1. What is ASP.NET?

ASP.NET is a framework developed by Microsoft to build web applications and services. It’s
a server-side technology used to create dynamic, data-driven websites. The framework
supports languages like C# and VB.NET, allowing developers to build scalable, secure web
applications.

Example: “At my previous job, I used ASP.NET to develop a large e-commerce application
with various user roles, where we implemented both user-facing pages and back-end APIs
for the admin panel.”

2. Explain the ASP.NET page life cycle.

The ASP.NET page life cycle consists of several stages, including:

 Page Request: Initiates when a page is requested by a user.

 Start: Determines if the request is a postback or a new request.
 Initialization: Controls and components are initialized.
 Load: Data is loaded into the controls.
 Postback Handling: If it’s a postback, event handlers are executed.
 Rendering: The page is rendered to HTML.
 Unload: Final clean-up operations are performed.

Example: “When handling complex forms with multiple events, I utilize the postback phase to
ensure that the correct data is processed based on the state of controls.”

3. What is ViewState in ASP.NET, and how does it work?

ViewState is a method used by ASP.NET to preserve page and control values between
postbacks. It's stored in a hidden field as a Base64-encoded string and is used to maintain the
state of controls across postbacks.

Example: “For lightweight applications, I ensure ViewState is minimized to improve

performance. However, in scenarios where maintaining user input between postbacks is
critical, I leverage ViewState efficiently.”

4. What are HTTP Handlers in ASP.NET?

HTTP Handlers are responsible for processing HTTP requests at a low level. They act as an
endpoint for a request and can handle requests for specific resources like .aspx files, images,
or custom extensions.
Example: “In one project, we implemented custom HTTP Handlers to handle image resizing
dynamically, improving load times for pages with high-resolution images.”

5. What are HTTP Modules in ASP.NET?

HTTP Modules are components that can inspect or modify HTTP requests/responses as they
flow through the ASP.NET pipeline. They are often used for tasks like authentication,
logging, and session management.

Example: “I once created an HTTP Module to log detailed request/response information for
auditing purposes, which helped in identifying bottlenecks in our application's
performance.”

6. What is caching in ASP.NET, and what types are available?

Caching improves performance by storing frequently accessed data in memory. ASP.NET

provides several caching options:

 Output Caching: Caches the dynamic page content.

 Data Caching: Caches objects like datasets or custom objects.
 Fragment Caching: Caches portions of the page.

Example: “In a high-traffic application, we implemented output caching to cache the HTML
output of our product listing pages, reducing database calls and enhancing load times.”

7. What is the difference between Response.Redirect() and Server.Transfer()?

 Response.Redirect(): Sends a new request to the browser, resulting in a round-trip

and the URL change.
 Server.Transfer(): Transfers the request to another page on the server without
changing the URL.

Example: “We used Server.Transfer() in scenarios where we wanted to navigate between

internal pages without exposing the new URL to the user for security reasons.”

8. How can you manage session state in ASP.NET?

ASP.NET offers several ways to manage session state:

 In-Process: Stores session data in memory on the web server.

 StateServer: Stores session data in a separate process.
  SQL Server: Stores session data in a SQL database.
 Custom: Allows developers to implement their own session state providers.

Example: “For a web farm environment, we switched from In-Process to SQL Server session
state to maintain session consistency across multiple servers.”

9. What are Web Forms in ASP.NET?

Web Forms is the traditional ASP.NET framework for building web pages. It uses a drag-
and-drop, event-driven model where controls raise events that can be handled in the server
code.

Example: “In an enterprise application, I utilized Web Forms to quickly develop admin
pages with complex form handling, using built-in controls like GridView and Repeater for
data display.”

10. What is the Global.asax file in ASP.NET?

The Global.asax file, also known as the application file, contains event handlers for
application-level events, such as Application_Start, Application_End, Session_Start,
and Session_End.

Example: “I used the Application_Start event in Global.asax to configure dependency

injection and initialize resources when the application started.”

11. What is the difference between HttpContext.Current.Items and

HttpContext.Current.Session?

 HttpContext.Current.Items: Stores data for the duration of a single HTTP request.

It's not persisted across requests.
 HttpContext.Current.Session: Persists data across multiple requests from the
same user, making it ideal for user-specific data.

