Restrict Who Can Extend Your Classes in .NET Framework

Language modifiers such as sealed, public, private, and virtual give you a level of control over the ability of classes to inherit from your class and override its members. However, these modifiers are inflexible, providing no selectivity in restricting what code can extend a class or override its members.

For example, you might want to allow only code written by your company or department to extend business-critical classes. By applying an InheritanceDemand attribute to your class or member declaration, you can specify runtime permissions that a class must have to extend your class or override particular members. Remember that the permissions of a class are the permissions of the assembly in which the class is declared.

Although you can demand any permission or permission set in your InheritanceDemand, it’s more common to demand identity permissions. Identity permissions represent evidence presented to the runtime by an assembly. If an assembly presents certain types of evidence at load time, the runtime will automatically assign the assembly the appropriate identity permission. Identity permissions allow you to use regular imperative and declarative security statements to base security decisions directly on code identity, without the need to evaluate evidence objects directly.

 Note The runtime assigns identity permissions to an assembly based on the evidence presented by the assembly. You cannot assign additional identity permissions to an assembly through the configuration of security policy.

You must use declarative security syntax to implement an InheritanceDemand, and so you must use the attribute counterpart of the permission class that you want to demand. All permission classes, including InheritanceDemand, have an attribute counterpart that you use to construct declarative security statements. For example, the attribute counterpart of PublisherIdentityPermission is PublisherIdentityPermissionAttribute, and the attribute counterpart of StrongNameIdentityPermission is StrongNameIdentityPermissionAttribute. All permissions and their attribute counterparts follow the same naming convention and are members of the same namespace. To control which code can extend your class, apply the InheritanceDemand to the class declaration.

To control which code can override specific members of a class, apply the InheritanceDemand to the member declaration.

The Example

The following example demonstrates the use of an InheritanceDemand attribute on both a class and a method. Applying a PublisherIdentityPermissionAttribute to the SomeProtectedClass class means that only classes in assemblies signed by the publisher certificate contained in the pubcert.cer file (or assemblies granted FullTrust) can extend the class. The contents of the pubcert.cer file are read at compile time, and the necessary certificate information is built into the assembly metadata. To demonstrate that other permissions can also be used with an InheritanceDemand, the PermissionSetAttribute is used to allow only classes granted the FullTrust permission set to override the method SomeProtectedMethod.

using System.Security.Permissions;

[PublisherIdentityPermission(SecurityAction.InheritanceDemand, CertFile = "pubcert.cer")]

public class SomeProtectedClass

{

[PermissionSet(SecurityAction.InheritanceDemand, Name="FullTrust")]

public void SomeProtectedMethod ()

{

// Method implementation . . .

}

}

Read Full Post »

.NET-to-COM Interoperability-The Basics

In this post I address how .Net and COM types can be expressed and manipulated across architectural boundaries. And also, you are exposed to the key .NET-to-COM interoperability issues you are likely to encounter on a day-to-day basis. For example, you investigate a number of ways to build interoperability assemblies (including “primary” interop assemblies), examine core IDL to .NET data type mappings, and understand how key COM data structures (interfaces, co-classes, enumerations) are expressed in terms of .NET. Along the way, you take a more detailed look at the types contained in the System.Runtime.InteropServices namespace. As you might expect, the materials presented here work as the backbone for more advanced topics found in the remainder of the text.

 

A High-Level Overview of .NET-to-COM Interoperability

 

As you know; languages targeting the .NET runtime satisfy each pillar of object-oriented technology. For example, when you build an assembly using a given managed language, you are able to create classes that support any number of constructors, overloaded methods, and overridden members, and implement any optional interfaces. As well, the .NET platform makes use of a runtime garbage collector, which is responsible for freeing an object from the managed heap when it is no longer rooted in a given application.

