61)How to return result from filters in ASP.NETCore MVC?
-Using context.Result
62)What is context.cancelled = true with filters in ASP.NETCore MVC?
context.cancelled = true indicating pipeline was cancelled. Its not halting other filters execution.
63)How can we implement DI in your custom filters with ASP.NETCore MVC?
Using ServiceFiltersAttribute , TypeFIlterAttribute
-With ServiceFiltersAttribute needs to register filters and its dependcies with DI container.
-With TypeFIlterAttribute needs register filter dependencies
64)What is the difference between and middleware and filters in ASP.NETCore ?
-Middleware application specific , Filters MVC specific
-Middleware is more generalized, Filters are more specific
-Middleware runs for all requests in an application , Filters only run for MVC middleware that to depends
-Restriction on middleware is not possible , Restrictions on filters is possible.
65)Firsttime user authentication request life cycle in ASP.NetCore?
-user enter the credentials and click on login post them to the server
-Frist user property set to anonymous user principal
-Action method calls the signInManager , This loads the user from databse and validates
-If the password is correct, The user signed in , The user property set to the authenticated user principal
-Finally the user principal is serialized and returned as an encrypted cookie to the browser
66)Secondtime user authentication request life cycle in ASP.NetCore?
-Authenticated user make request
-The browser sends authenticated cookie
-Any middleware before the authentication middleware treat request as unauthenticated
-Authentication middleware calls the authentication services , it deserialize the user principle from cookie and confirms it is valid
-The HttpContext.User property is set to the deserialized principle , and the request is now authenicated
-All the middlewares after authenticated middleware see the request as from the authenticated user
67)What is Claim in ASP.NETCore?
Claim is single piece of information in the form of type and value both are sting type , value is optional
Example: RollNo ="123" is claim
RollNo is type
"123" is value
68)What is Principle in ASP.NETCore?
Principle is user of your app
For example If you app is related student info then student is principle
69)What is ClaimsPrinciple in ASP.NETCore?
Always principle is implemented ClaimsPrinciple
it is collection of claims
70)What happen if unauthenticated user trying to access an action method protected with [Authorize] attribute?
user unauthenticated is redirected to login page
if user authenticated , checking weather user has privileges to access the requested resource
71)What is [AllowAnonymous] attribute in ASP.NETCore MVC?
When [Authorize] attribute applied to controller level or global level and you want by pass this [Authorize] attribute to an action method then we can use this [AllowAnonymous] attribute
72)What happens if we apply [Authorize] attribute at Global level in ASP.NETCore MVC?
For action method access it will go to authentication so that it will go infinite loop. To avoid this situation we should use [AllowAnonymous] attribute to Login , Errorpage and Passwordreset action methods
73)What is ChallengeResult in ASP.NETCore ?
User not authenticated to execute an action method then will return this result
74)What is ForbidResult in ASP.NETCore ?
User is authenticated but not authorized to execute action method then will return this result.
75)When will get 401 , 403 statuscodes as response in ASP.NETCore?
401 - for un authenticated related requests
403 - for fobidden errors related requests
76)How to apply policies using using [Authorize] attribute in ASP.NETCore MVC?
[Authorize("Departemnt")]
public IActionResult GetDetails( )
{
return view();
}
The user who satisfy "Department" policy he can execute GetDetails action method.
77)How to add policy and perform Authorziation in ASP.NETCore MVC?
public void ConfigurationServices(IServiceCollection services)
{
services.AddAuthorization(options =>
options.AddPolicy("Department" , PolicyBuilder=>PolicyBuilder.RequireClaim("Designatio","HOD"));
)
}
78)Can we apply authorize attribute multiple time to an action method in ASP.NETCore ?
yes we can apply while applying multiple policies to same action method
[Authorize("Policy1") , Authorize("Policy2")]
-> if user satisfied above two policies then only action method can execute
79)Do we have an interfaces with empty methods, then what is the use?
-yes we have ,IAuthorizationRequirement interface etc
-If class is created with this interface means its represents requirement
-we call this interfaces as marker interfaces
80)What is bundling in ASP.NETCore MVC?
Bundling is the process of creating a single file from multiple files concatenation to reduce the number of requests
81)What is minification in ASP.NETCore MVC?
Minification is used to reduce the size of the file with out changing the functionality.
It is achieved by removing unused code and variables , Renaming the if possible by giving by giving short names.
82)What is the use of structured logging ?
-Structured logging allowing us to searching and filtering very easy on log.
-For structure logging use placeholders, parameters and category of log etc
83)What is [RequireHttps] in ASP.NET Core MVC?
-using this we redirect request to use HTTPS rather than http for an action method
84)What is [ValidateAntiForgeryToken] in ASP.NET Core MVC?
-using this attribute we validate antiforgery token to an action method or controller or golbal based on given scope
85)What is [AutoValidateAntiForgeryToken] in ASP.NET Core MVC?
-For GET methods most of the time need not validate anything because there no data modification
-For Validating POST , DELETE methods we used this attribute , If you apply this attribute globally its automatically ignore GET requests and onlyt validating POST , DELETE requests
86)What is [IgnoreAntiForgeryToken] in ASP.NET Core MVC?
-If antiforegry token applied to globally and you omit this token for some of the action methods then you can use IgnoreAntiForgeryToken attribute
87)How to enable CORS in ASP.NETCore ?
Globally adding by middleware
services.AddCors();
Controller or action method level by adding attribute [EnableCors]
88)What is Url.IsLocalUrl( ) in ASP.NETCore MVC?
-Most of the times we use this method to avoid redirecting attacks.
-Using this method you can check you can check weather URL belongs to this app or not
if(Url.IsLocalUrl( strSomeUrl))
{
return Redirect(strSomeUrl);
}
esle
{
return RedirectToAction("Index", "Home");
}
LocalRedirect( ) also working like same
89)What is XSS, How can we prevent this attacks?
-Cross Site Scripting attacks involves malicious user injecting content into our app to run malicious code when user browse your app.
-Using Html.Raw( ) method we can avoid this.
90)What is CSRF, How can we prevent this attacks?
-Cross Site Request Forgery attacks that are cookie based authentication related.
-Using antiforgerytoken we avoid this attacks
For Part-4 click here
Thanks for visiting this blog. How is the content?. Your comment is great gift to my work. Cheers.
No comments:
Post a Comment