Example: “I use HttpContext.Current.Items for passing data between layers within a

single request, while Session is used for maintaining user data across multiple requests, like
user roles or preferences.”

12. What are User Controls and Custom Controls?

 User Controls: Reusable, partial web pages created using .ascx files.
  Custom Controls: Controls that are created from scratch or extended from existing
controls. They are compiled into DLLs and can be reused across multiple
applications.

Example: “We built a custom calendar control to meet specific client requirements for date
selection, which was reused across multiple projects.”

13. What is the difference between Page.IsPostBack and Page.IsValid?

 Page.IsPostBack: Indicates if the page is being loaded in response to a postback

(i.e., the page has already been loaded once).
 Page.IsValid: Indicates whether all validation controls on the page have passed
validation.

Example: “When handling form submissions, I check IsPostBack to avoid reloading data on
postbacks and use IsValid to ensure all user inputs are validated before processing.”

14. How does ASP.NET handle exceptions?

ASP.NET provides several mechanisms to handle exceptions, such as:

 Try-catch blocks: Handles exceptions locally within the code.

 Global.asax Application_Error: Catches unhandled exceptions globally.
 Custom error pages: Configured in Web.config to display friendly error messages.

Example: “I implemented a global error handler in Application_Error to log all

unhandled exceptions to a database and show a generic error page to the user.”

15. Explain the concept of Postback in ASP.NET.

A postback occurs when a web page sends data back to the server. ASP.NET Web Forms use
postback to preserve the state of controls between user interactions.

Example: “In a complex form, I use postbacks to refresh specific parts of the form
dynamically, based on user input, without losing the entered data.”

16. What is ASP.NET Web API, and when would you use it?

ASP.NET Web API is a framework for building HTTP services that can be consumed by
various clients, including browsers and mobile devices. It's ideal for creating RESTful
services.
Example: “We used Web API to expose our business logic as RESTful services for a mobile
application that required data from our system.”

17. What is the difference between ASP.NET Web API and WCF?

 Web API: Lightweight and ideal for building RESTful services over HTTP.
 WCF: A more comprehensive framework that supports various protocols (HTTP,
TCP, MSMQ), suitable for building SOAP services.

Example: “For a microservices-based architecture, we preferred Web API for lightweight

HTTP-based communication, but in a legacy project, WCF was used for SOAP services due
to existing system constraints.”

18. What are the differences between GET and POST methods in HTTP?

 GET: Retrieves data from the server. The data is appended to the URL and is not
secure.
 POST: Submits data to the server. The data is sent in the request body, making it
more secure and allowing larger amounts of data.

Example: “We used POST for submitting sensitive form data, like user credentials, while
GET was used for fetching non-sensitive data, such as product listings.”

19. Explain the difference between Server.MapPath and Request.PhysicalPath.

 Server.MapPath: Converts a virtual path to a physical path on the server.

 Request.PhysicalPath: Returns the physical path of the currently requested URL.

Example: “I used Server.MapPath to upload and save files on the server, ensuring that the
file was stored in the correct directory.”

20. What is the role of Machine.config and Web.config?

 Machine.config: Contains default configuration settings for all ASP.NET

applications on a server.
 Web.config: Contains configuration settings specific to an ASP.NET application,
allowing customization on a per-application basis.

Example: “In a project, we customized the Web.config to configure security settings for the
application, while leaving the default Machine.config unchanged to avoid affecting other
applications.”
21. What is the App_Offline.htm file in ASP.NET?

When the App_Offline.htm file is placed in the root of an ASP.NET application, the
application will be taken offline, and the content of the file will be shown to users. This is
useful during maintenance.

Example: “I used the App_Offline.htm file during deployments to notify users that the
system was undergoing maintenance, ensuring that no new requests were processed during
the update.”

22. What is Cross-Site Scripting (XSS), and how do you prevent it in

ASP.NET?

Cross-Site Scripting (XSS) is a vulnerability where attackers inject malicious scripts into web
pages viewed by other users. ASP.NET mitigates XSS by encoding output using methods like
HttpUtility.HtmlEncode.

Example: “I ensured that all user input displayed on web pages was encoded using
HtmlEncode to prevent the execution of malicious scripts.”

23. What is Cross-Site Request Forgery (CSRF), and how do you prevent it?

CSRF is an attack where a user is tricked into performing actions on a site where they are
authenticated. ASP.NET provides AntiForgeryToken() to generate tokens that validate
form submissions.

