Question 1. What Is Code Access Security (cas)?
CAS is the a part of the .NET security version that determines whether or not or no longer code is allowed to run, and what assets it is able to use while it's far strolling. For instance, it's miles CAS to be able to save you a .NET internet applet from formatting your hard disk.
Question 2. How Does Cas Work?
The CAS safety policy revolves round two key principles - code companies and permissions. Each .NET assembly is a member of a particular code organization, and every code institution is granted the permissions specified in a named permission set.
For example, the use of the default protection coverage, a manipulate downloaded from a web website belongs to the 'Zone - Internet' code group, which adheres to the permissions described by way of the 'Internet' named permission set. (Naturally the 'Internet' named permission set represents a completely restrictive range of permissions.)
ASP.NET Interview Questions
Question three. Who Defines The Cas Code Groups?
Microsoft defines some default ones, but you could regulate these or even create your personal. To see the code businesses defined on your machine, run 'caspol -lg' from the command-line. On my gadget it looks as if this:
Level = Machine
1. All code: Nothing
1.1. Zone - MyComputer: FullTrust
1.1.1. Honor SkipVerification requests: SkipVerification
1.2. Zone - Intranet: LocalIntranet
1.Three. Zone - Internet: Internet
1.4. Zone - Untrusted: Nothing
1.5. Zone - Trusted: Internet
1.6. StrongName -
Note the hierarchy of code groups - the pinnacle of the hierarchy is the most general ('All code'), that's then sub-divided into several groups, each of which in flip may be sub-divided. Also word that (rather counter-intuitively) a sub-group can be associated with a extra permissive permission set than its figure.
Question four. How Do I Define My Own Code Group?
Use caspol. For instance, suppose you consider code from www.Mydomain.Com and also you want it have complete access for your machine, however you want to hold the default regulations for all other internet web sites. To attain this, you'll upload a brand new code institution as a sub-organization of the 'Zone - Internet' group, like this:
caspol -ag 1.3 -website online www.Mydomain.Com FullTrust
Now in case you run caspol -lg you may see that the new organization has been brought as group 1.3.1:
1.3. Zone - Internet: Internet
1.Three.1. Site - www.Mydomain.Com: FullTrust
Note that the numeric label (1.3.1) is just a caspol invention to make the code organizations easy to manipulate from the command-line. The underlying runtime never sees it.
Question five. How Do I Change The Permission Set For A Code Group?
Use caspol. If you are the system administrator, you can operate on the 'system' level - because of this not handiest that the changes you are making turn out to be the default for the device, however also that users can't change the permissions to be greater permissive. If you're a ordinary (non-admin) person you may nonetheless adjust the permissions, but handiest to make them greater restrictive. For instance, to allow intranet code to do what it likes you may try this:
caspol -cg 1.2 FullTrust
Note that due to the fact this is more permissive than the default coverage (on a fashionable system), you should handiest do this at the machine stage - doing it at the consumer degree will don't have any effect.
MVC Framework Interview Questions
Question 6. Can I Create My Own Permission Set?
Yes. Use caspol -ap, specifying an XML file containing the permissions inside the permission set. To prevent a while, here's a sample document similar to the 'Everything' permission set - just edit to suit your desires. When you've got edited the sample, add it to the variety of to be had permission sets like this:
caspol -ap samplepermset.Xml
Then, to use the permission set to a code institution, do some thing like this:
caspol -cg 1.Three SamplePermSet
(By default, 1.3 is the 'Internet' code group)
Question 7. What Are The Functions Performed By Cas?
It performs following feature:
Defines permissions and permission sets that represent the right to get admission to numerous gadget assets.
Enables directors to configure safety policy by associating sets of permissions with groups of code (code agencies).
Enables code to request the permissions it requires so as to run, in addition to the permissions that would be beneficial to have, and specifies which permissions the code have to in no way have.
Grants permissions to every assembly this is loaded, primarily based at the permissions requested via the code and on the operations authorised by means of security policy.
Enables code to call for that its callers have precise permissions.
Enables code to call for that its callers possess a virtual signature, consequently allowing only callers from a particular employer or web page to call the blanketed code.
Enforces regulations on code at run time by using comparing the granted permissions of every caller on the call stack to the permissions that callers have to have.
MVC Framework Tutorial Framework7 Interview Questions
Question 8. What Is Caspol.Exe?
It’s the center exe which is accountable to assign permission to the assembly. The .NET configuration tool is only a cowl which sits at the top of caspol.Exe to ease our work. CASPOL.Exe commands are cryptic so the .NET configuration device is greater user friendly. In case you are interested in the use of caspol.Exe you can go to visual studio command set off and type caspol.Exe with necessary parameters.
Question 9. What Is A Permission And Permission Set?
Once you have collected the evidences about the code you would like to assign permission to the code. There are various permissions which you can assign to the code like Can the code create a report, are we able to write to registry, can the code execute reflection, can the code open document conversation box and many others.
These permissions are gather permission sets and people permission sets are allocated to the code.
