Software Engineer concepts Flashcards

Question

/How does PKCE work for SPA?

Answer 1

Sure! Here’s a quick and simple summary of **PKCE for SPAs**: 1. **Generate a Secret**: Your SPA creates a random string (**code verifier**) and a hashed version of it (**code challenge**). 2. **Start Login**: Your SPA sends the **code challenge** (hashed secret) to the login server when redirecting the user to log in. 3. **Get Authorization Code**: After the user logs in, the login server sends an **authorization code** back to your SPA. 4. **Prove It’s Your App**: Your SPA sends the **authorization code** and the original **code verifier** (the random secret) back to the login server to get the **access token**. 5. **Verification**: The login server hashes the **code verifier** and checks if it matches the original **code challenge**. If they match, it gives your SPA the access token. **Why?** It ensures only your app can finish the login process, even if someone steals the authorization code.

Answer 2

Sure! Here’s a concise summary of the **Client Credentials Grant flow**: 1. **Purpose**: Used for machine-to-machine (M2M) communication where a client app (not a user) needs to access resources. 2. **Setup**: The app registers with the authorization server and gets a **client ID** and **client secret**. 3. **Request Access Token**: - The app sends a POST request to the **token endpoint** with: - `grant_type=client_credentials` - `client_id` and `client_secret` (usually in the Authorization header, Base64-encoded). - Optionally, requested **scopes**. 4. **Token Response**: - If the credentials are valid, the server returns an **access token**. 5. **Access Resources**: - The app uses the token (in the `Authorization: Bearer` header) to access protected APIs. **Why?** It allows secure authentication and authorization for applications that act on their own behalf without user involvement.

Answer 3

A webhook is a **lightweight, event-driven communication that automatically sends data between applications via HTTP**. Triggered by specific events, webhooks automate communication between application programming interfaces (APIs) and can be used to activate workflows, such as in GitOps environments. Because webhooks can connect event sources to automation solutions, they are 1 way to launch event-driven automation to perform IT actions when a specified event occurs.

Answer 4

An API key is a **unique identifier used to authenticate and authorize requests made to an Application Programming Interface (API)**. It acts as a passcode that allows applications, users, or systems to access specific features or data offered by the API. API keys are widely used in software development to ensure secure and controlled access to services.

Answer 5

In an ASP.NET Core project, the configuration files appsettings.json, appsettings.Development.json, and appsettings.local.json are used to manage different settings for various environments. Here's when each file is used: 1. **appsettings.json**: This is the default configuration file that is always loaded, regardless of the environment. It contains the base configuration settings for the application. 2. **appsettings.Development.json**: This file is used when the application is running in the Development environment. It overrides the settings in appsettings.json with development-specific settings. The environment is typically set to Development when running the application locally for development purposes. 3. **appsettings.local.json**: This file is not a standard file used by default in ASP.NET Core. However, it can be used for local overrides. If you want to use this file, you need to explicitly add it to the configuration in your Program.cs or Startup.cs file.

Answer 6

Basic Authentication is a method for an HTTP user agent (e.g., a web browser) to provide a username and password when making a request.

Answer 7

**HTTP** HTTP is a stateless system that allows connection on demand. It's good for data transfer, but it doesn't encrypt data, making it vulnerable to attacks. **HTTPS** HTTPS is an extension of HTTP that uses SSL/TLS certificates to encrypt data transferred between a user's browser and a website. This protects users from eavesdroppers and man-in-the-middle (MitM) attacks.

Answer 8

An HTTP request needs an Authorization header to provide credentials for user authentication, allowing a server to verify the identity of the client making the request and grant access to protected resources, essentially acting as a security mechanism to control who can access specific data or functionalities on a website or API.