 

In stark contrast, as you know COM types do not adhere to each and every pillar of OOP in the classic sense of the topic. For example, COM types are not created using class constructors, but rather using the IClassFactory interface. In addition, COM classes are not allowed to define over-loaded methods and cannot function as a base class to other COM types (as COM has no support for classical inheritance). As far as lifetime management of a co-class is concerned, COM does not make use of a garbage-collected heap, but employs a strict reference counting scheme provided courtesy of IUnknown.

 

Given the fact that COM and .NET types have so little in common, you may have deeprooted fears regarding interoperability issues. Ideally, a .NET client should be able to use a COM type with no concern for the mechanics of COM. For example, a managed client should be able to create the COM type using constructor semantics, derive new types from the COM wrapper class (given that .NET supports classic inheritance), and should not be required to obtain or release interface references (given that .NET does not demand the use of interface references). In a nutshell, as far as a .NET client is concerned, manipulating a COM type should look identical to the act of manipulating a native .NET type. For example:

 

// COM classes should appear as .NET types.

MyComClass c = new MyComClass();

c.SomeMethod(“Hello”, 12);

 

Obviously, this cannot be achieved unless you have an intermediary that stands between the .NET client and the existing COM type. In short, what we need is a proxy that is in charge of transparently handling .NET-to-COM communications. To be sure, whenever a .NET application makes use of a legacy COM type, a proxy is created by the .NET runtime. Formally, this proxy is termed a Runtime Callable Wrapper (RCW).

 

In a similar vein, a COM client should be able to make use of a .NET type without concern for the mechanics of .NET. For example, COM clients should be able to activate a .NET class using CoCreateInstance(); directly call the members of IUnknown, IDispatch, and IClassFactory; and should assume the type is maintaining an internal reference count. When unmanaged code communicates with managed .NET types, a different sort of proxy called a COM Callable Wrapper (CCW) is used to translate COM requests into terms of .NET. For the time being, let’s concentrate on the role of the RCW.

 

Understanding the Role of the RCW

 

The RCW is a .NET object that is in charge of marshaling calls between a managed unit of code and a given COM type. While a managed client is making calls to a given COM type, the RCW intercepts each invocation, translates each incoming argument into terms of IDL data types, and invokes the co-class method. Likewise, if the co-class returns any information to the caller (via [out] or [out, retval] IDL parameters) the RCW is responsible for translating the IDL type(s) into the appropriate .NET type(s). As you would hope, there is a fixed set of translation rules used to map between IDL and .NET atoms.

 

In addition to marshaling data types to and fro, the RCW also attempts to fool the .NET client into believing that it is communicating directly with a native .NET type. To do so, the RCW hides a number of low-level COM interfaces from view (IClassFactory, IUnknown, IDispatch, and so forth). Thus, rather than forcing the .NET client to make manual calls to CoCreateInstance(), the client is free to use the activation keyword of its code base (e.g., new, New, and so on). And rather than forcing the managed client to manually call QueryInterface(), AddRef(), or Release(), the client is able to perform simple casting operations to obtain a particular interface and is never required to release interface references.

 

It is important to understand that a single RCW exists for each co-class the client interacts with, regardless of how many interfaces have been obtained from the type. In this way, an RCW is able to correctly manage the identity and reference count of the COM class. For example, assume a C# Windows Forms application has created three co-classes residing in various COM servers. If this is the case, the runtime creates three RCW proxy types to facilitate the communication

 

A given RCW maintains a cache of interface pointers on the COM object it wraps and releases these references when the RCW is no longer used by the caller (and therefore garbage collected). In this way, the managed client is able to simply “new” the COM wrapper and is blissfully unaware of COM interface-based reference counting. Also, given that the RCW will not release the referenced interfaces until it is garbage collected, you can rest assured that a given co-class is alive as long as the .NET client is making use of the related RCW.

 

Understand, of course, that the RCW is responsible for more than simply mapping .NET types into COM atoms. The RCW is also responsible for mapping COM error objects (that is, IErrorInfo, ICreateErrorInfo) into managed exceptions. In this way, if a co-class throws a COM error, the .NET client is able to handle the problem using standard try, catch, and finally keywords. The RCW is also responsible for mapping COM event handling primitives (that is, IConnectionPointContainer, IConnectionPoint) into terms of managed delegates.

