Click here for all C# Interview Questions
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
What are the best practices to follow to secure connection strings in an ASP.NET web application?
1. Always store connection strings in the site's Web.config file. Web.config is very secure. Users will not be able to access web.config from the browser.
2. Do not store connection strings as plain text. To help keep the connection to your database server secure, it is recommended that you encrypt connection string information in the configuration file.
3. Never store connection strings in an aspx page.
4. Never set connection strings as declarative properties of the SqlDataSource control or other data source controls.
Why is "Connecting to SQL Server using Integrated Security" considered a best practice?
Connecting to SQL Server using integrated security instead of using an explicit user name and password, helps avoid the possibility of the connection string being compromised and your user ID and password being exposed.
What is the advantage of storing an XML file in the applications App_Data folder? The contents of the App_Data folder will not be returned in response to direct HTTP requests.
What is Script injection?
A script injection attack attempts to send executable script to your application with the intent of having other users run it. A typical script injection attack sends script to a page that stores the script in a database, so that another user who views the data inadvertently runs the code.
What is SQL injection?
A SQL injection attack attempts to compromise your database by creating SQL commands that are executed instead of, or in addition to, the commands that you have built into your application.
What are the best practices to keep in mind when accepting user input on a web application?
1. Always use validation controls whenever possible to limit user input to acceptable values.
2. Always check the IsValid property of the aspx page. Run the server side code only if the IsValid property value is true. A value of false means that one or more validation controls have failed a validation check.
3. Always perform server side validation irrespective of client side validation being performed or not. This will protect your web application even if the client has by passed the client side validation by disabling javascript in the web browser.
4. Also make sure to re validate user input in the business logic layer of your application.
What are the steps to follow to avoid Script Injection attacks?
1. Encode user input with the HtmlEncode method. This method turns HTML into its text representation.
2. If you are using the GridView control with bound fields, set the BoundField object's HtmlEncode property to true. This causes the GridView control to encode user input when the row is in edit mode.
What are the steps to follow to avoid SQL Injection attacks?
Always use parameterized queries or stored procedures instead of creating SQL commands by concatenating strings together.
Can you encrypt view state data of an aspx page?
Yes, you encrypt view state data of an aspx page by setting the page's ViewStateEncryptionMode property to true.
Click here for all C# Interview Questions
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
Saturday, January 17, 2009
Wednesday, November 26, 2008
List all the files in a directory on a web form in asp.net
Click here for all C# Interview Questions
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
Question :
List all the files in a directory on a web form. The files must be displayed in a gridview control. The name of the file and create date must be displayed.
Answer:
1. Create a new web form. Drag and drop a gridview control from the toolbox onto the webform.
2. Create 2 bound fields for the gridview. One bound field will display the file name and the other will display the create date.
3. The HTML for your web form should be as shown below.
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ListFiles.aspx.cs" Inherits="ListFiles" %>
<html>
<head runat="server">
<title>List all the files in a directory</title>
</head>
<body>
<form id="form1" runat="server">
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundField DataField="FileName" HeaderText="File Name"></asp:BoundField>
<asp:BoundField DataField="DateCreated" HeaderText="Date" DataFormatString="{0:d}"></asp:BoundField>
</Columns>
</asp:GridView>
</form>
</body>
</html>
4. In the code behind file write a function which can get the list of files from the directory and bind to the gridview. The function is as shown below.
private void LoadFiles()
{
/* Create an instance of DirectoryInfo class for enumarating through the directory. */
System.IO.DirectoryInfo dirInfo = new System.IO.DirectoryInfo(Server.MapPath("FilesDirectory"));
/* Call the GetFiles() instance method of the DirectoryInfo class object, which will return a files list from the current directory */
System.IO.FileInfo[] fiFiles = dirInfo.GetFiles();
/* Create a DataTable which can be used as the datasource for the gridview */
DataTable dtFileList = new DataTable("Files");
/* Create a DataColumn for file name */
DataColumn dcFileName = new DataColumn("FileName");
/* Create a DataColumn for file create date */
DataColumn dcDateCreated = new DataColumn("DateCreated", typeof(DateTime));
/* Add the 2 data columns to the data table */
dtFileList.Columns.Add(dcFileName);
dtFileList.Columns.Add(dcDateCreated);
/* Now loop through each FileInfo object and get the file name and file create date */
foreach (System.IO.FileInfo f in fiFiles)
{
DataRow dtNewRow = dtFileList.NewRow();
/* Get the file name using FileInfo object "Name" property */
dtNewRow["FileName"] = f.Name.ToString();
/* Get the file create date and time using FileInfo object "CreationTime" property */
dtNewRow["DateCreated"] = f.CreationTime.ToShortDateString();
/* Add the row to the DataTable */
dtFileList.Rows.Add(dtNewRow);
}
/* Set the datatable as the DataSource for the gridview and call the DataBind() method */
GridView1.DataSource = dtFileList;
GridView1.DataBind();
