Question 1 :
What is Application-scope?
Application-scope means that variables (and objects) can be accessed from any ASP pages that is part of the application.
Question 2 :
What are the types of HTML?
Static HTML Browser uses HTTP to request HTML file from the Web Server
Dynamic HTML Browser uses HTTP to request an executable application rather than a Static HTML file
Question 3 :
What are the properties of Session Object?
SessionID returns the session identification number for each user.
Timeout sets the timeout period assigned to the Session object for any application, in minutes.
CodePage determines the code page that will be used to display content.
LCID a locale identifier, which determines time zone and language, rules for the system
Question 4 :
What are the event handlers of Session Object?
Session _OnStart This event will be fired when a new user begins a session with the web site.
Session_OnEnd This event is called whenever a session terminates.
Question 5 :
Name the ASP Objects?
Question 6 :
What are the advantages of using ASP?
Minimizes network traffic by limiting the need for the browser and server to talk to each other
Makes for quicker loading time since HTML pages are only downloaded
Allows to run programs in languages that are not supported by the browser
Can provide the client with data that does not reside on the client's machine
Provides improved security measures since the script cannot be viewed by the browser
Question 7 :
What are the methods in Application Object?
Lock prevents clients from modifying the variables stored in the Application object.
Unlock removes the lock from variables stored in the Application object.
Question 8 :
What are the methods in Application Object?
Internet Information Server (IIS) on Windows NT
Personal Web Server (PWS) on Windows 95
Peer Web Services on Windows NT
Question 9 :
What are the browsers that can access ASP pages?
How does the server identify and execute the server-side scripts within HTML code?
Including the RUNAT=SERVER attribute
Question 10 :
What are the methods by which output stream is controlled?
Flush sends previous buffered output to the client immediately, but continues processing the script.
Clear erases any already-buffered HTML.
End causes the server to stop processing the script.
Question 11 :
What are the properties used to control the expiration of the page?
Expires specifies the number of minutes before a page cached on a browser expires.
ExpiresAbsolute sets the date and time at which a page cached on a browser expires.
Question 12 :
What are the collections of Session Object?
Contents collection contains all the variables established for a session without using the tag.
Static collection contains all the objects created
Question 13 :
What is the difference between ASP and HTML? Or Why ASP is better than HTML?
- ASP executes code on the server side whereas the browser interprets HTML.
- ASP can use any scripting languages
- Gets feedback from the user and return information to the user
- Create pages that will be customized to display only things that will be of interest to a particular user
- Can edit contents of a web page by updating a text file or a database rather than the HTML code itself
Question 14 :
What are the event handlers of Application Object?
Application_OnStart- This event will be fired when the first visitor hits the page.
Application_OnEnd- This event runs when the server is stopped.
Question 15 :
Name some of the ASP components?
Ad Rotator component- a way to manage advertisements on the web site.
Content Linker component - a technique to direct users through a set of pages on a web site by creating a list of URLs and description of the next and previous pages.
Browser Capabilities component - allows to customize the page to the ability of the browser viewing it.
Database Access component - allows to access data from the database
Question 16 :
What are the tasks performed by < FORM > tags?
tags provides space for the user to input values
the form has a button to submit information back to the server
It transfers control to another ASP page
It carries the information in the fields to another ASP page
Question 17 :
What are the collections of Application Object?
* Contents collection - contains all variables added via scripts in global.asa.
* Static collection - contains the names of all objects.
Question 18 :
Explain the difference between POST and GET Method.
GET requests are string data that is visible to the end user via the URL and a limit of 2kb, POST requests have no limit on total data and the user can't see the data in a query string.
Question 19 :
Why do we use Option Explicit?
To avoid multiple variables of the same name.
Correct answer is - This statement force the declaration of variables in VB before using them.
Question 20 :
How do you write an SQL insert statement?
insert into tablename (fieldA, fieldB, fieldC)Values('dataA', 'dataB', 'dataC');
Question 21 :
How can you have different number of cells for each row of a table in HTML?
using colspan and rowspan
Question 22 :
What variable can you use to share info across the whole application for one user?
Use the sessions object
Question 23 :
What is string concatenation function in VBScript?
the ampersand symbol and ampersand space underscore across multiple lines
Question 24 :
What is a class in CSS?
A class allows you to define different style characteristics to the same HTML element.
class is a child to the id, id should be used only once, a css class can be used multiple times:
Question 25 :
When inserting strings into a SQL table in ASP what is the risk and how can you prevent it?
