Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
51 Cards in this Set
- Front
- Back
|
What method is used for producing a hash password (encrypted) suitable for storing in a configuration file?
|
FormsAuthentication.HashPasswordForStoringInConfigFile
|
|
|
Identify the two ways of storing authentication tokens.
|
1. Cookie
2. Page URL |
|
|
What configuration element is used to configure authentication?
|
authentication
|
|
|
How is the FormsAuthenticationModule class used when forms authentication is enabled?
|
After successful authentication, the FormsAuthenticationModule module populates the current User property with the information for the authenticated user. (e.g. Name)
|
|
|
What attribute of the authentication configuration element must be used to enable forms authentication?
|
The mode attribute must be set to "Forms".
|
|
|
What is the loginUrl attribute of the forms configuration element used for?
|
Provides the URL to use for redirection if ASP.NET does not find an authentication cookie with the request.
|
|
|
What is the name attribute of the forms configuration element used for?
|
The name attribute of the forms configuration element sets the suffix for the name of the cookie that contains the authentication ticket.
|
|
|
What information does the query string key RETURNURL represent when it's found in a login url?
|
It represents the url of the originally requested server resource before the unauthenticated user was redirected to the login page.
|
|
|
What application configuration element contains user name/password pairs used to validate users? What other configuration elements is it nested in?
|
1. credentials
2. configuration/system.web/authentication/forms/ |
|
|
What operation does the FormsAuthentication.Authenticate method perform?
|
Validates a user name and password against credentials stored in the configuration file for an application.
|
|
|
What information is provided in the defaultUrl attribute of the forms configuration element?
|
The URL that the FormsAuthentication class will redirect to if no redirect URL is specified. The default is "default.aspx."
|
|
|
What operation does the FormsAuthentication.RedirectFromLoginPage method perform?
|
Redirects an authenticated user back to the originally requested URL (querystring returnUrl) or the default URL (forms defaultUrl) and adds an authentication ticket to a cookie or page url.
|
|
|
How can you customize how the forms authentication ticket is handled and how the User property is set?
|
Handle the FormsAuthenticationModule.Authenticate event by declaring a method named FormsAuthentication_OnAuthenticate in your application's Global.asax file.
|
|
|
How can cookieless forms authentication be enabled?
|
Cookieless forms authentication can be enabled by setting the cookieless attribute of the forms configuration element to "UseUri".
|
|
|
Identify two methods for storing forms authentication credentials.
|
Forms authentication credentials that are used to validate users at logon can be stored in an external data source or in the application configuration file.
|
|
|
What are the three valid values for the passwordFormat attribute of the credentials configuration element?
|
1. Clear: Passwords are stored in clear text.
2. MD5: Passwords are stored using a Message Digest 5 (MD5) hash digest. 3. SHA1: Passwords are stored using the SHA1 hash digest. |
|
|
What operation does FormsAuthentication.SignOut perform?
|
The SignOut method removes the forms-authentication ticket information from the cookie or the URL if CookiesSupported is false.
|
|
|
What is authorization?
|
Authorization determines whether an identity should be granted access to a specific resource.
|
|
|
What are two ways to authorize resource access in ASP.NET?
|
1. File authorization
2. URL authorization |
|
|
What character is used to denote anonymous users when configuring authorization for a web site?
|
?
|
|
|
What character is used to denote all authenticated users when configuring authorization for a web site?
|
*
|
|
|
What is impersonation?
|
The process of allowing an ASP.NET application to execute with the Windows identity of the user making a request.
|
|
|
What is authentication?
|
Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority.
|
|
|
What method can be used to verify a user name and password from the data source?
|
Membership.ValidateUser
|
|
|
What method can be used to retrieve information from a data store for a specified existing membership user?
|
Membership.GetUser
|
|
|
What class exposes and updates membership user information in the membership data store?
|
MembershipUser
|
|
|
What configuration element is used to configure ASP.NET membership?
|
membership
|
|
|
What attribute of the membership configuration element is used to specify the default membership provider?
|
defaultProvider
|
|
|
How can anonymous identification be enabled in ASP.NET?
|
Set the enabled attribute of the anonymousIdentification configuration element to true.
|
|
|
What configuration element is used to configure role management in ASP.NET?
|
roleManager
|
|
|
What method can be used to determine whether the current logged-in user is in a specified role?
|
IPrincipal.IsInRole
[e.g. HttpContext.User.IsInRole()] |
|
|
What method can be used to get a list of the roles for the current logged-in user?
|
RolePrincipal.GetRoles
[e.g. ((RolePrincipal)User).GetRoles()] |
|
|
What class provides general management facilities for roles?
|
Roles
|
|
|
What class defines functionality for data providers that can be used by role-management services?
|
RoleProvider
|
|
|
What class is used to add role information to the current User property?
|
RoleManagerModule
|
|
|
What property can be used to control whether the current user's roles are cached in a cookie?
|
Roles.CacheRolesInCookie
|
|
|
How can URL authorization be enabled for a directory in a website?
|
Specify a list of users or roles in the allow or deny elements of the authorization section of a configuration file for the directory.
|
|
|
What type of authentication must be used in order to use file authorization?
|
Windows authentication
|
|
|
How is the IPrincipal object for the current user constructed when using Windows authentication?
|
ASP.NET uses the credentials supplied by IIS to establish the principal for the current user.
|
|
|
What application environment is windows authentication best suited for?
|
Applications that run on an Intranet.
|
|
|
How can impersonation be enabled for an application?
|
In the application's Web.config file set the impersonate attribute of the identity element to true.
|
|
|
What event can be used to create custom authentication logic for a Login control?
|
Login.Authenticate
|
|
|
When using the Login control, what event occurs when the user logs in to the Web site and has been authenticated?
|
Login.LoggedIn
|
|
|
When using the Login control, what event occurs when a user submits login information, before authentication takes place?
|
Login.LoggingIn
|
|
|
What Login control field represents the command name associated with the login button?
|
Login.LoginButtonCommandName
|
|
|
Whenn using the Login control, what property can be used to get the password entered by the user?
|
Login.Password
|
|
|
What web server control detects the user's authentication state and toggles the state of a link to log in to or log out of a Web site?
|
LoginStatus
|
|
|
What property of the Pages Request object can be used to determine whether the request has been authenticated?
|
HttpRequest.IsAuthenticated
|
|
|
What property sets or sets a value that determines the action taken when a user logs out of a Web site with the LoginStatus control?
|
LoginStatus.LogoutAction
|
|
|
What 3 actions are available for setting the LoginStatus.LogoutAction property?
|
1. Redirect: Redirects the user to the URL contained in the LogoutPageUrl property
2. RedirectToLoginPage 3. Refresh |
|
|
What control allows you to display different information to anonymous and logged-in users?
|
LoginView
|