}
5. Finally call the LoadFiles() method on the page load event handler as shown below.
protected void Page_Load(object sender, EventArgs e)
{
LoadFiles();
}
Testing the application:
1. Right click on the project name in solution explorer, and left click on "NewFolder"
2. Rename the "NewFolder" to "FilesDirectory"
3. Drag and Drop some files into the directoy.
4. Then run the application. All the files in the "FilesDirectory" folder will be shown in the gridview.
Click here for all C# Interview Questions
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
Question :
List all the files in a directory on a web form. The files must be displayed in a gridview control. The name of the file and create date must be displayed.
Answer:
1. Create a new web form. Drag and drop a gridview control from the toolbox onto the webform.
2. Create 2 bound fields for the gridview. One bound field will display the file name and the other will display the create date.
3. The HTML for your web form should be as shown below.
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="ListFiles.aspx.cs" Inherits="ListFiles" %>
<html>
<head runat="server">
<title>List all the files in a directory</title>
</head>
<body>
<form id="form1" runat="server">
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundField DataField="FileName" HeaderText="File Name"></asp:BoundField>
<asp:BoundField DataField="DateCreated" HeaderText="Date" DataFormatString="{0:d}"></asp:BoundField>
</Columns>
</asp:GridView>
</form>
</body>
</html>
4. In the code behind file write a function which can get the list of files from the directory and bind to the gridview. The function is as shown below.
private void LoadFiles()
{
/* Create an instance of DirectoryInfo class for enumarating through the directory. */
System.IO.DirectoryInfo dirInfo = new System.IO.DirectoryInfo(Server.MapPath("FilesDirectory"));
/* Call the GetFiles() instance method of the DirectoryInfo class object, which will return a files list from the current directory */
System.IO.FileInfo[] fiFiles = dirInfo.GetFiles();
/* Create a DataTable which can be used as the datasource for the gridview */
DataTable dtFileList = new DataTable("Files");
/* Create a DataColumn for file name */
DataColumn dcFileName = new DataColumn("FileName");
/* Create a DataColumn for file create date */
DataColumn dcDateCreated = new DataColumn("DateCreated", typeof(DateTime));
/* Add the 2 data columns to the data table */
dtFileList.Columns.Add(dcFileName);
dtFileList.Columns.Add(dcDateCreated);
/* Now loop through each FileInfo object and get the file name and file create date */
foreach (System.IO.FileInfo f in fiFiles)
{
DataRow dtNewRow = dtFileList.NewRow();
/* Get the file name using FileInfo object "Name" property */
dtNewRow["FileName"] = f.Name.ToString();
/* Get the file create date and time using FileInfo object "CreationTime" property */
dtNewRow["DateCreated"] = f.CreationTime.ToShortDateString();
/* Add the row to the DataTable */
dtFileList.Rows.Add(dtNewRow);
}
/* Set the datatable as the DataSource for the gridview and call the DataBind() method */
GridView1.DataSource = dtFileList;
GridView1.DataBind();
}
5. Finally call the LoadFiles() method on the page load event handler as shown below.
protected void Page_Load(object sender, EventArgs e)
{
LoadFiles();
}
Testing the application:
1. Right click on the project name in solution explorer, and left click on "NewFolder"
2. Rename the "NewFolder" to "FilesDirectory"
3. Drag and Drop some files into the directoy.
4. Then run the application. All the files in the "FilesDirectory" folder will be shown in the gridview.
Click here for all C# Interview Questions
Click here for all ASP.NET Interview Questions
Click here for Written Test or practical ASP.NET Interview Questions asked in MNC's
Subscribe to:
Posts (Atom)