Example: “We implemented CSRF protection by adding anti-forgery tokens to all forms,
ensuring that only valid requests were processed by the server.”

24. What is the difference between Session and Application state?

 Session State: Stores data specific to a user session.

 Application State: Stores data shared across all users of the application.

Example: “We used Session state to store user-specific preferences, while Application state
was used to cache common data, like product categories, across the application.”

25. How does the Garbage Collector work in .NET?

The Garbage Collector (GC) automatically manages memory by freeing up space occupied
by objects that are no longer in use. It works in three generations (0, 1, 2), promoting objects
based on their longevity.

Example: “In a high-memory usage application, we profiled memory usage and tuned the
GC settings to minimize memory leaks and ensure efficient memory allocation.”

26. Explain the role of the using statement in ASP.NET.

The using statement ensures that resources are disposed of properly after they are no longer
needed. It is often used with objects that implement IDisposable, such as database
connections and file streams.

Example: “In a large enterprise application, I used using statements to ensure database
connections were closed and disposed of efficiently, preventing connection leaks.”

27. What is a Web Service, and how is it different from Web API?

A Web Service allows communication between applications over HTTP using SOAP or
XML. Web API, on the other hand, is a lightweight framework that supports JSON for
RESTful services.

Example: “In a legacy project, we used Web Services for SOAP-based communication, but
for newer applications, we transitioned to Web API for its simplicity and REST support.”

28. What are the different methods of state management in ASP.NET?

 Client-side: ViewState, Cookies, Hidden Fields, Query Strings.

 Server-side: Session State, Application State, Cache, Database.

Example: “For a high-performance application, we used client-side state management with

cookies to store non-sensitive data, reducing the load on the server.”

29. What is the role of Global.asax in ASP.NET?

The Global.asax file allows handling application-level events such as Application_Start,

Application_End, and Session_Start.

Example: “I used Global.asax to log session start/end events and track user activity across
the application.”
30. Explain authentication and authorization in ASP.NET.

 Authentication: Verifies the identity of a user.

 Authorization: Determines what resources a user is allowed to access.

Example: “We implemented forms authentication for user login and used role-based
authorization to restrict access to certain parts of the admin panel.”

31. What is impersonation in ASP.NET?

Impersonation allows an ASP.NET application to execute code under the identity of the
authenticated user. It can be configured in the Web.config file.

Example: “We used impersonation to access network resources on behalf of the logged-in
user, ensuring that file permissions were respected.”

32. What is the difference between early binding and late binding?

 Early Binding: The type of object is determined at compile time.

 Late Binding: The type of object is determined at runtime.

Example: “In scenarios where performance was critical, I preferred early binding for its
speed and type safety, but in some cases where flexibility was needed, late binding was used
with reflection.”

33. What is the role of Web.config in ASP.NET?

Web.config contains configuration settings for an ASP.NET application, such as database

connection strings, session settings, authentication modes, and custom error pages.

Example: “I have often modified Web.config to enable detailed error logging and to
customize connection strings based on the deployment environment.”

34. Explain the AutoPostBack property in ASP.NET.

The AutoPostBack property allows controls like dropdown lists and textboxes to
automatically post back to the server when their values change.
Example: “In a dynamic form where dropdown selections influenced other fields, I enabled
AutoPostBack to refresh the form without requiring a manual submit.”

35. What is the difference between synchronous and asynchronous requests in

ASP.NET?

 Synchronous requests: The server processes the request and blocks further execution
until the response is received.
 Asynchronous requests: The server processes the request in the background,
allowing other operations to continue in parallel.

Example: “We implemented asynchronous calls for long-running operations like file
uploads, improving the responsiveness of the web application.”

36. What are ASP.NET Validators?

ASP.NET provides built-in validation controls such as RequiredFieldValidator,

RangeValidator, RegularExpressionValidator, and CustomValidator, which are used
to enforce input rules on form fields.

Example: “We used a combination of RegularExpressionValidator and

CustomValidator to enforce complex validation rules for user input, such as email and
password formats.”

37. How do you handle concurrency in ASP.NET applications?

Concurrency is handled by implementing locking mechanisms, optimistic concurrency, or

pessimistic concurrency, depending on the use case. In web applications, this often applies to
database operations or session data.

