We are providing online training of realtime Live project on Asp.Net MVC with Angular and Web API. For more information click here. If you have any query then drop the messase in CONTACT FORM

Tuesday, June 30, 2015

SSL and HTTPS related ASP.NET Interview Questions

How do you provide Secure Communication over the world wide web?

Security is not just a matter of identifying users and preventing unauthorized users from accessing your Web applications, but it’s just as important to ensure that sensitive data sent across the Internet can’t be read by others.

To provide secure communication across the Internet, IIS supports a standardized means of encrypting and decrypting web requests and responses. This cryptography requires that you request an encryption key called a server certificate from an independent third party called a certificate authority.

What is the Secure Sockets Layer (SSL)?
The Secure Sockets Layer (SSL) is the standard means of ensuring that data sent over the Internet can’t be read by others. When a user requests a secure Web page, the server generates an encryption key for the user’s session and then encrypts the page’s data before sending a response. On the client-side, the browser uses that same encryption key to decrypt the requested Web page and to encrypt new requests sent from that page.

Explain the process of secure communication using SSL?
Using SSL in your application requires special authorization from a recognized certificate authority. This authorization comes in the form of a server certificate, which you install in IIS to identify your server. The certificate authority licenses server certificates (for a fee) and acts as a clearinghouse to verify your server’s identity over the Internet.

When a user’s browser begins secure communications, it requests the server certificate and checks it against a list of trusted sites provided by the certificate authority. If the server certificate does not match one of the sites already authorized by the user, or if the server certificate does not match the Web address for which it was registered, or if there are any other problems with the server certificate, the browser displays a warning.

In this way, the certificate authority not only provides encryption for secure data transmission, but it also provides assurance to users that your Web site is authentic.
What is the largest certificate authority?
The largest certificate authority is VeriSign.

What are the steps to follow to use SSL in your Web application?
1. Generate a certificate request from IIS.
2. Request a certificate from a certificate authority.
3. Install the certificate on the server using IIS.
4. Install the certificate on browsers if you are using a test certificate.
5. Use the Secure Hypertext Transfer Protocol (HTTPS) when accessing secure pages in your application.

What should you do before you can request a server certificate from a certificate authority?
Before you can request a server certificate from a certificate authority, you must generate a certificate request from IIS. The certificate request contains encrypted information about your server that the certificate authority uses to identify your server over the Internet.

What are the steps to follow to generate a certificate request from the IIS?
1. Select the Default Web Site in the console tree of the IIS, and then choose Properties from the Action menu. IIS displays the Default Web Site Properties dialog box.
2. Click the Directory Security tab in the Properties dialog box, and then click Server Certificate. IIS starts the Web Server, Certificate Wizard.
3. Step through the wizard by reading each screen and clicking Next. The wizard instructions are straightforward.
4. When you click Finish in the end, the wizard creates an encrypted text file with the .cer file extension. That file is the certificate request that you send to the certificate authority.

Why do you have to select the Default Web Site when generating a Certificate Request from IIS?
IIS requires that a certificate be created at the server root before secure communications can be created or configured for subordinate sites on the server. That’s why you have to select Default Web Site (or the root Web site if you have renamed it). After you have installed a server certificate at the root, you can repeat the process for subordinate sites if you want separate certificates for those sites.

What is the file extension of a server certificate?
.cer

What are the steps to follow to install the certificate to enable SSL for your Web applications?
To install a server certificate in IIS:
1. Select the Default Web Site in the console tree of the IIS snap-in, and then choose Properties from the Action menu. IIS displays the Default Web Site Properties dialog box.
2. Click the Directory Security tab in the Properties dialog box, and then click Server Certificate. IIS starts the Web Server, Certificate Wizard.
3. Click Next, and select Process The Pending Request And Install The Certificate.
4. Click Next, and enter the name of the certificate file.
5. Click Next, and then click Finish to complete the installation.

What is the protocol on which secure pages are generally requested?
HTTPS, the protocol HTTPS is what initializes the secure communication. When you’ve begun secure communication, it continues until you specify a nonsecure site.

What are the steps to follow to make a web page secure in a web application?
To require secure communication for a Web page using IIS, follow these steps
1. Select the folder or file that requires secure communication, and then choose Properties from the Action menu. IIS displays the Properties dialog box.
2. Click the Directory Security tab, and then click Edit in the Secure Communications group. IIS displays the Secure Communications dialog box.
3. Select the Require Secure Channel (SSL) checkbox, and click OK.

Can user access secure web page over HTTP protocol instead of HTTPS?
No, When you require secure communication for a Web page, that page can’t be viewed using HTTP. The user must type in or click a link using HTTPS, otherwise, access will be denied.

No comments: