What is Code Access Security (CAS)? Code access security is used to ensure that access to protected resourcesand operations is allowed only if the security policy allows it. To use CAS, the code should be verifiably type-safe code - i.e., code that can be verified by the JIT compiler to be type-safe (note that in some cases, the code may be type-safe, but the JIT compiler cannot verify it to be type-safe). Type-safe code accesses only the memory locations it is authorized to access, and only in well-defined, allowable ways. At runtime, the .NET security system ensures controlled access to protected resources and operations by walking the call stack - each caller in the stack must have the permissions being demanded for the operation being performed. If not, the operation fails and an exception is thrown.
Compare declarative versus imperative security
Declarative security is implemented via attributes. No explicit code is required to implement this. Imperative security is implemented by explicitly coding the security requirements. An instance of the permission object is created and security calls are issued.
What is the difference between Demand and Assert?
Demand - calling code can access the resource protected by a permission demand through the code that calls this method, only if callers higher in the stack have been granted permission to access the resource. Results in a stack walk. Assert - calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Does not result in a stack walk.
What is the difference between Demand and LinkDemand.
• Demand specifies that code access security stack walk must occur and all callers on the stack must have the permission or identity to pass. Demand occurs on every call at runtime.
• LinkDemand happens only at just-in-time (JIT) compilation time and checks only the immediate caller. It does not check the caller's caller.
What is an Application Domain?
An application domain represents isolation/scoping unit for a .NET application. .NET allows multiple applications to be loaded in a single process. It achieves this by loading each application in its own independent application domain. Each application domain is isolated from all other application domains. You can think of application domains as lightweight processes with a process. This is more efficient than creating a separate process for each application and provides the same benefit (isolation). Use System.AppDomain to create application domains programmatically. CLR itself runs in an application domain called the default domain.
How do you handle errors in VB.NET and C#?
C# and VB.NET use structured error handling (unlike VB6 and earlier versions where error handling was implemented using Goto statement). Error handling in both VB.NET and C# is implemented using Try..Catch..Finally construct (C# uses lower case construct - try...catch...finally).
What is the purpose of the finally block?
A. The code in finally block is guaranteed to run, irrespective of whether an error occurs or not. Critical portions of code, for example release of file handles or database connections, should be placed in the finally block.
How would you decide whether to use an abstract class or an interface?
There is no one correct answer, but some of the considerations are: * If you need to partially or fully implement some of the methods/properties, then use an abstract class. Interface cannot have implementation. If the methods are properties you are creating apply to a diverse set of different types of unrelated objects, then an interface is more appropriate. Abstract classes are more suitable for related object types. * If the methods/properties are subject to change frequently, then an abstract class is the one to use. Interfaces, once implemented cannot be changed - you have to create a new interface.
What is a sealed class?
A. It is a class, which cannot be subclassed. It is a good practice to mark your classes as sealed, if you do not intend them to be subclassed.
How do you prevent a class from being inherited?
Mark it as sealed.
What are strong names and how do you create one?
Strong names guarantee that an assembly’s name is globally unique. You can think of it as similar to GUID (but not same). In other words, a strong name uniquely identifies an assembly. To create a shared assembly (i.e. one deployed in GAC), you need to give it a strong name. Strong name is comprised of the following: name of the assembly, version information, public key and digital signature. Culture information is also used, if culture is specified. Creating a strong name using Visual Studio.NET From the command prompt, create a public/private key pair file using the strong name utility - sn.exe. In Visual Studio.NET, Specify the location of the key file using the AssemblyKeyFileAttribute. [assembly:AssemblyKeyFileAttribute("KeyFile.snk")] for C# [assembly:AssemblyKeyFileAttribute("KeyFile.snk")] for VB.NET To avoid problems with the path of the key, file you may want to specify the absolute path when specifying the AssemblyKeyFileAttribute.
What is delay signing and why would you use it?
A. Delay signing is a mechanism to develop strongly named assemblies, without them actually being signed by the developer. The assembly is signed later on by the person having access to the private key. The purpose of delay signing is to secure the private key.
Explain the terms - assembly and manifest.
An assembly is the smallest unit of deployment and execution in .NET. Usually, there is one file (.exe or .dll) per assembly, although, it is possible to create multi-file assemblies by using allinker.exe. Manifest refers to the meta-data about an assembly. This meta-data consists information about the assembly version, its methods, properties and events, referenced assemblies, etc. As a result, assemblies are self-describing. Manifest for an assembly is contained in the assembly file itself (.dll or .exe). In case of multi-file assemblies, the manifest for all files is contained only in one file.
What are private and shared assemblies?
Private assemblies are intended to be used by only one application and generally reside in the folder or one of the sub folders of the application using it. Private assemblies need not be strong named (see Q12 for strong name).Shared assemblies are intended to be used by many applications and are installed in the Global Assembly Cache (GAC). Shared assemblies have to be given a strong name.
Where we can use DLL created made in C#.Net?
Supporting .Net, bcoz DLL made in C#.Net semicompiled version. Its not a com object. It is used only in .Net Framework.As it is to be compiled at runtime to byte code.
What is the order of destructors called in a polymorphism hierarchy?
Destructors are called in reverse order of constructors. First destructor of most derived class is called followed by its parent’s destructor and so on till the topmost class in the hierarchy.You don’t have control over when the first destructor will be called, since it is determined by the garbage collector. Sometime after the object goes out of scope GC calls the destructor, then its parent’s destructor and so on.When a program terminates definitely all object’s destructors are called. Is it possible to Override Private Virtual methods. No, First of all you cannot declare a method as ‘private virtual’.
Is it possible to debug the classes written in other .Net languages in a C# project? It is definitely possible to debug other .Net languages code in a C# project. As everyone knows .net can combine code written in several .net languages into one single assembly. Same is true with debugging.
What is the difference between shadow and override?
Overriding is used to redefines only the methods, but shadowing redefines the entire element.
What is a satellite Assembly?
An assembly containing localized resources for another assembly.
How to declares a two-dimensional array in C#?
Syntax for Two Dimensional Array in C Sharp is int[,] ArrayName;
What are the Delegates in C#?
Delegates are just like function pointers in C++, except that they are much safer to use due to their type safety. A delegate defines a function without implementing it and another class then provides the implementation. Events in C# are based on delegates, with the originator defining one or more callback functions.
If a method is marked as protected internal how can it be accessed?
Method marked as Protected internally can be accessed by the Classes within the same assembly, and classes derived from the declaring class.
Should I make my destructor virtual?
A C# destructor is really just an override of the System.Object Finalize method, and so is virtual by definition.
Does C# have its own class library?
Not exactly. The .NET Framework has a comprehensive class library, which C# can make use of. C# does not have its own class library.
Can you allow class to be inherited, but prevent the method from being over-ridden?
Yes, just leave the class public and make the method sealed.
How’s method overriding different from overloading?
When overriding, you change the method behavior for a derived class. Overloading simply involves having a method with the same name within the class.
0 comments:
Post a Comment