Interview Q&A Set – 2


1) Can we use this inside static method?

Ans : No

The keyword ‘this’ returns a reference to the current instance of the class containing it. Static methods (or any static member) do not belong to a particular instance. They exist without creating an instance of the class.

2) Can we create property get/set with diff modifier? How can we achieve this if such sitaution arise? How to create readonly property?

Ans:

Yes, this is possible. It is called Asymmetric Accessor Accessibility. The code would look something like this:

public int Age
{
get
{
return _age;
}
protected set
{
_age = value;
}
}

However, there are a couple of important caveats to keep in mind:

Only one accessor can be modified.
Any restrictions placed on an individual accessor must be more restrictive than the accessibility level of the property itself, not less.
You cannot use accessor modifiers on an interface or an explicit implementation of an interface member.

more info : http://msdn.microsoft.com/en-us/library/75e8y5dd.aspx

3) Base class has virtual method with internal. can we overide that method in derived class with public access modifier?
   Same vise versa is posssible? Does it gives any warning/error?

Ans: No , Not Possible

4) Is there an attribute to turn off serialisation for fields in a custom object ?

Ans: IgnoreDataMemberAttribute is used to turn off serialisation for field.

5) How to return object in JSON format in WCF service method?

Ans: using the DataContractJsonSerializer class to serialise bjects to JSON.

6) How to restrict announoumous access to WCF service methods?

Ans:

Disabling anonymous access requires coordinating the settings in IIS and in your service configuration. To switch off anonymous access with HTTP, you need to set the security mode to TransportCredentialOnly.


<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>

To switch off anonymous access with HTTPS, you need to set the security mode to Transport.

<wsHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>

7) How i can restrict specific users to access few web methods in webservice?

Ans :

This can be done in a couple of ways: certificates, username/password, windows credentials, … Authorization will decide what an (authenticated) user is allowed to execute. Implementing restricted access to a WCF service can be done in a couple of ways. A first option is to mark methods with the declarative PrincipalPermissionAttribute to restrict access to certain roles or users. An other option is to imperatively check the credentials of the current user.

Both of these methods have the drawback that they result in a lot of duplication when you have multiple service methods. Because duplication is the root of all evil, the creators of WCF have foreseen an extension point in WCF to implement authorization in a generic way: the ServiceAuthorizationManager.

Implementing a ServiceAuthorizationManager is straightforward; you need to extend the class “ServiceAuthorizationManager” and you need to override the method “CheckAccessCore”. In this small example, I will restrict access to my service to users of the windows group “Administrators”.

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
try
{
ServiceSecurityContext securityContext = operationContext.ServiceSecurityContext;
WindowsIdentity callingIdentity = securityContext.WindowsIdentity;

WindowsPrincipal principal = new WindowsPrincipal(callingIdentity);
return principal.IsInRole("Administrators");
}
catch (Exception)
{
return false;
}
}
}

Now that our custom ServiceAuthorizationManager has been implemented, we need to hook it into the WCF pipeline. The most easy way to do is, by using the web.config or app.config file.

<system.serviceModel>
<!-- Define service and endpoints -->
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceAuthorization serviceAuthorizationManagerType="MyNamespace.MyServiceAuthorizationManager, MyAssembly" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>

Conclusion

When you test your service, you will notice that every method is secured by our custom ServiceAuthorizationManager implementation. I hope that you agree with me, that the ServiceAuthorizationManager is a clean way to implement authorization at the service level.

Hope this will Help !!!

Jay Ganesh

Advertisements

One thought on “Interview Q&A Set – 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s