9.What is Code Access Security (CAS)?CAS is the part of the .NET security model that determines whether or not a piece ofcode is allowed to run, and what resources it can use when it is running. For example, itis CAS that will prevent a .NET web applet from formatting your hard disk.How does CAS work?

The CAS security policy revolves around two key concepts - code groups andpermissions. Each .NET assembly is a member of a particular code group, and each codegroup is granted the permissions specified in a named permission set. For example, usingthe default security policy, a control downloaded from a web site belongs to the 'Zone -Internet' code group, which adheres to the permissions defined by the 'Internet' namedpermission set. (Naturally the 'Internet' named permission set represents a very restrictiverange of permissions.)

Who defines the CAS code groups?Microsoft defines some default ones, but you can modify these and even create your own.To see the code groups defined on your system, run 'caspol -lg' from the command-line.

10.Which namespace is the base class for .net Class library?

Ans: system.object

11.What are object pooling and connection pooling and difference?

Where do we setthe Min and Max Pool size for connection pooling?Object pooling is a COM+ service that enables you to reduce the overhead of creatingeach object from scratch. When an object is activated, it is pulled from the pool. Whenthe object is deactivated, it is placed back into the pool to await the next request. You canconfigure object pooling by applying the ObjectPoolingAttribute attribute to a class thatderives from the System.EnterpriseServices.ServicedComponent class. Object poolinglets you control the number of connections you use, as opposed to connection pooling,where you control the maximum number reached.Following are important differencesbetween object pooling and connection pooling:Creation. When using connection pooling, creation is on the same thread, so if there isnothing in the pool, a connection is created on your behalf. With object pooling, the poolmight decide to create a new object. However, if you have already reached yourmaximum, it instead gives you the next available object. This is crucial behavior when ittakes a long time to create an object, but you do not use it for very long.Enforcement of minimums and maximums. This is not done in connection pooling. Themaximum value in object pooling is very important when trying to scale your application.You might need to multiplex thousands of requests to just a few objects. (TPC/Cbenchmarks rely on this.)COM+ object pooling is identical to what is used in .NET Framework managed SQLClient connection pooling. For example, creation is on a different thread and minimumsand maximums are enforced.

12.What is Application Domain?

The primary purpose of the AppDomain is to isolate an application from otherapplications. Win32 processes provide isolation by having distinct memory addressspaces. This is effective, but it is expensive and doesn't scale well. The .NET runtimeenforces AppDomain isolation by keeping control over the use of memory - all memoryin the AppDomain is managed by the .NET runtime, so the runtime can ensure thatAppDomains do not access each other's memory.Objects in different application domainscommunicate either by transporting copies of objects across application domainboundaries, or by using a proxy to exchange messages.MarshalByRefObject is the baseclass for objects that communicate across application domain boundaries by exchangingmessages using a proxy. Objects that do not inherit from MarshalByRefObject areimplicitly marshal by value. When a remote application references a marshal by valueobject, a copy of the object is passed across application domain boundaries.

How does an AppDomain get created?

AppDomains are usually created by hosts. Examples of hostsare the Windows Shell, ASP.NET and IE. When you run a .NET application from thecommand-line, the host is the Shell. The Shell creates a new AppDomain for everyapplication.AppDomains can also be explicitly created by .NET applications. Here is aC# sample which creates an AppDomain, creates an instance of an object inside it, andthen executes one of the object's methods.

13.What is serialization in .NET?

What are the ways to control serialization?Serialization is the process of converting an object into a stream of bytes. Deserializationis the opposite process of creating an object from a stream of bytes.Serialization/Deserialization is mostly used to transport objects (e.g. during remoting), orto persist objects (e.g. to a file or database).Serialization can be defined as the process ofstoring the state of an object to a storage medium. During this process, the public andprivate fields of the object and the name of the class, including the assembly containingthe class, are converted to a stream of bytes, which is then written to a data stream. Whenthe object is subsequently deserialized, an exact clone of the original object is created.Binary serialization preserves type fidelity, which is useful for preserving the state of anobject between different invocations of an application. For example, you can share anobject between different applications by serializing it to the clipboard. You can serializean object to a stream, disk, memory, over the network, and so forth. Remoting usesserialization to pass objects "by value" from one computer or application domain toanother.XML serialization serializes only public properties and fields and does not preserve typefidelity. This is useful when you want to provide or consume data without restricting theapplication that uses the data. Because XML is an open standard, it is an attractive choicefor sharing data across the Web. SOAP is an open standard, which makes it an attractivechoice. There are two separate mechanisms provided by the .NET class library -XmlSerializer and SoapFormatter/BinaryFormatter. Microsoft uses XmlSerializer forWeb Services, and uses SoapFormatter/BinaryFormatter for remoting. Both are availablefor use in your own code.

14.Why do I get errors when I try to serialize a Hashtable?

XmlSerializer will refuse to serialize instances of any class that implements IDictionary,e.g. Hashtable. SoapFormatter and BinaryFormatter do not have this restriction.

15.What is exception handling?

When an exception occurs, the system searches for the nearest catch clause that canhandle the exception, as determined by the run-time type of the exception. First, thecurrent method is searched for a lexically enclosing try statement, and the associatedcatch clauses of the try statement are considered in order. If that fails, the method thatcalled the current method is searched for a lexically enclosing try statement that enclosesthe point of the call to the current method. This search continues until a catch clause isfound that can handle the current exception, by naming an exception class that is of thesame class, or a base class, of the run-time type of the exception being thrown. A catchclause that doesn't name an exception class can handle any exception.Once a matchingcatch clause is found, the system prepares to transfer control to the first statement of thecatch clause. Before execution of the catch clause begins, the system first executes, inorder, any finally clauses that were associated with try statements more nested that thanthe one that caught the exception. Exceptions that occur during destructor execution areworth special mention. If an exception occurs during destructor execution, and thatexception is not caught, then the execution of that destructor is terminated and thedestructor of the base class (if any) is called. If there is no base class (as in the case of theobject type) or if there is no base class destructor, then the exception is discarded.