1. Do you know about code group?
Code groups represent collections of code and each code group has an associated set of permissions.
2. Tell me the use of Caspol.exe?
It is DOS command to view and alter code access security policy.
3. Explain code access security?
Code access security protects code from unauthorized calls. You can prevent access to the system resources using Permission object. The permission object specifies user and its role. The demand method of permission object checks if specified user and role matches with the current user.
4. Tell me the differences between declarative and imperative security?
Declarative and imperative are the different syntax schemes used to implement security declarations in .NET Framework. In declarative security, attribute syntax is used. The security constraints are stored in the assembly at compile time. The disadvantage of declarative security is that there are tools which extract security requirements from the metadata in the assembly.
In imperative implementation, the attribute syntax is not used. It is implemented by writing the regular code to provide restrictions
5. What is declarative and imperative security?
Security checks can be applied imperatively or declaratively. Declarative security is applied by associating attribute declarations that specify a security action with classes or methods. Imperative security is applied by calling the appropriate methods of a Permission object that represents the Principal (for role-based security) or system resource (for code access security).
6. Explain code security types?
Framework provides the security features to secure code from unauthorized users and unauthorized uses.
There are two types of code security:
Role based security: This authorizes user.
Code access security: This protects system resources from unauthorized calls.
7. Do you know Principal object?
The Principal object represents authenticated users. It contains information about user's identity and role. You have PrincipalPermission object in .Framework that specifies user and its role. It has Demand method that checks the current user or Principal against the name and role specified in the PrincipalPermission.
8. Do you know role-based and code based security?
Based on the credentials of the user, the access is provided to the user.
Role-based authorization is provided by the CLR to an account. It mostly involves the code running with the privileges of the current user.
Code security is about granting and denying permissions from the permission sets.
9. What is role-based security?
Role-based security is to verify the role and/or identity of the current Principal object.
10. Explain dot net Security Controls?
With the large amount of business being done on the web, security is vitally important for protecting not only confidential information such as credit card numbers, but also users’ personal details and preferences. Thus, most of the web applications require the capability to authenticate users on their web sites. Although this was easy to do in ASP.NET 1.x, you still had to write code. With ASP.NET 2.0, things have changed for the better. For security-related functionalities, ASP.NET 2.0 introduces a wide range of new controls:
<asp:Login>: Provides a standard login capability that allows the users to enter their credentials
<asp:LoginName>: Allows you to display the name of the logged-in user
<asp:LoginStatus>: Displays whether the user is authenticated or not
<asp:LoginView>: Provides various login views depending on the selected template
<asp:PasswordRecovery>: Provides the web site administrators with the capability to email the users their lost password
The login controls described here abstract most of the common tasks for which developers have to manually write code for a secured web site. Although this could be achieved in ASP.NET 1.x, you still had to add controls manually and write code. Apart from providing the user interface, ASP.NET 2.0 also provides the capability to retrieve and validate user information using Membership functionality. To this end, ASP.NET ships with a new Membership API, the aim of which is to abstract the required membership functionality from the storage of the member information.