The Ultimate .NET Interview Guide: Questions and Answers

Being a .NET developer involves more than just dragging controls onto a design window. Like a race car driver, you need to understand your vehicle—its capabilities and limitations.

This article, inspired by Scott Hanselman's list of .NET questions, presents a comprehensive collection of technical questions organized by skill level. The topics include WinForms, ASP.NET, XML, and fundamentals of C# and .NET. Use this as a self-assessment tool to evaluate your knowledge.

Answers are provided at the end of the article. Due to the complexity of the subject matter, there may be errors or omissions—corrections are welcome.

All Claim to Write Code

  • What is the difference between a process and a thread?
  • What is a Windows service, and how does its lifecycle differ from a standard EXE program?
  • What is the maximum addressable memory for a single process in Windows? How does this impact software design?
  • What are the differences between an EXE and a DLL?
  • What are the differences between strongly-typed and weakly-typed languages, along with their advantages and disadvantages?
  • What is a PID (Process ID)? Is it useful when troubleshooting system issues?
  • How many processes can share a single TCP/IP port?
  • What is the GAC (Global Assembly Cache)? What benefits does using the GAC provide?

Intermediate .NET Developer

  • What are the differences between interface-oriented, object-oriented, and aspect-oriented programming?
  • What is the difference between an interface and a class?
  • What is reflection?
  • What are the differences between XML web services and .NET Remoting?
  • What is the difference between early-binding and late-binding?
  • Is Assembly.Load a static or dynamic reference?
  • What are the differences between Assembly.LoadFrom and Assembly.LoadFile, and when should each be used?
  • What is an Assembly Qualified Name? Is it just a filename? How does it differ from a filename?
  • This question relates to strong naming concepts. Is Assembly.Load("foo.dll") the correct way to load an assembly?
  • What are the differences between strongly-named and non-strongly-named assemblies?
  • Can a DateTime be null? Why or why not?
  • What is JIT (Just-In-Time) compilation? What is NGEN (Native Image Generator)? What are their respective advantages and disadvantages?
  • How does the .NET CLR's generational garbage collector manage object lifecycles? What is non-deterministic finalization?
  • What are the differences between Finalize() and Dispose()?
  • Is the Using() pattern useful? What is IDisposable? How does it support deterministic finalization?
  • What is the purpose of the command "tasklist /m "mscor*"?
  • What is the difference between in-proc and out-of-proc communication?
  • What technology is used to implement out-of-proc communication?
  • When running a component in ASP.NET, which process does it run on in Windows XP, Windows 2000, and Windows 2003 respectively?

Senior Developer and Architect

  • Is DateTime.Parse(myString) the correct approach for parsing date strings?
  • What are PDBs (Program Database files)? In what scenarios are they needed for debugging?
  • What is cyclomatic complexity, and why is it important?
  • Write a standard lock() implementation and a "double-check" locking pattern.
  • What is FullTrust? Do assemblies in the GAC have FullTrust permissions?
  • What are the benefits of applying security permission attributes to code?
  • What does the command "gacutil /l | find /i "Corillian"" do?
  • What is the function of the command "sn -t foo.dll"?
  • For DCOM to traverse a firewall, which ports need to be opened? What is the purpose of port 135?
  • Compare Object-Oriented Programming (OOP) and Service-Oriented Architecture (SOA). What are the principles of each?
  • How does XmlSerializer work? What ACL permissions are required when a process uses it?
  • Why is using catch(Exception) generally not a good practice?
  • What are the differences between Debug.Write and Trace.Write? When should each be used?
  • What are the differences between Debug and Release compilation? Is there a significant impact on runtime performance? Why use one over the other?
  • Does JIT compilation occur at the assembly level or method level? What impact does this have on the working set?
  • Compare abstract base classes and interfaces.
  • What is the difference between a.Equals(b) and a == b?
  • In object comparison, what is the difference between object identity and object equality?
  • How would you implement deep copying in .NET?
  • What should be understood about the ICloneable interface?
  • What are boxing and unboxing operations?
  • Is string a value type or a reference type?
  • What is the purpose of the "PropertySpecified" pattern used by XmlSerializer? What problem does it attempt to solve?
  • Why are out parameters considered a flaw in .NET? What issues do they present?
  • Can attributes be placed on specific method parameters? What is the use case for this?