SQL Injection, to prevent you probably need to use Stored Procedures instead of inline/incode SQL
Question 26 :
Which is the default Data types in VBScript?
Question 27 :
What is the base class of .NET?
Base class provides a base set of methods that all derived classes can use
Question 28 :
Assemblies are similar to dll files. Both has the reusable pieces of code in the form of classes/ functions. Dll needs to be registered but assemblies have its own metadata.
Assembly is a single deployable unit that contains information about the implementation of classes, structures and interfaces. it also stores the information about itself called metadata and includes name and verison of the assembly, security information, information about the dependencies and the list of files that constitute the assembly.
Assembly also contains namespaces. In the .Net Framework, applications are deployed in the form of assemblies.
An assembly is a single deployable unit that contains all the information about the implementation of :
- structures and
An assembly stores all the information about itself. This information is called METADATA and include the name and the verison number of the assembly, security information, information about the dependencies and a lost of files that constitute the assembly.
All the application developed using the .NET framework are made up of assemblies.
Namespaces are also stored in assemblies
In the Microsoft .NET framework an assembly is a partially compiled code library for use in deployment, versioning and security. In the Microsoft Windows implementation of .NET, an assembly is a PE (portable executable) file. There are two types, process assemblies (EXE) and library assemblies (DLL). A process assembly represents a process which will use classes defined in library assemblies. In version 1.1 of the CLR classes can only be exported from library assemblies; in version 2.0 this restriction is relaxed. The compiler will have a switch to determine if the assembly is a process or library and will set a flag in the PE file. .NET does not use the extension to determine if the file is a process or library. This means that a library may have either .dll or .exe as its extension.
The code in an assembly is partially compiled into CIL, which is then fully compiled into machine language at runtime by the CLR.
An assembly can consist of one or more files. Code files are called modules. An assembly can contain more than one code module and since it is possible to use different languages to create code modules this means that it is technically possible to use several different languages to create an assembly. In practice this rarely happens, principally because Visual Studio only allows developers to create assemblies that consist of a single code module.
Question 29 :
Name some of the languages .NET support?
Some of the languages that are supported by .NET
1. Visual Basic.NET
2. Visual C#
3. Visual C++
Question 30 :
ADO.NET features? Benefits? Drawbacks?
1. Data will be retrieved through Datasets
1. Disconnected Data Architecture
2. Data cached in Datasets
3. Data transfer in XML format
4. Interaction with the database is done through data commands
Question 31 :
How many types of exception handlers are there in .NET?
MSDN>gt; "How the Runtime Manages Exceptions"
The exception information table represents four types of exception handlers for protected blocks:
A finally handler that executes whenever the block exits, whether that occurs by normal control flow or by an unhandled exception.
A fault handler that must execute if an exception occurs, but does not execute on completion of normal control flow.
A type-filtered handler that handles any exception of a specified class or any of its derived classes.
A user-filtered handler that runs user-specified code to determine whether the exception should be handled by the associated handler or should be passed to the next protected block.
1. Unstructured Exception Handling
2. Structured Exception Handling
Question 32 :
Difference between Panel and GroupBox classes?
Panel and Group box both can used as container for other controls like radio buttons and check box.
the difference in panel and group box are Panel
1) In case of panel captions cannot be displayed
2) Can have scroll bars.
1) Captions can be displayed.
2) Cannot have a scroll bar
Panel is scrollable. In panel you can't set caption like Group box.
Question 33 :
What is Response object? How is it related to ASP's Response object?
Response object allows the server to communicate with the client(browser). It is useful for displaying information to the user (or) redirecting the client.
Eg: Response.Write("Hello World")
Question 34 :
hat is IIS? Have you used it?
IIS - Internet Information Server
IIS is used to access the ASP.Net web applications
Yes, I used in ASP.NET web applications.
Question 35 :
Main differences between ASP and ASP.NET.
1. ASP: Code is Interpreted
ASP.NET: Code is Compiled
2. ASP: Business Logic and Presentation Logic are in a single file
ASP.NET: Business Logic and Presentation Logic are in separate files (.cs or .vb) and (.aspx) respectively.
3. ASP: No Web Server Controls
ASP.NET: Web Server Controls supported by strong .NET Framework
4. ASP: No RAD in Classic ASP
ASP.NET: Supports RAD
1.Asp is interpreted
Asp.net is compiled which is faster than asp.
2 Asp.net maintains its own CLR and is managed as it runs by CLR
Where as asp is unmanaged
3 We can mainatin sessions in state server and sql server which is Outproc,
where in asp sessions will be last if we restart webserver or make changes.