Microsoft Solutions Framework (MSF) Interview Questions
Question 10. What Is Cas?
Code Access protection is a security model which grants or denies permission for your assembly relying on evidences like from in which the code has emerged, who the writer is? , strong names etc.
Question 11. What Is Evidence In Cas?
When you need to execute any code for your environment you will first like to understand from wherein the code got here from. Depending from where it got here from, you would then would really like to present him get entry to rights. For instance a code compiled out of your personal computer would have greater rights than code downloaded from the net.
In order to know the same we need to probe the meeting / exe / dll and get evidences like who is the writer of the code , from which site has this code from , from which quarter has it come from ( net , intranet etc) and so forth.
Dot Net Framework Interview Questions
Question 12. What Is Code Group?
It is a logical grouping of code.
It specifies the circumstance for club.
Code businesses represent collections of code and every code group has an associated set of permissions.
Administrators configure protection coverage via coping with code corporations and their related permission units.
ASP.NET Interview Questions
Question thirteen. Explain Role-primarily based And Code Based Security?
Based on the credentials of the person, the get admission to is provided to the consumer.
Role-primarily based authorization is furnished by the CLR to an account. It generally includes the code strolling with the privileges of the current person.
Code safety is ready granting and denying permissions from the permission sets.
Question 14. Define Declarative And Imperative Security.
Security tests may be implemented imperatively or declaratively. Declarative safety is implemented by associating attribute declarations that designate a safety motion with classes or methods. Imperative safety is implemented by way of calling the best techniques of a Permission item that represents the Principal (for role-primarily based protection) or system resource (for code get right of entry to security).
Question 15. What Are The Differences Between Declarative And Imperative Security.?
Declarative and vital are the one-of-a-kind syntax schemes used to enforce safety declarations in .NET Framework. In declarative protection, characteristic syntax is used. The protection constraints are stored inside the meeting at collect time. The disadvantage of declarative safety is that there are gear which extract security requirements from the metadata inside the assembly.
In vital implementation, the attribute syntax isn't used. It is applied through writing the everyday code to provide restrictions
Asp Dot Net Mvc four Interview Questions
Question sixteen. What Are The Types Of Code Security?
There are two styles of code security:
Role primarily based safety: This authorizes person.
Code get entry to protection: This protects system resources from unauthorized calls.
Question 17. Define Principal Object?
It represents the safety context beneath which code is going for walks.
The most important object carries information about a consumer’s identification and role.
It represents authenticated users.
You have a Principal Permission item in .Net framework that specifies consumer and its role.
It has Demand() approach that tests the modern-day person or important towards the name and function specific in the Principal Permission.
It encapsulates identification and the function of a user.
It can be created with the assist of identification and position of a consumer.
Asp Dot Net Mvc Interview Questions
Question 18. What Are The Elements Of Code Access Security?
Elements of Code Access Security :
Every protection system needs a few sort of mechanism (inclusive of user call, password and Access Control List (ACL)) to perceive the customers and decide what a user can or can not do. However CAS identifies and assigns permissions to application in place of to utility users.
CAS identifies assemblies the usage of evidence, there are a few factors with the aid of which an assembly can be diagnosed, which include vicinity, hash code and signature of the meeting. Evidence is the records that the runtime gathers about an meeting to determine which code organization the assembly belongs to. Code agencies in turn provide an meeting a permission set.
MVC Framework Interview Questions
Question 19. What Are The Components Of Code Access Security?
Code Group : The evidence supplied by an meeting is used as the circumstance for granting and revoking permissions to it. It is completed by using setting the code in the best code institution. Every code organization stipulates a membership condition and has unique situations attached to it. Any assemblies that meet the situation come to be a member of the organization. Code companies are organized in a hierarchy and assemblies are nearly usually matched to several code organizations. The code institution at the root of the hierarchy is known as All Code and carries all other code businesses.
Evidence : In order for the CLR to determine which code institution to region assembly statistics into, the first step is to read furnished proof. There are predominant sources of facts, they are internet and intranet. The institution internet defines code this is assets from the net and the institution intranet defines code resources from a LAN. The examination of the assembly evidence makes the authentication a part of the security process.
Permissions : Permissions are the actions you allow every code organization to perform. The system administrator generally manages the permissions on the organization, gadget and consumer stages. The CLR Virtual Execution System (VES) loads and runs applications. It gives the capability required to execute controlled code and uses assembly metadata to connect modules collectively at runtime. When VES masses an assembly, it fits the assembly to one or extra code agencies. Each code group is assigned to one or greater permissions that explain what movements assemblies can do in that code institution.
Question 20. But Why This Change, What Was The Problem With Cas?
First component CAS changed into now not smooth, all the ones cryptic steps of making code agencies, and permission sets and so forth eats your electricity completely.
If you need to move the assembly to a one-of-a-kind pc you need to do the whole transform once more.
The worst component CAS does no longer paintings on unmanaged code. I am lifeless positive it’s always feasible you may download exe which isn't written in .NET.
Asp Dot Net Database Interview Questions