C# Control Developer

  • What is the meaning of the "new" keyword when overriding? What side effects does it have?
  • Explain the virtual, sealed, override, and abstract keywords.
  • Explain each part of this string: Foo.Bar, Version=2.0.205.0, Culture=neutral, PublicKeyToken=593777ae2d274679d.
  • What are the differences between public, protected, private, and access modifiers?
  • What are the benefits of using Primary Interop Assemblies (PIAs)?
  • What mechanism does NUnit use for unit testing?
  • What is the difference between catch(Exception e){throw e;} and catch(Exception e){throw;}?
  • What is the difference between typeof(foo) and myFoo.GetType()?
  • Explain the order of constructor calls in this example:
public class MyClass {
    public MyClass(string a) : this() { };
    public MyClass() { };
}

Is this constructor useful?

  • What is "this"? Can "this" be called in a static method?

ASP.NET (UI) Developer

  • Describe how to simulate Button1_OnClick using form-based POST submission.
  • What is a PostBack?
  • What is ViewState? How is it encoded? Is it encrypted? Who actually uses ViewState?
  • What does the element do? What is its purpose in ASP.NET?
  • Name three ASP.NET Session State providers and their respective advantages and disadvantages.
  • Does ASP.NET reuse threads between multiple requests? Does each HttpRequest have its own thread? Should you use ASP.NET's Thread Local storage?
  • Can you provide an example of how to use an HttpHandler to check the format of an image uploaded by a client?
  • What type of events does an HttpModule subscribe to? What impact does this have on implementation? How can this be done without recompiling the ASP.NET application?
  • Briefly describe the process of routing an arbitrary client request to ASP.NET.
  • Briefly explain how cookies work and provide an example of cookie misuse.
  • Explain the importance of HttpRequest.ValidateInput().
  • What data is passed through HTTP Headers?
  • Name the differences between GET and POST in HTTP Headers.
  • Name at least six HTTP status codes and their meanings.
  • How does the If-Modified-Since header work? How would you implement it?
  • How does VaryByCustom work?

Developer Using XML

  • What is the purpose of XML Namespaces?
  • What are suitable use cases for DOM? Are there size limitations?
  • What is WS-I Basic Profile, and why is it important?
  • Write a small XML document using both default namespaces and qualified (prefixed) namespaces, including elements from both namespaces.
  • What is the fundamental difference between elements and attributes?
  • What is the difference between well-formed XML and valid XML?
  • How would you validate XML using .NET?
  • Why is this code generally problematic? When might it be appropriate? myXmlDocument.SelectNodes("//mynode");
  • What are the similarities and differences between pull-style parsers (XmlReader) and eventing-readers (SAX)?
  • What are the differences between XPathDocument and XmlDocument? Explain when one should be used over the other.
  • What is the difference between an "XML fragment" and an "XML document"?
  • What does "normalized form" mean for XML?
  • How does the XML InfoSet specification differ from XML DOM? What problem does InfoSet aim to solve?
  • Compare DTD and XSD. What are their similarities and differences? Which is better and why?
  • Does System.Xml support DTDs? How?
  • Can XML Schema be represented as an object graph? Can an object graph be represented as XML Schema?

Reference Answers

All Claim to Write Code (Reference Answers)

  • What is the difference between a process and a thread?

A program has at least one process, and a process has at least one thread. Threads are smaller units of execution than processes, making multithreaded programs more concurrent.

  • What is a Windows service, and how does its lifecycle differ from a standard EXE program?

Windows services can start automatically when the computer boots, can be paused and restarted, and do not display any user interface.

Standard EXE programs typically have a user interface (console or GUI) and are usually started or stopped by users.

  • What is the maximum addressable memory for a single process in Windows? How does this impact software design?

In a 32-bit operating system, the maximum addressable memory is 4GB (including virtual memory), calculated as 2^32. When physical memory is less than 4GB, the amount of memory a process can access increases with virtual memory until it reaches 4GB. This 4GB memory space, called virtual address space or virtual memory, includes all parts of the program—executable code, all DLLs loaded by the code, and all variables used during execution.

This has two significant design implications:

In .NET, the most noticeable difference is with the int type, which stores different amounts of data in 32-bit vs 64-bit environments (int is 4 bytes in 32-bit, 8 bytes in 64-bit). Additionally, programs compiled as x86 can run on both 32-bit and 64-bit systems.

  • What are the differences between an EXE and a DLL?