4 In asp.net we can configure each application using web.config file which is availble in application itself and we have machine.config wherer we can configure all applications.
In asp we cannot configure single aplication
5 Asp.net we have autopostback event which is not in asp
6 In asp.net we have global.asax where can hadle some global things which is not in asp.
7 We have well built GUI to work in asp.net
8 We have ado.net and as well as disconnected architecture in asp.net
9 We have Xcopy deployment in asp.net
10. We can work with any language as code behind technique in asp.net that supports .net frame work
a) asp.net is compiled but ASP is a interpretor or script only.
b) asp.net is supported more control then the asp.
c) asp.net is more supported even control then the asp.
d) In asp.net if update any component then no need to shutdown the computer but in asp if loaded any component then need tobe shutdown the computer.
d) So lastly an asp.net is faster then asp .
Question 36 :
What are the advantages and drawbacks of using ADO.NET?
ADO.NET is rich with plenty of features that are bound to impress even the most skeptical of programmers. If this weren't the case, Microsoft wouldn't even be able to get anyone to use the Beta. What we've done here is come up with a short list of some of the more outstanding benefits to using the ADO.NET architecture and the System.Data namespace.
* Performance – there is no doubt that ADO.NET is extremely fast. The actual figures vary depending on who performed the test and which benchmark was being used, but ADO.NET performs much, much faster at the same tasks than its predecessor, ADO. Some of the reasons why ADO.NET is faster than ADO are discussed in the ADO versus ADO.NET section later in this chapter.
* Optimized SQL Provider – in addition to performing well under general circumstances, ADO.NET includes a SQL Server Data Provider that is highly optimized for interaction with SQL Server. It uses SQL Server's own TDS (Tabular Data Stream) format for exchanging information. Without question, your SQL Server 7 and above data access operations will run blazingly fast utilizing this optimized Data Provider.
* XML Support (and Reliance) – everything you do in ADO.NET at some point will boil down to the use of XML. In fact, many of the classes in ADO.NET, such as the DataSet, are so intertwined with XML that they simply cannot exist or function without utilizing the technology. You'll see later when we compare and contrast the "old" and the "new" why the reliance on XML for internal storage provides many, many advantages, both to the framework and to the programmer utilizing the class library.
* Disconnected Operation Model – the core ADO.NET class, the DataSet, operates in an entirely disconnected fashion. This may be new to some programmers, but it is a remarkably efficient and scalable architecture. Because the disconnected model allows for the DataSet class to be unaware of the origin of its data, an unlimited number of supported data sources can be plugged into code without any hassle in the future.
* Rich Object Model – the entire ADO.NET architecture is built on a hierarchy of class inheritance and interface implementation. Once you start looking for things you need within this namespace, you'll find that the logical inheritance of features and base class support makes the entire system extremely easy to use, and very customizable to suit your own needs. It is just another example of how everything in the .NET framework is pushing toward a trend of strong application design and strong OOP implementations.
Hard as it may be to believe, there are a couple of drawbacks or disadvantages to using the ADO.NET architecture. I'm sure others can find many more faults than we list here, but we decided to stick with a short list of some of the more obvious and important shortcomings of the technology.
* Managed-Only Access – for a few obvious reasons, and some far more technical, you cannot utilize the ADO.NET architecture from anything but managed code. This means that there is no COM interoperability allowed for ADO.NET. Therefore, in order to take advantage of the advanced SQL Server Data Provider and any other feature like DataSets, XML internal data storage, etc, your code must be running under the CLR.
* Only Three Managed Data Providers (so far) – unfortunately, if you need to access any data that requires a driver that cannot be used through either an OLEDB provider or the SQL Server Data Provider, then you may be out of luck. However, the good news is that the OLEDB provider for ODBC is available for download from Microsoft. At that point the down-side becomes one of performance, in which you are invoking multiple layers of abstraction as well as crossing the COM InterOp gap, incurring some initial overhead as well.
* Learning Curve – despite the misleading name, ADO.NET is not simply a new version of ADO, nor should it even be considered a direct successor. ADO.NET should be thought of more as the data access class library for use with the .NET framework. The difficulty in learning to use ADO.NET to its fullest is that a lot of it does seem familiar. It is this that causes some common pitfalls. Programmers need to learn that even though some syntax may appear the same, there is actually a considerable amount of difference in the internal workings of many classes. For example (this will be discussed in far more detail later), an ADO.NET DataSet is nothing at all like a disconnected ADO RecordSet. Some may consider a learning curve a drawback, but I consider learning curves more like scheduling issues. There's a learning curve in learning anything new; it's just up to you to schedule that curve into your time so that you can learn the new technology at a pace that fits your schedule.