Example: “We used optimistic concurrency in our e-commerce platform to handle situations
where multiple users attempted to update the same product inventory at the same time,
minimizing locking issues.”

38. What is a Master Page in ASP.NET?

Master Pages define a common layout (e.g., header, footer, navigation) that can be applied
across multiple pages in an ASP.NET application. Content pages inherit the master layout.

Example: “I used Master Pages in a content management system to enforce a consistent

design across the website, while allowing individual pages to provide unique content.”
39. How does ASP.NET handle cookies?

Cookies in ASP.NET are small pieces of data stored on the client browser, which can be read
or written by the server. Cookies are used for state management, storing user preferences,
authentication tokens, etc.

Example: “In a user authentication system, I used cookies to store session tokens, ensuring
the user remained logged in across multiple requests.”

40. What is role-based security in ASP.NET?

Role-based security restricts access to resources based on the user’s role. Roles can be
defined in the Web.config file or retrieved from an external source, such as a database.

Example: “In a corporate intranet application, I implemented role-based security to control

access to different departments based on the user’s role, such as HR, Finance, or IT.”

41. What is ASP.NET AJAX, and how does it work?

ASP.NET AJAX is a framework that allows partial-page updates, reducing the need to reload
the entire page after a postback. It uses JavaScript and XML (or JSON) to exchange data
asynchronously between the client and server.

Example: “We used AJAX to enhance the user experience on our product filtering page,
allowing users to apply filters without refreshing the entire page.”

42. What is the difference between the Render() and RenderControl() methods
in ASP.NET?

 Render(): Used to output HTML content directly from a control.

 RenderControl(): Outputs the HTML content of the control and its child controls.

Example: “In a custom control, I used RenderControl() to render nested controls

dynamically based on user input.”

43. What is URL Routing in ASP.NET?

URL Routing allows defining URL patterns that do not necessarily map to physical files. It
provides clean URLs and helps with SEO and user-friendly navigation.
Example: “We implemented URL routing to create cleaner URLs for our product catalog,
ensuring better SEO and user experience.”

44. Explain SqlDataSource, ObjectDataSource, and LinqDataSource.

 SqlDataSource: Directly connects to a database using SQL queries.

 ObjectDataSource: Binds to business logic or objects for data retrieval.
 LinqDataSource: Uses LINQ queries to bind data from a data context.

Example: “For a complex data-driven application, I used ObjectDataSource to bind

business logic to the UI, separating data access concerns from the UI layer.”

45. What is the purpose of the App_Code folder in ASP.NET?

The App_Code folder is used to store reusable code files like classes, business logic, and
helper methods that are automatically compiled into the application.

Example: “In one of my projects, I organized utility classes and custom validation logic in
the App_Code folder for better maintainability.”

46. How does Application.Lock and Application.UnLock work in ASP.NET?

Application.Lock prevents other requests from modifying application-level variables until

the lock is released by Application.UnLock.

Example: “We used Application.Lock to safely increment a global counter that tracked the
number of active users across the application.”

47. What is the role of ViewState encryption in ASP.NET?

ViewState encryption ensures that the data stored in ViewState is not tampered with. By
default, ViewState is base64-encoded, but it can be encrypted using
ViewStateEncryptionMode.

Example: “For sensitive applications, we enabled ViewState encryption to ensure that no

critical information, like form data, could be altered by users.”

48. What is the difference between Web.config and AppSettings in ASP.NET?

AppSettings is a section in Web.config where key-value pairs of configuration data (such
as database connection strings) are stored. Web.config is the broader configuration file for
the ASP.NET application.

Example: “We used AppSettings to store API keys and configurable settings, such as the
number of items per page in a product listing.”

49. What is the Page.Request object in ASP.NET?

The Page.Request object provides information about the current HTTP request, including
query strings, form data, cookies, and headers.

Example: “I used Page.Request to read query string parameters and display search results
based on user input.”

50. What is WebSocket, and how is it used in ASP.NET?

WebSocket is a protocol that provides full-duplex communication between a client and server
over a single TCP connection. ASP.NET supports WebSockets for real-time data exchange,
such as chat applications or live notifications.

Example: “In a real-time stock-tracking application, we used WebSockets to push live data
updates to users, providing them with instant information without page refreshes.”