Although a DLL contains executable code, it cannot execute on its own. It must be called directly or indirectly by Windows applications. An EXE, of course, can execute independently.

  • What are the differences between strongly-typed and weakly-typed languages, along with their advantages and disadvantages?

Strong typing checks variable types as early as possible, typically at compile time.

Weak typing delays type checking until runtime, typically during execution.

Which is better depends on the context. Languages like Ruby and JavaScript are weakly typed, which allows for faster coding. C# is strongly typed, which means if variable types don't match, compilation will fail, and Visual Studio provides helpful hints. Since C# 3.0, using var to declare variables has simplified this process significantly.

  • What is a PID (Process ID)? Is it useful when troubleshooting system issues?

PID stands for Process Identifier, a unique number assigned to each process. It's useful for terminating unresponsive programs and during debugging.

  • How many processes can share a single TCP/IP port?

TCP/IP ports can be shared by multiple processes:

Socket socket1 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
Socket socket2 = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket1.Bind(new IPEndPoint(IPAddress.Parse("127.0.0.1"), 8235));
socket1.Listen(10);
socket2.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, true);
socket2.Bind(new IPEndPoint(IPAddress.Parse("127.0.0.1"), 8235));
socket2.Listen(10);
Console.Read();

  • What is the GAC (Global Assembly Cache)? What benefits does using the GAC provide?

The GAC is a machine-wide code cache that stores assemblies specifically designated to be shared by several applications. .NET places most of its assemblies in the GAC. It solves problems related to saving disk space and preventing DLL Hell.

Intermediate .NET Developer (Reference Answers)

  • What are the differences between interface-oriented, object-oriented, and aspect-oriented programming?

Interface-oriented programming defines uniform specifications for implementing certain types of functionality, while the specific implementation is determined by types that implement the interface.

Object-oriented programming emphasizes encapsulating things with similar behaviors and attributes, focusing more on the completeness of encapsulation and functionality.

Aspect-oriented programming primarily provides operations unrelated to business logic. For example, if multiple places in a system use file upload functionality, aspect-oriented thinking can be used to filter file size, format, and other information before all uploads, rather than implementing this filtering in each upload code.

  • What is the difference between an interface and a class?

Interface: Cannot be instantiated, has no state of its own, and methods have no concrete implementations. When inherited, implementing classes must provide implementations for all interface methods. An interface is like a template downloaded from the internet for a rental contract.

Class: Can be instantiated, has state, and when inherited, subclasses don't need to reimplement methods of the base class. However, if the base class has methods marked as abstract, the subclass must implement them. A class is like a rental contract template that has already been filled in.

  • What is reflection?

Reflection is the ability of code to dynamically obtain information about assemblies, objects, or to directly call object methods or properties during execution. For example: var i = 100; i.GetType(); outputs System.Int32.

  • What are the differences between XML web services and .NET Remoting?

XML Web services: Based on open standards, use HTTP/SOAP protocols for communication.

.NET Remoting: A Microsoft-specific technology that works only within .NET.

  • What is the difference between early-binding and late-binding?

Early-binding: Occurs at compile time.

Late-binding: Occurs at runtime.

  • Is Assembly.Load a static or dynamic reference?

Dynamic reference.

  • What are the differences between Assembly.LoadFrom and Assembly.LoadFile, and when should each be used?

Assembly.LoadFile loads only the specified DLL file, without loading other dependencies.

Assembly.LoadFrom loads the DLL file and any other DLLs it references.

  • What is an Assembly Qualified Name? Is it just a filename? How does it differ from a filename?

This question relates to strong naming concepts.

An Assembly Qualified Name is not just a filename. Unlike a filename, it uniquely identifies an assembly by including the filename along with version, public key, and culture. The same filename might exist in different versions or cultures, so relying solely on the filename cannot guarantee the correct assembly.

  • Is Assembly.Load("foo.dll") the correct way to load an assembly?

No, the correct way is: Assembly.Load("foo, Version=1.0.2004.0, Culture=neutral, PublicKeyToken=8744b20f8da049e3")

  • What are the differences between strongly-named and non-strongly-named assemblies?

Strongly-named assemblies ensure global uniqueness of names because the strong name depends on a unique key pair to guarantee this uniqueness. No one else can generate an assembly with the same name (different private keys produce different names). Strong names protect assembly versioning because the uniqueness ensures no one else can generate subsequent versions of your assembly. Strong names provide reliable integrity checks, ensuring that the assembly content has not been modified since it was generated!