 

One question that may pop up at this point is “Where does an RCW come from in the first place?” As you will see, RCWs are .NET class types that are dynamically created by the runtime. The exact look and feel of an RCW will be based on the information contained within a related interop assembly. These assemblies contain metadata that is used specifically to bridge the gap between managed and unmanaged code. The good news is that you are not required to manually create interop assemblies by hand (though you could). Rather, you more typically make use of the tlbimp.exe tool that ships with the .NET SDK or the Visual Studio .NET IDE.

 

Read Full Post »

C# Interview Questions And Answers

                             

General
Q1:Does C# support multiple-inheritance?
Ans:No.

Q2:Whom is a protected class-level variable available to?
Ans:It is available to any sub-class (a class inheriting this class).

Q3:Are private class-level variables inherited?
Ans:Yes, but they are not accessible.  Although they are not visible or accessible via the class interface, they are inherited. 

Q4:Describe the accessibility modifier “protected internal”.
Ans:It is available to classes that are within the same assembly and derived from the specified base class. 
Q5:What’s the top .NET class that everything is derived from?
Ans:System.Object. 
 
Q6:What does the term immutable mean?
Ans:The data value may not be changed.  Note: The variable value may be changed, but the original immutable data value was discarded and a new data value was created in memory. 
 
Q7:What’s the difference between System.String and System.Text.StringBuilder classes?
Ans:System.String is immutable.  System.StringBuilder was designed with the purpose of having a mutable string where a variety of operations can be performed. 
 
Q8:What’s the advantage of using System.Text.StringBuilder over System.String?
Ans:StringBuilder is more efficient in cases where there is a large amount of string manipulation.  Strings are immutable, so each time a string is changed, a new instance in memory is created.

Q9:Can you store multiple data types in System.Array?
Ans:No. 
 
Q10:What’s the difference between the System.Array.CopyTo() and System.Array.Clone()?
Ans:The Clone() method returns a new array (a shallow copy) object containing all the elements in the original array.  The CopyTo() method copies the elements into another existing array.  Both perform a shallow copy.  A shallow copy means the contents (each array element) contains references to the same object as the elements in the original array.  A deep copy (which neither of these methods performs) would create a new instance of each element’s object, resulting in a different, yet identacle object.
 
Q11:How can you sort the elements of the array in descending order?
Ans:By calling Sort() and then Reverse() methods. 
 
Q12:What’s the .NET collection class that allows an element to be accessed using a unique key?
Ans:HashTable. 
 
Q13:What class is underneath the SortedList class?
Ans:A sorted HashTable. 

Q14:Will the finally block get executed if an exception has not occurred?­
Ans:Yes.
 
Q15:What’s the C# syntax to catch any possible exception?
Ans:A catch block that catches the exception of type System.Exception.  You can also omit the parameter data type in this case and just write catch {}. 

Q16:Can multiple catch blocks be executed for a single try statement?
No.  Once the proper catch block processed, control is transferred to the finally block (if there are any). 
 

Q17:Explain the three services model commonly know as a three-tier application.
Ans:Presentation (UI), Business (logic and underlying code) and Data (from storage or other sources). 
 

Class

Q18:What is the syntax to inherit from a class in C#?
Ans:Place a colon and then the name of the base class.
Example: class MyNewClass : MyBaseClass 
Q19:Can you prevent your class from being inherited by another class?
Ans:Yes.  The keyword “sealed” will prevent the class from being inherited. 

Q20:Can you allow a class to be inherited, but prevent the method from being over-ridden?
Ans:Yes.  Just leave the class public and make the method sealed. 

Q21:What’s an abstract class?
Ans:A class that cannot be instantiated.  An abstract class is a class that must be inherited and have the methods overridden.  An abstract class is essentially a blueprint for a class without any implementation. 

