ASP.NET Security - Placement questions
Q. 1 Choose the correct option according to given statements.
Statement 1: Authentication is the process that determines the identity of a user.
Statement 2: Authorization is the process of determining whether a user is permitted access to any part of an application, or any particular resource.
Statement 3: Authorization is the process that determines the identity of a user.
Statement 4: Authentication is the process of determining whether a user is permitted access to any part of an application, or any particular resource.
A) Statement 1 and Statement 2 are correct.
B) Statement 3 and Statement 4 are correct.
C) Statement 1 and Statement 3 are correct.
D) Statement 2 and Statement 4 are correct.
View Answer / Hide AnswerQ.2 How many types of authentication ASP.NET supports?
A) Windows Authentication.
B) .NET Passport Authentication.
C) Forms Authentication.
D) All of the above.
View Answer / Hide AnswerANSWER: D
Windows authentication
It is enabled by default. When Windows authentication is enabled, users are identified by their Microsoft Windows account names.
.NET Passport authentication
It is a centralized service provided by Microsoft. .NET Passport allows users to create a single sign-in name and password to access any site that is uses .NET Passport authentication
.NET Passport does only authentication not authorization. Passport simply tells a participating site who the user is. MSN and Hotmail uses .NET Passport authentication..
Forms authentication
In this authentication users are typically identified by a cookie. When a user is authenticated, an encrypted cookie is added to the user’s browser. As the user moves from page to page, the user is identified by the cookie.
Q.3 You are creating an ASP.NET application for CareerRide. The company uses Microsoft Windows authentication. All users are in the CareerRide domain.
You want to configure the application to use the following authorization rules:
1. Anonymous users must not be allowed to access the application.
2. All employees except Raj and Shiva must be allowed to access the application.
Which code you will apply to configure the application?
A)
<authorization>
<deny users=” CareerRide \Raj, CareerRide \Shiva”>
<allow users=”*”>
<deny users=”?”>
</authorization>
B)
<authorization>
<allow users=”*”>
<deny users=” CareerRide \Raj, CareerRide \Shiva”>
<deny users=”?”>
</authorization>
C)
<authorization>
<deny users=” CareerRide \Raj, CareerRide \Shiva”>
<deny users=”?”>
<allow users=”*”>
</authorization>
D)
<authorization>
<allow users=” CareerRide \Raj, CareerRide \Shiva”>
<allow users=”*”>
</authorization>
View Answer / Hide AnswerANSWER: C
Explanation:
First you deny user Raj and Shiva access. Then you deny anonymous users access by writing . Finally we grant all other users access. This is proper order of the elements for the requirements of this scenario.
Q.4 You are creating an ASP.NET application for company CareerRide. You use form based authentication to validate users. You need to prevent unauthenticated users from accessing the application. What should you do?
A) In the authorization section of the Web.config file, set the users attribute of the deny element to “?”
B) Set In the authorization section of the Web.config file, set the users attribute of the deny element to “*”
C) In the authorization section of the Machine.config file, set the users attribute to the allow element to “?”.
D) None of the above.
View Answer / Hide AnswerANSWER: A
Explanation:
Write the code in Web.config file as follows. The question mark represents the unauthenticated users.
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
Q.5 Windows-Based Authentication is well suited for.
A) Intranet environment.
B) Public web site.
C) Desktop application.
D) None of the above.
View Answer / Hide AnswerANSWER: A
Explanation:
In a Windows-based authentication, the requests go directly to IIS to provide the authentication process. This type of authentication is quite useful in an intranet environment, where the server handles authentication process.
Q.6 Which of the following Web.confi g fi les correctly enables the Web application to track the LastVisit of anonymous users in a variable of type DateTime?
A)
<anonymousIdentification enabled="true" />
<profile>
<properties>
<add name="LastVisit" type="System.DateTime" allowAnonymous="true" />
</properties>
</profile>
B)
<anonymousIdentification enabled="true" />
<profile>
<properties>
<add name=" LastVisit " allowAnonymous="true" />
</properties>
</profile>
C)
<anonymousIdentification enabled="true" />
<profile>
<properties>
<add name=" LastVisit " type="System. DateTime " />
</properties>
</profile>
D)
<profile>
<properties>
<add name="LastVisit" type="System. DateTime " />
</properties>
</profile>
View Answer / Hide AnswerANSWER: A
Explanation:
User profiles are disabled by default for anonymous users. To enable anonymous user profiles, add the <anonymousIdentification enabled=”true” /> element to the section of the Web.config file.
Then add the variables you want to track in the <profile><properties> section and set allowAnonymous=”true” for each variable.
Q.7 Which of the following controls provides a link for unauthenticated users to log on?
A. Login
B. LoginView
C. LoginStatus
D. LoginName
View Answer / Hide AnswerANSWER: C
Explanation:
The LoginStatus control displays “Login,” with a link to log in if the user is unauthenticated.
Q.8 You use the ASP.NET Web Site Administration Tool to configure ASP.NET membership with forms authentication. What should you name your login form so that you do not have to modify the Web.config file?
A. Login.aspx
B. LoginPage.aspx
C. Default.aspx
D. Auth.aspx
View Answer / Hide AnswerANSWER: A
Explanation:
If no filename is specified in the Web.config file, ASP.NET redirects unauthenticated users to the Login.aspx page, regardless of whether the page exists.
Q.9 The following group profile properties defined under a group name in Web.config file. How will you access Street and City property?
<properties>
<group name="Address">
<add name="Street" />
<add name="City" />
</group>
</properties>
A)
- Profile.name.Street
- Profile.name.City
B)
- Profile.Address.Street
- Profile.Address.City
C)
- Address.Street
- Address.City
D) None of the above.
View Answer / Hide AnswerQ.10 If any user has disabled cookies in their browsers, what can you do to enable them to use forms authentication?
A) Set BoweserCookieEnabled=true;
B) Set cookieless=true;
C) Use the AutoDetect setting of the cookieless attribute.
D) None of the above.
View Answer / Hide Answer