security constraints are stored in the assembly at compile time. The disadvantage of declarative security is that there are tools which extract security requirements from the metadata in the assembly.

In imperative implementation, the attribute syntax is not used. It is implemented by writing the regular code to provide restrictions

 150 views

8⟩ Explain code access security?

Code access security protects code from unauthorized calls. You can prevent access to the system resources using Permission object. The permission object specifies user and its role. The demand method of permission object checks if specified user and role matches with the current user.

 147 views