Question 37 :
Question 38 :
what is the difference between user control an custom control? advantages/disadvantages?
Web user controls Vs Web custom controls
Easier to create Vs Harder to create
Limited support for consumers who use a visual design tool Vs Full visual design tool support for consumers
A separate copy of the control is required in each application Vs Only a single copy of the control is required, in the global assembly cache
Cannot be added to the Toolbox in Visual Studio Vs Can be added to the Toolbox in Visual Studio
Good for static layout Vs Good for dynamic layout
Question 39 :
What's the difference between Response.Write() andResponse.Output.Write()?
Response.Output.Write() allows you to write formatted output
Question 40 :
What is the use of ErrorProvider Control?
The ErrorProvider control is used to indicate invalid data on a data entry form. Using this control, you can attach error messages that display next to the control when the data is invalid, as seen in the following image. A red circle with an exclamation point blinks, and when the user mouses over the icon, the error message is displayed as a tooltip.
Question 41 :
What is CLR?
CLR(Common Language Runtime) is the main resource of .Net Framework. it is collection of services like garbage collector, exception handler, jit compilers etc. with the CLR cross language integration is possible.
The .NET Framework provides a runtime environment which runs the code and provides services that make the development process easier. This runtime environment in .NET Framework is known as Common Language Runtime (CLR). The CLR sits at the very heart of managed code. Common Language Runtime is the generalized multi-language, reflective execution engine on which code originally written in various languages runs. At a higher level, CLR is simply an engine that takes in Intermediate Language (IL) instructions, translates them into machine instructions, and executes them. Although the common language runtime provides many standard runtime services, managed code is never interpreted. A feature called just-in-time (JIT) compiling enables all managed code to run in the native machine language of the system on which it is executing. The CLR shares much in common with a traditional operating system.
Managed code is the term used for any code that is running on .NET Framework.
The CLR provides the infrastructure that enables managed code to execute as well provides variety of services during execution. When a method, for which IL has been generated, is called for the first time the CLR compiles the IL into native code that is specific to the processor the Environment it is running on (This process is known as Just in Time Compilation or JIT). If the same method is called next time, the existing JIT compiled code is reused. During execution managed code receives variety of services from the runtime environment.
When compiling to managed code, the compiler translates your source code into Microsoft intermediate language (MSIL), which is a CPU-independent set of instructions that can be efficiently converted to native code. Intermediate Language is a binary assembly language that is compiled at runtime down to whatever machine language is appropriate for the host CPU. This runtime compilation is called Just-In-Time Compiling or JIT-compiling.
Advantages of Managed Execution Environments
In unmanaged environments the compiler and linker directly compile the source code in to native instructions that are targeted at a specific processor. The disadvantage of this process is that each time you want to run your executable on a different platform you will have to re-compile the code using a compiler and linker that will compile the code that is targeted at the specific hardware. This means that each time you want your application to run on a different platform, you will have to ship the compiled instructions again and again. As this leads to compiling and maintaining multiple versions of the same application, the companies try to create a more generalized compiled version in order to target most of the environments. This process is known as the Lowest Common Denominator approach. This leads to a more generalized program which is not optimized properly and does not take advantages of the underlying hardware infrastructure (processor, cache, etc). Because the CLR supplies one or more Just in Time Compiler for each computer architecture it supports, the same set of MSIL can be JIT-compiled and run on any supported architecture. This CLR provides the following benefits for developers:
Vastly simplified development.
Seamless integration of code written in various languages.
Evidence-based security with code identity.
Assembly-based deployment that eliminates DLL Hell.
Side-by-side versioning of reusable components.
Code reuse through implementation inheritance.
Automatic object lifetime management.
Code access security.
Cross Language Integration.
Self describing objects.
The CLR automatically handles object layout and manages references to objects, releasing them when they are no longer being used. This automatic memory management resolves the two most common application errors, memory leaks and invalid memory references. This process is known as Garbage Collection. The CLR also manages thread execution, code execution, code safety verification, compilation, and other system services.
The CLR is designed for the software of the future, and it also supports software of today and yesterday. Interoperability between managed and unmanaged code provided by CLR helps developers continue to use necessary COM components and DLLs.
Question 42 :
What is Delegate and what is it used for ?