Q22:When do you absolutely have to declare a class as abstract?
Ans:1. When the class itself is inherited from an abstract class, but not all base abstract methods have been overridden.
2.  When at least one of the methods in the class is abstract. 

Q23:What is an interface class?
Ans:Interfaces, like classes, define a set of properties, methods, and events. But unlike classes, interfaces do not provide implementation. They are implemented by classes, and defined as separate entities from classes.

Q24:Why can’t you specify the accessibility modifier for methods inside the interface?
Ans:They all must be public, and are therefore public by default. 

Q25:Can you inherit multiple interfaces?
Ans:Yes.  .NET does support multiple interfaces. 

Q26:What happens if you inherit multiple interfaces and they have conflicting method names?
Ans:It’s up to you to implement the method inside your own class, so implementation is left entirely up to you. This might cause a problem on a higher-level scale if similarly named methods from different interfaces expect different data, but as far as compiler cares you’re okay.
To Do: Investigate

Q27:What’s the difference between an interface and abstract class?
Ans:In an interface class, all methods are abstract – there is no implementation.  In an abstract class some methods can be concrete.  In an interface class, no accessibility modifiers are allowed.  An abstract class may have accessibility modifiers. 

Q28:What is the difference between a Struct and a Class?
Ans:Structs are value-type variables and are thus saved on the stack, additional overhead but faster retrieval.  Another difference is that structs cannot inherit. 
 

Method and Property

Q29:What’s the implicit name of the parameter that gets passed into the set method/property of a class?
Ans:Value.  The data type of the value parameter is defined by whatever data type the property is declared as.

Q30:What does the keyword “virtual” declare for a method or property?
Ans:The method or property can be overridden. 

Q31:How is method overriding different from method overloading?
Ans:When overriding a method, you change the behavior of the method for the derived class.  Overloading a method simply involves having another method with the same name within the class. 

Q32:Can you declare an override method to be static if the original method is not static?
Ans:No.  The signature of the virtual method must remain the same.  (Note: Only the keyword virtual is changed to keyword override).

Q33:What are the different ways a method can be overloaded?
Ans:Different parameter data types, different number of parameters, different order of parameters. 
Q34:If a base class has a number of overloaded constructors, and an inheriting class has a number of overloaded constructors; can you enforce a call from an inherited constructor to a specific base constructor?
Ans:Yes, just place a colon, and then keyword base (parameter list to invoke the appropriate constructor) in the overloaded constructor definition inside the inherited class.
 

Events and Delegates

Q35:What’s a delegate?
Ans:A delegate object encapsulates a reference to a method. 
Q36:What’s a multicast delegate?
Ans:A delegate that has multiple handlers assigned to it.  Each assigned handler (method) is called.
 

XML Documentation

Q37:Is XML case-sensitive?
Ans:Yes. 

Q38:What’s the difference between // comments, /* */ comments and /// comments?
Ans:Single-line comments, multi-line comments, and XML documentation comments. 

Q39:How do you generate documentation from the C# file commented properly with a command-line compiler?
Ans:Compile it with the /doc switch.
 

Debugging and Testing

Q40:What debugging tools come with the .NET SDK?
Ans:1.   CorDBG – command-line debugger.  To use CorDbg, you must compile the original C# file using the /debug switch.
2.   DbgCLR – graphic debugger.  Visual Studio .NET uses the DbgCLR. 

Q41:What does assert() method do?
Ans:In debug compilation, assert takes in a Boolean condition as a parameter, and shows the error dialog if the condition is false.  The program proceeds without any interruption if the condition is true. 

Q42:What’s the difference between the Debug class and Trace class?
Ans:Documentation looks the same.  Use Debug class for debug builds, use Trace class for both debug and release builds. 

Q43:Why are there five tracing levels in System.Diagnostics.TraceSwitcher?
Ans:The tracing dumps can be quite verbose.  For applications that are constantly running you run the risk of overloading the machine and the hard drive.  Five levels range from None to Verbose, allowing you to fine-tune the tracing activities. 

Q44:Where is the output of TextWriterTraceListener redirected?
Ans:To the Console or a text file depending on the parameter passed to the constructor. 

Q45:How do you debug an ASP.NET Web application?
Ans:Attach the aspnet_wp.exe process to the DbgClr debugger. 

Q46:What are three test cases you should go through in unit testing?
Ans:1.       Positive test cases (correct data, correct output).
2.       Negative test cases (broken or missing data, proper handling).
3.       Exception test cases (exceptions are thrown and caught properly).

Q47:Can you change the value of a variable while debugging a C# application?
Ans:Yes.  If you are debugging via Visual Studio.NET, just go to Immediate window. 
 

ADO.NET and Database 

Q48:What is the role of the DataReader class in ADO.NET connections?
Ans:It returns a read-only, forward-only rowset from the data source.  A DataReader provides fast access when a forward-only sequential read is needed.

Q49:What are advantages and disadvantages of Microsoft-provided data provider classes in ADO.NET?
Ans:SQLServer.NET data provider is high-speed and robust, but requires SQL Server license purchased from Microsoft. OLE-DB.NET is universal for accessing other sources, like Oracle, DB2, Microsoft Access and Informix.  OLE-DB.NET is a .NET layer on top of the OLE layer, so it’s not as fastest and efficient as SqlServer.NET. 

Q50:What is the wildcard character in SQL?
Ans:Let’s say you want to query database with LIKE for all employees whose name starts with La. The wildcard character is %, the proper query with LIKE would involve ‘La%’. 

Q51:Explain ACID rule of thumb for transactions.
Ans:A transaction must be:
1.       Atomic – it is one unit of work and does not dependent on previous and following transactions.
2.       Consistent – data is either committed or roll back, no “in-between” case where something has been updated and something hasn’t.
3.       Isolated – no transaction sees the intermediate results of the current transaction).
4.       Durable – the values persist if the data had been committed even if the system crashes right after. 

Q52:What connections does Microsoft SQL Server support?
Ans:Windows Authentication (via Active Directory) and SQL Server authentication (via Microsoft SQL Server username and password). 

Q53:Between Windows Authentication and SQL Server Authentication, which one is trusted and which one is untrusted?
Ans:Windows Authentication is trusted because the username and password are checked with the Active Directory, the SQL Server authentication is untrusted, since SQL Server is the only verifier participating in the transaction.

Q54:What does the Initial Catalog parameter define in the connection string?
Ans:The database name to connect to. 

Q55:What does the Dispose method do with the connection object?
Ans:Deletes it from the memory.
To Do: answer better.  The current answer is not entirely correct. 

Q56:What is a pre-requisite for connection pooling?
Ans:Multiple processes must agree that they will share the same connection, where every parameter is the same, including the security settings.  The connection string must be identical.
 

.NET Assembly

Q57:How is the DLL Hell problem solved in .NET?
Ans:Assembly versioning allows the application to specify not only the library it needs to run (which was available under Win32), but also the version of the assembly. 

Q58:What are the ways to deploy an assembly?
Ans:An MSI installer, a CAB archive, and XCOPY command. 

Q59:What is a satellite assembly?
Ans:When you write a multilingual or multi-cultural application in .NET, and want to distribute the core application separately from the localized modules, the localized assemblies that modify the core application are called satellite assemblies. 

Q60:What namespaces are necessary to create a localized application?
Ans:System.Globalization and System.Resources.

Q61:What is the smallest unit of execution in .NET?
Ans:an Assembly.

Q62:When should you call the garbage collector in .NET?
Ans:As a good rule, you should not call the garbage collector.  However, you could call the garbage collector when you are done using a large object (or set of objects) to force the garbage collector to dispose of those very large objects from memory.  However, this is usually not a good practice.

Q63:How do you convert a value-type to a reference-type?
Ans:Use Boxing.

