Answers to questions from the section “ASP.NET (UI) Developers”
== What is a PostBack? ==
Short answer: Postback is an HTTP POST to the same page that the form is on. This occurs in the typical CRUD scenario, which starts with a GET (Read) and finishes with a POST (Update).
Detailed answer: I am going to focus on the PostBack in the context of an ASP.NET MVC application here, which is different to the way the PostBack works in the ASP.NET WebForms application.
It is a process in which:
- data is retrieved using a GET
- the user fills in some missing data
- the data is now sent back from the browser to the server using the POST method
- received data is processed by the model binder on the controller’s method
- finally, the controller processes the result of the model binding
== Are threads reused in ASP.NET between reqeusts? Does every HttpRequest get its own thread? Should you use Thread Local storage with ASP.NET? ==
Yes, threads are reused between requests. They come from a thread pool. What’s more, in a single request, if there is an I/O operation, the thread, executing the request, can be freed at the beginning of the operation and put back into the thread pool to process other requests. When the I/O operation completes a different thread may get picked up to complete the request. This is called “thread agility” in ASP.NET and is intended to improve performance by a lot. Because of it, Thread Local storage should rather be avoided if you perform any I/O operations during the requests.. If only, during the thread switch, the thread context was preserved and moved to the new thread used to handle the rest of the request, things would be much easier. It is not the case, though.
If you need to keep any global data available for the duration of the whole request, instead of [ThreadLocal], you may need to use HttpContext, which keeps the data preserved during the thread switch. Now, if you use HttpContext and want your code decoupled from it, you will have to figure out how to do it, which is a separate problem to solve.
== Is the [ThreadStatic] attribute useful in ASP.NET? Are there side effects? Good or bad? ==
In a process a static field resides at a single address in memory. Therefore multiple threads are able to see its value at all times. If the value gets updated, the other threads will be able to see the new value. Of course, to avoid concurrency issues in case of multi-threaded processing, synchronization has to be implemented.
If the particular use case requires the field to be unique per thread then by using ThreadStatic attribute on a field, we could be sure that each thread will have its own static field’s value, rendering the field unique per thread. Due to “thread agility” in ASP.NET, though, using the [ThreadStatic] attribute on static fields may be problematic. We may get a bad side effect when the thread executing the request, during an I/O operation, gets replaced with a different thread, causing the static field to contain a value different than the one set in the beginning of the request.
Overall, [ThreadStatic] attribute may be useful in ASP.NET as long as you avoid any I/O operations within the requests.
== Explain how cookies work. Give an example of Cookie abuse. ==
Cookies are small pieces of data that allow websites to “remember” at least something about the user that is visiting them. In fact, the knowledge about the user or a tiny fact about the user is preserved on the user’s computer and is sent with every request to the server. Now, enough for the high level, time to go a little deeper..
When a request is made to a server an HTTP Header entry ‘Cookie’ with the site’s related cookie data is added to the HTTP Request. If it is expected by the server, but is not found in the HTTP headers, then that means there is no cookie associated with the website yet and the server – during the reply – will add an HTTP Header entry ‘Set-Cookie’ with the data the website generated.
The typical use case for using a cookie by a website is to store the visiting user’s generated id. The next time the user visits the site, it will identify the user by the id. It also helps the websites identify new users and returning users, which is especially crucial for e-commerce or news websites.
Cookies are plain key-value text data stored within text files. They also contain a few attributes such as expiration date, the website path (which helps in restricting which sites can read the cookies etc.).
Cookie abuse? The app can store a lot of personal information on the user in a cookie on the local computer. This information can then be sent with each request and – in case of unsecured connection – intercepted by others.
Useful source that also contains further links: http://www.cookiecentral.com/faq/
Source useful especially for developers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Useful documentation of the Http Headers:
‘Set-Cookie’: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
‘Cookie’: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
== Explain the importance of HttpRequest.ValidateInput()? ==
This method validates all key-value pairs across Form, Cookies and QueryString against any potentially dangerous data.
== What kind of data is passed via HTTP Headers? ==
HTTP Headers allow the server and the client to pass additional data along with the Request and Response contents.
The data is used, for example, for authentication, authorization, cookies, the specification of what type of data is expected or sent etc.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
== Juxtapose the HTTP verbs GET and POST. What is HEAD? ==
GET is an HTTP method intended to retrieve data. It should not result in any state changes.
POST is an HTTP method intended to send data to the server.
By the way, the other method PUT is also intended to send data, but its primary purpose is to create resources on the server and it is required to be idempotent, which means that calling it with the same payload multiple times should result only in a single resource created, while using POST may create multiple resources.
HEAD is an HTTP method that is used to retrieve the same HTTP headers that would be sent if we invoked a GET method on a resource.
== Name and describe at least a half dozen HTTP Status Codes and what they express to the requesting client. ==
200 OK – the request has been successfully processed
400 Bad Request – it indicates that the server could not understand the request due to invalid syntax
401 Unauthorized – the authentication details are missing from the request and the status code suggests to authenticate first
403 Forbidden – the server understood the request and processed the authentication details, however it refused access to the resource (e.g. because of missing rights)
404 Not Found – the requested resource could not be found
500 Internal Server Error – it indicates that the server has encountered an unexpected condition and could not continue processing the request
503 Service Unavailable – it indicates that the server is not ready to process requests at the moment (e.g. because it went down etc.). If we use IIS to run our web application, the first thing to check will be whether the application pool has gone down or is still working.
== How does VaryByCustom work? ==
It is used while handling requests using caching. VaryByCustom is a property for which one needs to override HttpApplication.GetVaryByCustomString method in the Global.asax file.