Delegate is kinda like a pointer to a function in C++ or like an event handler in Java
You can use it to "multicast" which means running multiple functions in different instances of object already created.
This is useful when you want your objects to "register" to an event raised by another object.
The way it works is the object you are registered to listen to recieves the delegate of the function it is supposed to run in your object, the delegate is then run from it. (if you switch the word delegate for pointer, this would be much simpler)
Question 43 :
How is meant by DLL ?
A DLL (Dynamic Link Library) is a file that can be loaded and executed by programs dynamically. Basically it's an external code repository for programs. Since usually several different programs reuse the same DLL instead of having that code in their own file, this dramatically reduces required storage space. A synonym for a DLL would be library.
Question 44 :
Can anyone tell me about Secure Socket Layer? How to make use of the technology?
Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term "SSL" as used here applies to both protocols unless clarified by context.
Question 45 :
What is an interface and what is an abstract class? Please, expand by examples of using both. Explain why?
In a interface class, all methods are abstract without implementation where as in an abstract class some methods we can define concrete. In interface, no accessibility modifiers are allowed. An abstract class may have accessibility modifiers. Interface and abstract class are basically a set of rules which u have to follow in case u r using them(inheriting them).
Abstract classes are closely related to interfaces. They are classes that cannot be instantiated, and are frequently either partially implemented, or not at all implemented. One key difference between abstract classes and interfaces is that a class may implement an unlimited number of interfaces, but may inherit from only one abstract (or any other kind of) class. A class that is derived from an abstract class may still implement interfaces. Abstract classes are useful when creating components because they allow you specify an invariant level of functionality in some methods, but leave the implementation of other methods until a specific implementation of that class is needed. They also version well, because if additional functionality is needed in derived classes, it can be added to the base class without breaking code.
An abstract class is the one that is not used to create objects. An abstract class is designed to act as a base class (to be inherited by other classes). Abstract class is a design concept in program development and provides a base upon which other classes are built. Abstract classes are similar to interfaces. After declaring an abstract class, it cannot be instantiated on it's own, it must be inherited. Like interfaces, abstract classes can specify members that must be implemented in inheriting classes. Unlike interfaces, a class can inherit only one abstract class. Abstract classes can only specify members that should be implemented by all inheriting classes.
An interface looks like a class, but has no implementation. They're great for putting together plug-n-play like architectures where components can be interchanged at will. Think Firefox Plug-in extension implementation. If you need to change your design, make it an interface. However, you may have abstract classes that provide some default behavior. Abstract classes are excellent candidates inside of application frameworks.
One additional key difference between interfaces and abstract classes (possibly the most important one) is that multiple interfaces can be implemented by a class, but only one abstract class can be inherited by any single class.
Some background on this: C++ supports multiple inheritance, but C# does not. Multiple inheritance in C++ has always be controversial, because the resolution of multiple inherited implementations of the same method from different base classes is hard to control and anticipate. C# decided to avoid this problem by allowing a class to implement multiple interfaces, which do not contain method implementations, but restricting a class to have at most a single parent class. Although this can result in redundant implementations of the same method when different classes implement the same interface, it is still an excellent compromise.
Another difference between interfaces and abstract classes is that an interface can be implemented by an abstract class, but no class, abstract or otherwise, can be inherited by an interface.
What is an Abstract class?
An abstract class is a special kind of class that cannot be instantiated. So the question is why we need a class that cannot be instantiated? An abstract class is only to be sub-classed (inherited from). In other words, it only allows other classes to inherit from it but cannot be instantiated. The advantage is that it enforces certain hierarchies for all the subclasses. In simple words, it is a kind of contract that forces all the subclasses to carry on the same hierarchies or standards.
What is an Interface?
An interface is not a class. It is an entity that is defined by the word Interface. An interface has no implementation; it only has the signature or in other words, just the definition of the methods without the body. As one of the similarities to Abstract class, it is a contract that is used to define hierarchies for all subclasses or it defines specific set of methods and their arguments. The main difference between them is that a class can implement more than one interface but can only inherit from one abstract class. Since C# doesn't support multiple inheritance, interfaces are used to implement multiple inheritance.
Question 46 :
What is serialization, how it works in .NET?
Serialization is when you persist the state of an object to a storage medium so an exact copy can be re-created at a later stage.
Serialization is used to save session state in ASP.NET.
Serialization is to copy objects to the Clipboard in Windows Forms
Serialization is used by remoting to pass objects by value from one application domain to another
Question 47 :
What exactly is being serialized when you perform serialization?
The object's state (values)
Question 48 :
How does output caching work in ASP.NET?