Q64:What happens in memory when you Box and Unbox a value-type?
Ans:Boxing converts a value-type to a reference-type, thus storing the object on the heap.  Unboxing converts a reference-type to a value-type, thus storing the value on the stack.

Read Full Post »

Sending eMail with dotNET

Step 1: Create a Message object First, insert the appropriate “using” statement:

using System.Web.Mail;

Next, create a new Message object like so:

MailMessage msg = new MailMessage();
Step 2: Populate the message properties Now, set the message properties:

msg.To = sTo;
msg.From = sFrom;
msg.Subject = sSubjecct;
msg.Body = sBody;

 

Step 3: Set the SMTP server and send the message You’ll send the message through System.Web.Mail.SmtpMail, which is a static class. First choose the SMTP server you’d like to send the message:

System.Web.Mail.SmtpMail.SmtpServer = mySmtpServer;

Next, just send the message:

System.Web.Mail.SmtpMail(msg);

Voila! Your message is sent — easy as 1-2-3!

 
More Esoteric Stuff

Adding an Attachment
To attach a file to your message, first create an Attachment object:

Attachment myAttach = new MailAttachment(sFilePath);

Next, attach it to the message:

msg.Attachments.Add(myAttach);

Cool!
Setting It ‘High Priority’
Just set the Priority property:

msg.Priority = System.Web.Mail.MailPriority.High;
Sending HTML
Let’s say you wanted to send an arbitrary web page to a friend. You don’t want the page to be an attachment, you want it to appear in the body of the email. Also, you don’t want to embed the images in the email, you just want to link to them to keep the message size small.

Let’s assume you wrote a function already that sucked up the HTML from www.pokemon.com (A DevHood Approved Site(TM)). To send it, first set the Body property to the HTML:

msg.Body = sPokemonHtml;

Next, set the UrlContentBase so that relative URL’s still work:

msg.UrlContentBase = sPokemonUrl;

Finally, set the BodyFormat property to HTML:

msg.BodyFormat = System.Web.Mail.MailFormat.Html;

Now just proceed as before. So easy!

Read Full Post »

Delay Signing an Assembly

 

An organization can have a closely guarded key pair that developers do not have access to on a daily basis. The public key is often available, but access to the private key is restricted to only a few individuals. When developing assemblies with strong names, each assembly that references the strong-named target assembly contains the token of the public key used to give the target assembly a strong name. This requires that the public key be available during the development process.

A delayed or partial signing can be used at build time to reserve space in the portable executable (PE) file for the strong name signature, but defer the actual signing until some later stage (typically just before shipping the assembly).

The following steps outline the process to delay sign an assembly:

1. Obtain the public key portion of the key pair from the organization that will do the eventual signing. Typically this key is in the form of an .snk file, which can be created using the Strong Name tool (Sn.exe) provided by the .NET Framework SDK.

2. Annotate the source code for the assembly with two custom attributes from System.Reflection:

i. AssemblyKeyFileAttribute, which passes the name of the file containing the public key as a parameter to its constructor.

ii. AssemblyDelaySignAttribute, which indicates that delay signing is being used by passing true as a parameter to its constructor.

 

3. The compiler inserts the public key into the assembly manifest and reserves space in the PE file for the full strong name signature. The real public key must be stored while the assembly is built so that other assemblies that reference this assembly can obtain the key to store in their own assembly reference.

4. Because the assembly does not have a valid strong name signature, the verification of that signature must be turned off. This can be done by using the –Vr option with the Strong Name tool.

The following example turns off verification for an assembly called myAssembly.dll.
sn –Vr myAssembly.dll

CAUTION Use the -Vr option only during development. Adding an assembly to the skip verification list creates a security vulnerability. A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.

5. Later, usually just before shipping, you submit the assembly to your organization’s signing authority for the actual strong name signing using the –R option with the Strong Name tool.

The following example signs an assembly called myAssembly.dll with a strong name using the sgKey.snk key pair.

sn -R myAssembly.dll sgKey.snk

Read Full Post »