  • Can a DateTime be null? Why or why not?

DateTime cannot be null because it's a struct (value type), and value types cannot be null. Only reference types can be assigned null.

  • What is JIT (Just-In-Time) compilation? What is NGEN (Native Image Generator)? What are their respective advantages and disadvantages?

JIT (Just-In-Time) is the final compiler that transforms .NET intermediate language into machine code that the computer can execute.

The Native Image Generator (Ngen.exe) is a tool to improve performance of managed applications. Ngen.exe creates native images (files containing compiled processor-specific machine code) and installs them in the native image cache on the local computer. The runtime can use these native images directly, without needing to compile the original assembly with the JIT compiler.

Since the JIT compiler converts MSIL to native code when methods are called, it inevitably impacts runtime performance. In most cases, this impact is acceptable. More importantly, code generated by the JIT compiler is bound to the process that triggered the compilation. It cannot be shared among multiple processes. To enable sharing of generated code among multiple applications or multiple processes that call a set of assemblies, the common language runtime supports a precompilation mode. This precompilation mode uses the Native Image Generator (Ngen.exe) to convert MSIL assemblies to native code, functioning similarly to the JIT compiler. However, Ngen.exe differs from the JIT compiler in three ways:

  • It performs conversion from MSIL to native code before application execution, not during execution.
  • It compiles an entire assembly at once, not one method at a time.
  • It persists the generated code as files in the native image cache on disk.
  • How does the .NET CLR's generational garbage collector manage object lifecycles? What is non-deterministic finalization?

.NET's garbage collection has three generations, which can be forced with GC.Collect.

An object instance becomes garbage when it's no longer referenced by any part of the program. When memory is low, the GC reclaims the space occupied by these garbage objects.

  • What are the differences between Finalize() and Dispose()?

Finalize() only releases unmanaged resources.

Dispose() releases both managed and unmanaged resources.

Finalize() and Dispose() share the same resource release strategy, so there's no conflict between them.

  • Is the Using() pattern useful? What is IDisposable? How does it support deterministic finalization?

Yes, it's useful for scoping resources and ensuring they're automatically released.

IDisposable is an interface with a Dispose() method that can be called when an object goes out of scope, such as when exiting a Using block.

  • What is the purpose of the command "tasklist /m "mscor*"?

Lists all processes that use DLLs matching the pattern in quotes.

  • What is the difference between in-proc and out-of-proc communication?

In-proc communication occurs within a single process, while out-of-proc communication occurs between different processes.

  • What technology is used to implement out-of-proc communication?

.NET remoting.

  • When running a component in ASP.NET, which process does it run on in Windows XP, Windows 2000, and Windows 2003 respectively?

Windows XP: aspnet_wp.exe

Windows 2000: inetinfo.exe

Windows 2003: w3wp.exe

Senior Developer and Architect (Reference Answers)

  • Is DateTime.Parse(myString) the correct approach for parsing date strings?

Generally, DateTime.TryParse is a better approach for parsing date strings.

  • What are PDBs (Program Database files)? In what scenarios are they needed for debugging?

PDBs are Program Database files that store symbols for a module (DLL or EXE), including their addresses, filenames, and line numbers. They serve as a bridge between the application and source code during debugging.

  • What is cyclomatic complexity, and why is it important?

Cyclomatic complexity is a metric for measuring code complexity. It quantitatively measures the number of linearly independent paths through a program's source code. Higher cyclomatic complexity indicates more complex code with more decision points, which may indicate lower quality code that's harder to test and maintain. High cyclomatic complexity is often correlated with potential risks in software.

  • Write a standard lock() implementation and a "double-check" locking pattern.

The lock keyword ensures that when one thread is in the critical section of code, another thread cannot enter that critical section. If another thread attempts to enter locked code, it will wait (be blocked) until the object is released.

public class MySingleton {
    private static readonly object myLock = new object();
    private static volatile MySingleton mySingleton = null;
    
    private MySingleton() {
    }
    
    public static MySingleton GetInstance() {
        if (mySingleton == null) { // First check
            lock (myLock) {
                if (mySingleton == null) { // Second check
                    mySingleton = new MySingleton();
                }
            }
        }
        return mySingleton;
    }
}

  • What is FullTrust? Do assemblies in the GAC have FullTrust permissions?

