1. What are the various security methods which IIS Provides apart from .NET ?

The various security methods which IIS provides are

a) Authentication Modes
b) IP Address and Domain Name Restriction
c) DNS Lookups DNS Lookups
d) The Network ID and Subnet Mask
e) SSL

2. What is Web Gardening? How would using it affect a design? 

The Web Garden Model: The Web garden model is configurable through the section of the machine.config file. Notice that the section is the only configuration section that cannot be placed in an application-specific web.config file. This means that the Web garden mode applies to all applications running on the machine. However, by using the node in the machine.config source, you can adapt machine-wide settings on a per-application basis.

Two attributes in the section affect the Web garden model. They are webGarden and cpuMask. The webGarden attribute takes a Boolean value that indicates whether or not multiple worker processes (one per each affinitized CPU) have to be used. The attribute is set to false by default. The cpuMask attribute stores a DWORD value whose binary representation provides a bit mask for the CPUs that are eligible to run the ASP.NET worker process. The default value is -1 (0xFFFFFF), which means that all available CPUs can be used. The contents of the cpuMask attribute is ignored when the webGarden attribute is false. The cpuMask attribute also sets an upper bound to the number of copies of aspnet_wp.exe that are running.

Web gardening enables multiple worker processes to run at the same time. However, you should note that all processes will have their own copy of application state, in-process session state, ASP.NET cache, static data, and all that is needed to run applications. When the Web garden mode is enabled, the ASP.NET ISAPI launches as many worker processes as there are CPUs, each a full clone of the next (and each affinitized with the corresponding CPU). To balance the workload, incoming requests are partitioned among running processes in a round-robin manner. Worker processes get recycled as in the single processor case. Note that ASP.NET inherits any CPU usage restriction from the operating system and doesn't include any custom semantics for doing this.

All in all, the Web garden model is not necessarily a big win for all applications. The more stateful applications are, the more they risk to pay in terms of real performance. Working data is stored in blocks of shared memory so that any changes entered by a process are immediately visible to others. However, for the time it takes to service a request, working data is copied in the context of the process. Each worker process, therefore, will handle its own copy of working data, and the more stateful the application, the higher the cost in performance. In this context, careful and savvy application benchmarking is an absolute must.

Changes made to the section of the configuration file are effective only after IIS is restarted. In IIS 6, Web gardening parameters are stored in the IIS metabase; the webGarden and cpuMask attributes are ignored.

3. Which method do you use to redirect the user to another page without performing a round trip to the client?

Server.Transfer and Server.Execute

4. What property do you have to set to tell the grid which page to go to when using the Pager object?

CurrentPageIndex

5. Name and describe some HTTP Status Codes and what they express to the requesting client.

When users try to access content on a server that is running Internet Information Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that indicates the status of the request. This status code is recorded in the IIS log, and it may also be displayed in the Web browser or FTP client. The status code can indicate whether a particular request is successful or unsuccessful and can also reveal the exact reason why a request is unsuccessful. There are 5 groups ranging from 1xx - 5xx of http status codes exists.

101 - Switching protocols.

200 - OK. The client request has succeeded

302 - Object moved.

400 - Bad request.

50013 - Web server is too busy.

6. Should validation (did the user enter a real date) occur server-side or client-side? Why?

It should occur both at client-side and Server side.By using expression validator control with the specified expression ie.. the regular expression provides the facility of only validatating the date specified is in the correct format or not. But for checking the date where it is the real data or not should be done at the server side, by getting the system date ranges and checking the date whether it is in between that range or not.

7. Which method do you use to redirect the user to another page without performing a round trip to the client?

Server.transfer

8. What is ViewState ? and how it is managed ?

ASP.NET ViewState is a new kind of state service that developers can use to track  UI state on a per-user basis. Internally it uses an an old Web programming trick-roundtripping  state in a hidden form field and bakes it right into the page-processing framework.It needs less code to write and maintain state in your Web-based forms.

9. What is view state?.where it stored?.can we disable it?

The web is state-less protocol, so the page gets instantiated, executed, rendered and then disposed on every round trip to the server. The developers code to add "statefulness" to the page by using Server-side storage for the state or posting the page to itself. When require to persist and read the data in control on webform, developer had to read the values and store them in hidden variable (in the form), which were then used to restore the values. With advent of .NET framework, ASP.NET came up with ViewState mechanism, which tracks the data values of server controls on ASP.NET webform. In effect,ViewState can be viewed as "hidden variable managed by ASP.NET framework!". When ASP.NET page is executed, data values from all server controls on page are collected and encoded as single string, which then assigned to page's hidden atrribute  "< input type=hidden >", that is part of page sent to the client.

ViewState value is temporarily saved in the client's browser.ViewState can be disabled for a single control, for an entire page orfor an entire web application. The syntax is:

Disable ViewState for control (Datagrid in this example)
< asp:datagrid EnableViewState="false" ... / >

Disable ViewState for a page, using Page directive
< %@ Page EnableViewState="False" ... % >

Disable ViewState for application through entry in web.config
< Pages EnableViewState="false" ... / >

10. Can a user browsing my Web site read my Web.config or Global.asax files?

No. The <HTTPHANDLERS>section of Machine.config, which holds the master configuration  settings for ASP.NET, contains entries that map ASAX files, CONFIG files, and selected  other file types to an HTTP handler named HttpForbiddenHandler, which fails attempts to retrieve the associated file. You can modify it by editing  Machine.config or including an section in a local Web.config file.