Output caching is a powerful technique that increases request/response throughput by caching the content generated from dynamic pages. Output caching is enabled by default, but output from any given response is not cached unless explicit action is taken to make the response cacheable.
To make a response eligible for output caching, it must have a valid expiration/validation policy and public cache visibility. This can be done using either the low-level OutputCache API or the high-level @ OutputCache directive. When output caching is enabled, an output cache entry is created on the first GET request to the page. Subsequent GET or HEAD requests are served from the output cache entry until the cached request expires.
The output cache also supports variations of cached GET or POST name/value pairs.
The output cache respects the expiration and validation policies for pages. If a page is in the output cache and has been marked with an expiration policy that indicates that the page expires 60 minutes from the time it is cached, the page is removed from the output cache after 60 minutes. If another request is received after that time, the page code is executed and the page can be cached again. This type of expiration policy is called absolute expiration - a page is valid until a certain time.
Question 49 :
What is connection pooling and how do you make your application use it?
Opening database connection is a time consuming operation.
Connection pooling increases the performance of the applications by reusing the active database connections instead of create new connection for every request.
Connection pooling Behaviour is controlled by the connection string parameters.
Follwing the the 4 parameters that control most of the connection pooling behaviour.
1. Connect Timeout
2. Max Pool Size
3. Min Pool Size
Question 50 :
What are different methods of session maintenance in ASP.NET?
Session State Service.
Microsoft SQL Server.
The default location for session state storage is in the ASP.NET process itself.
Session State Service
As an alternative to using in-process storage for session state, ASP.NET provides the ASP.NET State Service. The State Service gives you an out-of-process alternative for storing session state that is not tied quite so closely to ASP. Net's own process.
To use the State Service, you need to edit the sessionState element in your ASP.NET application's web.config file:
You'll also need to start the ASP.NET State Service on the computer that you specified in the stateConnectionString attribute. The .NET Framework installs this service, but by default it's set to manual startup. If you're going to depend on it for storing session state, you'll want to change that to automatic startup by using the Services MMC plug-in in the Administrative Tools group.
If you make these changes, and then repeat the previous set of steps, you'll see slightly different behavior: session state persists even if you recycle the ASP.NET process.
There are two main advantages to using the State Service. First, it is not running in the same process as ASP.NET, so a crash of ASP.NET will not destroy session information. Second, the stateConnectionString that's used to locate the State Service includes the TCP/IP address of the service, which need not be running on the same computer as ASP.NET. This allows you to share state information across a web garden (multiple processors on the same computer) or even across a web farm (multiple servers running the application). With the default in-process storage, you can't share state information between multiple instances of your application.
The major disadvantage of using the State Service is that it's an external process, rather than part of ASP.NET. That means that reading and writing session state is slower than it would be if you kept the state in-process. And, of course, it's one more process that you need to manage. As an example of the extra effort that this can entail, there is a bug in the initial release of the State Service that allows a determined attacker to crash the ASP.NET process remotely. If you're using the State Service to store session state, you should install the patch from Microsoft Security Bulletin MS02-66, or install SP2 for the .NET Framework.
Microsoft SQL Server
The final choice for storing state information is to save it in a Microsoft SQL Server database. To use SQL Server for storing session state, you need to perform several setup steps:
Run the InstallSqlState.sql script on the Microsoft SQL Server where you intend to store session state. This script will create the necessary database and database objects. The .NET Framework installs this script in the same folder as its compilers and other tools–for example, C:\WINNT\Microsoft.NET\Framework\v1.0.3705 on a Windows 2000 computer with the 1.0 version of the Framework. Edit the sessionState element in the web.config file for your ASP.NET application as follows:
Supply the server name, user name, and password for a SQL Server account that has access to the session state database in the sqlConnectionString attribute.
Like the State Service, SQL Server lets you share session state among the processors in a web garden or the servers in a web farm. But you also get the additional benefit of persistent storage. Even if the computer hosting SQL Server crashes and is restarted, the session state information will still be present in the database, and will be available as soon as the database is running again. That's because SQL Server, being an industrial-strength database, is designed to log its operations and protect your data at (almost) all costs. If you're willing to invest in SQL Server clustering, you can keep the session state data available transparently to ASP.NET even if the primary SQL Server computer crashes.
Like the State Service, SQL Server is slower than keeping session state in process. You also need to pay additional licensing fees to use SQL Server for session state in a production application. And, of course, you need to worry about SQL Server-specific threats such as the "Slammer" worm.