FullTrust means complete trust, also known as blind trust.

Assemblies in the GAC have FullTrust permissions.

  • What are the benefits of applying security permission attributes to code?

They allow more flexible setting of access permissions for code, enabling code-level protection and preventing malicious use by mobile code.

  • What does the command "gacutil /l | find /i "Corillian"" do?

Updates the assembly if "Corillian" exists in the global assembly cache, or installs it if it doesn't.

  • What is the function of the command "sn -t foo.dll"?

Displays the public key token of the assembly.

  • For DCOM to traverse a firewall, which ports need to be opened? What is the purpose of port 135?

DCOM ports are randomly assigned, typically above 1024, so by default, DCOM cannot traverse firewalls.

Port 135 is the default port for Remote Procedure Call (RPC).

  • Compare Object-Oriented Programming (OOP) and Service-Oriented Architecture (SOA). What are the principles of each?

OOP is a programming model that breaks down complex logic into small modules, characterized by inheritance, encapsulation, and polymorphism. SOA is a technical framework that encapsulates business logic as services or middleware for applications to call. Its component-based approach builds upon the strengths of OOP.

  • How does XmlSerializer work? What ACL permissions are required when a process uses it?

XmlSerializer serializes and deserializes object properties and fields to and from XML data. At minimum, read ACL permissions are required.

  • Why is using catch(Exception) generally not a good practice?

Because try-catch has performance overhead, which can be significant in performance-critical scenarios. Additionally, catching generic exceptions can disrupt normal program flow, making code harder to read and debug. Specific exception types should be caught instead of the generic Exception.

  • What are the differences between Debug.Write and Trace.Write? When should each be used?

Debug.Write only outputs in debug mode, while Trace.Write also outputs in release mode. Debug.Write generates PDB files, while Trace.Write does not.

  • What are the differences between Debug and Release compilation? Is there a significant impact on runtime performance? Why use one over the other?

Debug and Release compilation produce different outputs. Release compilation excludes debugging information like Assert statements. There is no significant difference in runtime performance between Debug and Release builds. Debug builds are recommended during development for using Assert statements, while Release builds are recommended for deployment.

  • Does JIT compilation occur at the assembly level or method level? What impact does this have on the working set?

JIT compilation occurs at the method level. For a single run, only a small number of types and objects in an assembly are likely to be used, while most may remain unused.

  • Compare abstract base classes and interfaces.

Interfaces define behavior specifications without implementations, while abstract classes can define both behavior specifications and provide partial implementations. A class can implement multiple interfaces but can only inherit from one base class.

Differences:

  • Interfaces only contain methods, properties, events, and indexers; classes can contain additional members like fields.
  • Interfaces cannot have constructors, while classes can.
  • Interfaces cannot overload operators, while classes can.
  • Interface members always have public visibility, while class members can have various access modifiers.
  • Classes derived from an interface must implement all interface members, while classes derived from other classes don't necessarily need to implement inherited members.
  • What is the difference between a.Equals(b) and a == b?

Equals() compares the content of two variables.

== compares whether the values of two variables are equal. For reference types, it checks whether they refer to the same object in memory (i.e., whether their memory addresses are the same).

  • In object comparison, what is the difference between object identity and object equality?

Object identity refers to whether two variables refer to the same object in memory. Object equality refers to whether the contents of two objects are equivalent.

  • How would you implement deep copying in .NET?

Deep copying creates new instences of all objects referenced by the fields of the original object. Changes to the new object's referenced objects won't affect the original object's corresponding fields.

  • What should be understood about the ICloneable interface?

The ICloneable interface allows for custom implementations of creating copies of existing objects.

  • What are boxing and unboxing operations?

Boxing is converting a value type to a reference type object, typically involving copying the object instance from the stack to the heap.

Unboxing is converting a reference type back to a value type, typically involving copying from heap to stack.

  • Is string a value type or a reference type?

String is a reference type.

  • What is the purpose of the "PropertySpecified" pattern used by XmlSerializer? What problem does it attempt to solve?

The PropertySpecified pattern marks objects that should not be serialized, ensuring only useful data is serialized rather than the entire object. This reduces data redundancy and improves serialization performance.

  • Why are out parameters considered a flaw in .NET? What issues do they present?

Out parameters are considered problematic because they indirectly violate encapsulation and reduce code readability. However, they can be convenient and useful in certain scenarios.

  • Can attributes be placed on specific method parameters? What is the use case for this?

Yes. This is particularly useful for interoperability with unmanaged code.

/// <summary>The EnableWindow Function.</summary> 
[DllImport("user32.dll")] 
[return: MarshalAs(UnmanagedType.Bool)] 
public static extern bool EnableWindow(System.IntPtr hWnd, [MarshalAs(UnmanagedType.Bool)]bool enable);

C# Control Developer (Reference Answers)

  • What is the meaning of the "new" keyword when overriding? What side effects does it have?

When a base class method is not marked as virtual, the "new" keyword must be used in the derived class. The side effect is that it breaks the inheritance relationship by hiding rather than overriding the base method.

  • Explain the virtual, sealed, override, and abstract keywords.

virtual: Used to modify method, property, indexer, or event declarations to allow them to be overridden in derived classes.

sealed: When applied to a class, prevents other classes from inheriting from it.

override: Used to extend or modify the abstract or virtual implementation of inherited methods, properties, indexers, or events.

abstract: Used with classes, methods, properties, indexers, and events. When used with a class, indicates that the class can only be used as a base class. Members marked as abstract or contained in an abstract class must be implemented by classes derived from the abstract class.

  • Explain each part of this string: Foo.Bar, Version=2.0.205.0, Culture=neutral, PublicKeyToken=593777ae2d274679d.

Foo.Bar: Assembly name

Version=2.0.205.0: Assembly version

Culture=neutral: Culture/region

PublicKeyToken: Public key token of the assembly

  • What are the differences between public, protected, private, and internal access modifiers?

public: Accessible to any class or member, unrestricted access.

protected: Accessible only to the class and its derived classes.

private: Accessible only to the class itself.

internal: Accessible only within the assembly that contains the class (just the project, not the entire solution).

  • What are the benefits of using Primary Interop Assemblies (PIAs)?

Primary Interop Assemblies (PIAs) are official interop assemblies provided by publishers. When you add a reference to a library that has a PIA installed, Visual Studio automatically loads the PIA. Microsoft provides PIAs for Office applications, such as Microsoft.Office.Interop.Excel.dll for Excel. Other applications also provide PIAs. See: http://msdn.microsoft.com/en-us/library/aax7sdch(v=vs.110).aspx

  • What mechanism does NUnit use for unit testing?

.NET reflection, with test methods marked by attributes.

  • What is the difference between catch(Exception e){throw e;} and catch(Exception e){throw;}?

throw e; // The CLR considers this the origin point of the exception

throw; // The CLR does not reset the origin point of the exception

  • What is the difference between typeof(foo) and myFoo.GetType()?

typeof() is an operator while GetType() is a method.

GetType() is a method of the base System.Object class, so it can only be called after an instance is created.

typeof() can only take type names (like int, string, String, custom types) as parameters, not instances.

  • Explain the order of constructor calls in this example:
public class MyClass {
    public MyClass(string a) : this() { };
    public MyClass() { };
}

Is this constructor useful?

It first calls the parameterless constructor (this()), then calls the parameterized constructor. Since the parameter 'a' is not used, this constructor is not useful.

  • What is "this"? Can "this" be called in a static method?

"this" refers to the current instance and cannot be called in static methods.

ASP.NET (UI) Developer (Reference Answers)

  • Describe how to simulate Button1_OnClick using form-based POST submission.
<form method="post" action="test.aspx">
    <input name="Button1" type="submit" />
</form>

protected void Page_Load(object sender, EventArgs e)
{
    if (Request["Button1"] != null)
    {
        // Button1_OnClick Function Code
    }
}

  • What is a PostBack?

PostBack is the process where page data is sent from the client to the server via HTTP POST.

  • What is ViewState? How is it encoded? Is it encrypted? Who actually uses ViewState?

ViewState is a technique that preserves the state of server controls between PostBacks. This state information is stored in a hidden field on the page. It is Base64 encoded by default and not encrypted by default. All server controls on the page that have ViewState enabled use it.

  • What does the element do? What is its purpose in ASP.NET?

The element is added to web.config within the section. It ensures that data encrypted for cookies and ViewState cannot be tampered with.

  • Name three ASP.NET Session State providers and their respective advantages and disadvantages.

