Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/51

Click to flip

51 Cards in this Set

  • Front
  • Back
What method is used for producing a hash password (encrypted) suitable for storing in a configuration file?
FormsAuthentication.HashPasswordForStoringInConfigFile
Identify the two ways of storing authentication tokens.
1. Cookie
2. Page URL
What configuration element is used to configure authentication?
authentication
How is the FormsAuthenticationModule class used when forms authentication is enabled?
After successful authentication, the FormsAuthenticationModule module populates the current User property with the information for the authenticated user. (e.g. Name)
What attribute of the authentication configuration element must be used to enable forms authentication?
The mode attribute must be set to "Forms".
What is the loginUrl attribute of the forms configuration element used for?
Provides the URL to use for redirection if ASP.NET does not find an authentication cookie with the request.
What is the name attribute of the forms configuration element used for?
The name attribute of the forms configuration element sets the suffix for the name of the cookie that contains the authentication ticket.
What information does the query string key RETURNURL represent when it's found in a login url?
It represents the url of the originally requested server resource before the unauthenticated user was redirected to the login page.
What application configuration element contains user name/password pairs used to validate users? What other configuration elements is it nested in?
1. credentials

2. configuration/system.web/authentication/forms/
What operation does the FormsAuthentication.Authenticate method perform?
Validates a user name and password against credentials stored in the configuration file for an application.
What information is provided in the defaultUrl attribute of the forms configuration element?
The URL that the FormsAuthentication class will redirect to if no redirect URL is specified. The default is "default.aspx."
What operation does the FormsAuthentication.RedirectFromLoginPage method perform?
Redirects an authenticated user back to the originally requested URL (querystring returnUrl) or the default URL (forms defaultUrl) and adds an authentication ticket to a cookie or page url.
How can you customize how the forms authentication ticket is handled and how the User property is set?
Handle the FormsAuthenticationModule.Authenticate event by declaring a method named FormsAuthentication_OnAuthenticate in your application's Global.asax file.
How can cookieless forms authentication be enabled?
Cookieless forms authentication can be enabled by setting the cookieless attribute of the forms configuration element to "UseUri".
Identify two methods for storing forms authentication credentials.
Forms authentication credentials that are used to validate users at logon can be stored in an external data source or in the application configuration file.
What are the three valid values for the passwordFormat attribute of the credentials configuration element?
1. Clear: Passwords are stored in clear text.

2. MD5: Passwords are stored using a Message Digest 5 (MD5) hash digest.

3. SHA1: Passwords are stored using the SHA1 hash digest.
What operation does FormsAuthentication.SignOut perform?
The SignOut method removes the forms-authentication ticket information from the cookie or the URL if CookiesSupported is false.
What is authorization?
Authorization determines whether an identity should be granted access to a specific resource.
What are two ways to authorize resource access in ASP.NET?
1. File authorization
2. URL authorization
What character is used to denote anonymous users when configuring authorization for a web site?
?
What character is used to denote all authenticated users when configuring authorization for a web site?
*
What is impersonation?
The process of allowing an ASP.NET application to execute with the Windows identity of the user making a request.
What is authentication?
Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority.
What method can be used to verify a user name and password from the data source?
Membership.ValidateUser
What method can be used to retrieve information from a data store for a specified existing membership user?
Membership.GetUser
What class exposes and updates membership user information in the membership data store?
MembershipUser
What configuration element is used to configure ASP.NET membership?
membership
What attribute of the membership configuration element is used to specify the default membership provider?
defaultProvider
How can anonymous identification be enabled in ASP.NET?
Set the enabled attribute of the anonymousIdentification configuration element to true.
What configuration element is used to configure role management in ASP.NET?
roleManager
What method can be used to determine whether the current logged-in user is in a specified role?
IPrincipal.IsInRole
[e.g. HttpContext.User.IsInRole()]
What method can be used to get a list of the roles for the current logged-in user?
RolePrincipal.GetRoles
[e.g. ((RolePrincipal)User).GetRoles()]
What class provides general management facilities for roles?
Roles
What class defines functionality for data providers that can be used by role-management services?
RoleProvider
What class is used to add role information to the current User property?
RoleManagerModule
What property can be used to control whether the current user's roles are cached in a cookie?
Roles.CacheRolesInCookie
How can URL authorization be enabled for a directory in a website?
Specify a list of users or roles in the allow or deny elements of the authorization section of a configuration file for the directory.
What type of authentication must be used in order to use file authorization?
Windows authentication
How is the IPrincipal object for the current user constructed when using Windows authentication?
ASP.NET uses the credentials supplied by IIS to establish the principal for the current user.
What application environment is windows authentication best suited for?
Applications that run on an Intranet.
How can impersonation be enabled for an application?
In the application's Web.config file set the impersonate attribute of the identity element to true.
What event can be used to create custom authentication logic for a Login control?
Login.Authenticate
When using the Login control, what event occurs when the user logs in to the Web site and has been authenticated?
Login.LoggedIn
When using the Login control, what event occurs when a user submits login information, before authentication takes place?
Login.LoggingIn
What Login control field represents the command name associated with the login button?
Login.LoginButtonCommandName
Whenn using the Login control, what property can be used to get the password entered by the user?
Login.Password
What web server control detects the user's authentication state and toggles the state of a link to log in to or log out of a Web site?
LoginStatus
What property of the Pages Request object can be used to determine whether the request has been authenticated?
HttpRequest.IsAuthenticated
What property sets or sets a value that determines the action taken when a user logs out of a Web site with the LoginStatus control?
LoginStatus.LogoutAction
What 3 actions are available for setting the LoginStatus.LogoutAction property?
1. Redirect: Redirects the user to the URL contained in the LogoutPageUrl property

2. RedirectToLoginPage

3. Refresh
What control allows you to display different information to anonymous and logged-in users?
LoginView