1: | True or False: You can access the <appSettings> section with the ConfigurationSection.AppSettings property. |
A1: | True. |
2: | Is it possible to view the global.asax file from your browser? |
A1: | No, ASP.NET protects this file so that outside viewers cannot view it at all. |
3: | What interface must a custom handler implement? The following questions deal with the directory structure shown in Table 18.4. Table 18.4. A Web Server Directory Structure Exercise Application URL | Physical Path | http://www.site.com | c:\www\site | http://www.site.com/sales | c:\www\site\sales | http://www.site.com/hr | c:\www\site\sales\hr | http://www.site.com/users | d:\www\misc\users | |
A1: | IConfigurationSectionHandler The following questions deal with the directory structure shown in Table 18.4. Table 18.4. A Web Server Directory Structure Exercise Application URL | Physical Path | http://www.site.com | c:\www\site | http://www.site.com/sales | c:\www\site\sales | http://www.site.com/hr | c:\www\site\sales\hr | http://www.site.com/users | d:\www\misc\users | |
4: | The sales virtual directory has a web.config with the following setting: <httphandlers> <add verb="PUT, POST" path="index.aspx" type="System.Web. UI.PageHandlerFactory" /> </httphandlers> If the hr directory is accessed as follows, will it inherit this setting? http://www.site.com/hr |
A1: | No, the hr directory will not inherit the setting because configuration information is processed by virtual directories, not physical path. |
5: | If the hr directory is accessed as follows, will it inherit this setting? http://www.site.com/sales/hr |
A1: | No, the hr directory will not inherit the setting because the <httpHandlers> setting is not inherited by subdirectories. |
6: | Suppose that the web.config in sales also has the following setting: <location path="hr/*.aspx"> <authorization> <deny users="?" /> </authorization> </location> Is this an adequate security measure against entry into hr? Explain. |
A1: | No, anonymous users could still access this directory through the hr virtual directory, www.site.com/hr, without having to supply valid credentials. |
7: | Describe a better use of web.config to address the preceding question. |
A1: | A better measure would be to place a web.config in the hr directory, with the necessary security measures. This would ensure that no matter how this directory was accessed, only valid users would be able to see the content. For example, place the following in c:\www\site\sales\hr\web.config: <authorization> <deny users="?" /> </authorization> |