InProc: Advantages - Fast performance as session state is stored in memory. Disadvantages - Not suitable for large applications or web farms.

ASP.NET State Service: Advantages - Better performance than SQL Server, can be used in web farms. Disadvantages - Slower than InProc, requires a separate service process.

SQL Server Session State: Advantages - Most reliable, works in web farms, can handle large amounts of data. Disadvantages - Slowest performance due to database overhead.

  • Does ASP.NET reuse threads between multiple requests? Does each HttpRequest have its own thread? Should you use ASP.NET's Thread Local storage?

When using thread pool threads for asynchronous requests, threads can be reused between multiple requests. Each HttpRequest can have its own thread. When threads are reused, Thread Local storage should be used.

  • Can you provide an example of how to use an HttpHandler to check the format of an image uploaded by a client?

You can check the ContentType property of the uploaded file. A more secure approach would be to parse the file content using an HttpHandler.

  • What type of events does an HttpModule subscribe to? What impact does this have on implementation? How can this be done without recompiling the ASP.NET application?

HttpModules subscribe to events in the HTTP pipeline. This allows implementing cross-cutting concerns like authentication, logging, and caching. Without recompiling, you can add HttpModules by modifying the web.config file.

  • Briefly describe the process of routing an arbitrary client request to ASP.NET.

The user enters a URL, which is sent to a DNS server. The DNS server resolves the URL to an IP address. If IIS finds a site matching the requested host header, the request is successfully routed to that site.

  • Briefly explain how cookies work and provide an example of cookie misuse.

Cookies allow the server to instruct the client to store necessary information, which the client sends back with subsequent requests. An example of misuse would be storing sensitive information like passwords in cookies.

  • Explain the importance of HttpRequest.ValidateInput().

It validates all user input to ensure server security and robustness, preventing attacks like SQL injection and cross-site scripting.

  • What data is passed through HTTP Headers?

HTTP Headers include general headers, request headers, response headers, and entity headers.

  • Name the differences between GET and POST in HTTP Headers.

GET requests send data as part of the URL, while POST requests send data in the request body. GET requests are limited in size and should not be used for sensitive data, while POST requests can handle larger amounts of data and are more secure for sensitive information.

  • Name at least six HTTP status codes and their meanings.

200 OK - Request successful 301 Moved Permanently - Resource has been permanently moved 302 Found - Resource has been temporarily moved 304 Not Modified - Resource has not been modified since last request 404 Not Found - Requested resource does not exist 500 Internal Server Error - Server encountered an unexpected condition 504 Gateway Timeout - Server did not receive a timely response from an upstream server

  • How does the If-Modified-Since header work? How would you implement it?

The If-Modified-Since header contains the date when the client last retrieved the resource. The server checks if the resource has been modified since that date. If not, the server returns a 304 Not Modified response, and the client uses its cached version. This can be implemented in ASP.NET by checking the Request.Headers["If-Modified-Since"] and comparing it with the last modified date of the resource.

  • How does VaryByCustom work?

VaryByCustom allows you to define custom output cache requirements. In addition to declaring this attribute in the OutputCache directive, you must override the GetVaryByCustomString method in your application's global.asax file to specify the output caching behavior for the custom string.

Example:

<%@ OutputCache VaryByParam="none" VaryByCustom="CategoryPageKey" Location="server" Duration="43200" %>

Here, VaryByCustom defines "CategoryPageKey", so in global.asax we must define the caching behavior for this string:

public override string GetVaryByCustomString(HttpContext context, String arg)
{
    // Implementation here
}

Developer Using XML (Reference Answers)

  • What is the purpose of XML Namespaces?

XML Namespaces provide a way to avoid naming conflicts between elements with the same name but different meanings.

  • What are suitable use cases for DOM? Are there size limitations?

DOM (Document Object Model) is an interface that is independent of browser, platform, and language, allowing access to other standard components. It solves conflicts between Netscape's JavaScript and Microsoft's JScript. DOM provides a standard way for web designers and developers to access data, scripts, and presentation objects on their pages.

DOM has no inherent size limitations.

  • What is WS-I Basic Profile, and why is it important?

WS-I Basic Profile is a set of non-proprietary web service specifications along with guidelines and clarifications to promote interoperability.

It provides implementation guidance for making different web services work together better.

