1: | What's the difference between authentication and authorization? |
A1: | Authentication is the first step in security. It requires the user to supply valid credentials to access an application. Authorization occurs after the user has been authenticated, and it tests user permissions against those set on resources to restrict access. |
2: | What's the difference between basic and digest authentication? |
A1: | Digest authentication encrypts user credentials before sending them across the network, using a one-way encoding technique known as hashing. Basic sends credentials across the network without any encryption. |
3: | What's the anonymous user account's name in Windows? |
A1: | IUSR_MachineName, where MachineName is the name of your Web server. |
4: | Write some code to set an authorization cookie and redirect to an originating URL. |
A1: | FormsAuthentication.RedirectFromLoginPage("username", false) |
5: | What does the second parameter in the SetAuthCookie method do? |
A1: | Specifies whether or not a cookie should be persisted across browser restarts, allowing a user to return to the Web site without having to log in again. |
6: | Will the following code work? <configuration> <authentication mode="Forms"> <forms name="AuthCookie" loginUrl="day21/login.aspx"> </forms> </authentication> </configuration> |
A1: | No, because the authentication element isn't wrapped in system.web tags. Also, even though the <authentication> tag is present, all users will still be able to access the files in question because there is no <authorization> tag to stop them. |
7: | What do the wildcard characters * and ? mean to ASP.NET within the authorization section of web.config? |
A1: | * means all users, and ? means the anonymous user. |
8: | True or False: When impersonation is enabled, ASP.NET can operate on behalf of the operating system. |
A1: | False. ASP.NET will operate on behalf of the user it impersonates. |