  • Write a small XML document using both default namespaces and qualified (prefixed) namespaces, including elements from both namespaces.
<?xml version="1.0" encoding="UTF-8"?>
<note xmlns="http://example.com/default">
    <to>a</to>
    <from xmlns="http://example.com/alternate">b</from>
</note>

  • What is the fundamental difference between elements and attributes?

Data should generally be stored in elements, while metadata about the data should be stored in attributes.

Attributes do not preserve the original structure well.

Elements allow for metadata about metadata (deeper levels of information).

People have different understandings of what constitutes metadata vs. data.

Elements are more extensible for future changes.

For simple information that doesn't change its form with the document, attributes are more appropriate, especially for style and linking information.

  • What is the difference between well-formed XML and valid XML?

Well-formed XML follows the basic syntax rules of XML:

  • Start and end tags must match
  • End tags are required
  • Case sensitivity matters: XML is case-sensitive, so and are different
  • Elements must be properly nested

Valid XML is well-formed and also conforms to a specified Document Type Definition (DTD) or XML Schema Definition (XSD).

  • How would you validate XML using .NET?
XmlReaderSettings settings = new XmlReaderSettings();
settings.ValidationEventHandler += new ValidationEventHandler(this.ValidationEventCallback);
settings.ValidationType = ValidationType.Schema;
settings.Schemas.Add(schemaSet);

  • Why is this code generally problematic? When might it be appropriate? myXmlDocument.SelectNodes("//mynode");

This recursively searches the entire document tree, wich can be inefficient. It would be appropriate only if you genuinely need to retrieve all nodes named "mynode" regardless of their location in the document.

  • What are the similarities and differences between pull-style parsers (XmlReader) and eventing-readers (SAX)?

XmlReader is a forward-only, read-only cursor that provides fast, non-cached stream access to XML. It allows you to extract data and skip records that aren't relevant to your application.

The main difference is that SAX is a "push" model where the parser pushes events to the application as it reads each new node, while with XmlReader, the application can control when nodes are read from the reader.

  • What are the differences between XPathDocument and XmlDocument? Explain when one should be used over the other.

XPathDocument provides a fast, read-only in-memory representation of an XML document optimized for XPath queries.

XmlDocument is a read/write DOM implementation that allows modification of the XML document.

Use XPathDocument when you need fast read-only access and XPath queries, and XmlDocument when you need to modify the document structure.

  • What is the difference between an "XML fragment" and an "XML document"?

An XML fragment typically isn't a fully compliant XML document and may lack a single root element, for example: "". An XML document typically has a single root element and content composed of markup, for example: "".

  • What does "normalized form" mean for XML?

Normalized form is a subset of XML specifications. Any XML document can be converted to normalized form, which removes certain types of insignificant differences while preserving the document's essential meaning.

  • How does the XML InfoSet specification differ from XML DOM? What problem does InfoSet aim to solve?

XML InfoSet is a W3C specification that describes an abstract data model for XML documents. XML DOM is one concrete implementation of the InfoSet.

InfoSet aims to provide a consistent way to describe the information in an XML document regardless of how it is represented in text or parsed.

  • Compare DTD and XSD. What are their similarities and differences? Which is better and why?

DTD (Document Type Definition) defines the structure of an XML document using a list of valid elements and attributes.

XSD (XML Schema Definition) also describes XML document structure but provides more features than DTD.

Similarities:

  • Both define valid XML structures
  • Both can be used to validate XML documents

Differences:

  • XSD is written in XML syntax while DTD has its own syntax
  • XSD supports data types while DTD does not
  • XSD allows element and attribute naming conventions while DTD does not
  • XSD provides better support for namespaces
  • XSD is extensible while DTD is not

XSD is generally considered better because it's more powerful, flexible, and integrates better with XML technologies. It's also more expressive and provides better support for data validation.

  • Does System.Xml support DTDs? How?

Yes. Set XmlReaderSettings.DtdProcessing to DtdProcessing.Parse and XmlReaderSettings.ValidationType to ValidationType.DTD.

  • Can XML Schema be represented as an object graph? Can an object graph be represented as XML Schema?

XML Schema can be represented as an object graph through serialization mechanisms. Conversely, object graphs can be represented as XML Schema through mapping technologies that define how objects are transformed to and from XML.

Tags: .NET C# ASP.NET XML WinForms

Posted on Sat, 04 Jul 2026 17:42:32 +0000 by jasonmills58