Answer 9

``` int[] numbers = { 2, 3, 4, 5 }; var squaredNumbers = numbers.Select(x => x * x); Console.WriteLine(string.Join(" ", squaredNumbers)); // Output: // 4 9 16 25 ```

Answer 10

**They represent code in a tree-like data structure, where each node is an expression (such as a method call, binary operation, or constant value).** They allow you to construct, examine, and execute code dynamically at runtime. Expression trees are particularly useful for creating dynamic code, analyzing code at runtime, and **enabling frameworks like LINQ to SQL and Entity Framework to translate C# code into SQL queries or other operations**. Picture https://dev.to/turalsuleymani/solid-introduction-to-expression-trees-in-c-1c4i

Answer 11

``` List numbers1 = [ 5, 4, 1, 3, 9, 8, 6, 7, 2, 0 ]; List numbers2 = [ 15, 14, 11, 13, 19, 18, 16, 17, 12, 10 ]; // Query #4. double average = numbers1.Average(); // Query #5. IEnumerable concatenationQuery = numbers1.Concat(numbers2); ```

Answer 12

very interesting way to declare variables. ``` (double, int) t1 = (4.5, 3); Console.WriteLine($"Tuple with elements {t1.Item1} and {t1.Item2}."); // Output: // Tuple with elements 4.5 and 3. (double Sum, int Count) t2 = (4.5, 3); Console.WriteLine($"Sum of {t2.Count} elements is {t2.Sum}."); // Output: // Sum of 3 elements is 4.5. ```

Answer 13

local.settings.json is used by the Azure Function projects and appsettings.local.json is for the ASP.NET Core application's local settings.

Answer 14

The launchSettings.json file controls how an ASP.NET Core or .NET Core application is launched and debugged. It's located in the Properties folder of a project. What does it do? Specifies the command to execute, Determines whether to open the browser, Sets environment variables, Defines launch profiles, and Controls how Visual Studio behaves when launching an application.

Answer 15

**1. .NET Framework:** * **What It Is:** Think of the .NET Framework as a big toolbox created by Microsoft around 2002. It's filled with tools and libraries that help developers build various types of applications, like websites and desktop programs, primarily for Windows computers. **2. .NET Core:** * **What It Is:** Introduced in 2016, .NET Core is like a newer, more versatile version of the .NET Framework. It's designed to work not just on Windows, but also on macOS and Linux, making it cross-platform. **3. ASP.NET:** * **What It Is:** ASP.NET is a part of the .NET Framework specifically for building dynamic websites and web services. Imagine it as a set of tools within the .NET Framework toolbox dedicated to web development. **4. ASP.NET Core:** * **What It Is:** ASP.NET Core is the updated, more flexible version of ASP.NET. It's designed to work with .NET Core, meaning it can run on multiple operating systems. It combines features that were previously separate in ASP.NET, like MVC (for building web applications) and Web API (for building web services), into a single framework. **Key Differences Summarized:** ***Platform Compatibility:** * ASP.NET runs only on Windows. * ASP.NET Core can run on Windows, macOS, and Linux. **Performance:** * ASP.NET Core is designed to be faster and more efficient than the traditional ASP.NET. **Modularity:** * ASP.NET Core allows developers to include only the necessary components, making applications lighter and potentially more secure. **Open Source:** * ASP.NET Core is open-source, encouraging community contributions and transparency. In simple terms, if you're starting a new web project and want flexibility, better performance, and cross-platform capabilities, ASP.NET Core with .NET Core is a modern choice. However, for existing projects that are deeply integrated with Windows, the traditional ASP.NET with the .NET Framework might still be in use.

Answer 16

**Node.js is a cross-platform, open-source JavaScript runtime environment** that can run on Windows, Linux, Unix, macOS, and more. Node.js runs on the V8 JavaScript engine, and executes JavaScript code outside a web browser. Node.js lets developers use JavaScript to write command line tools and for server-side scripting.

Answer 17

The package.json file is the heart of any Node project. It records important metadata about a project which is required before publishing to NPM, and also defines functional attributes of a project that npm uses to install dependencies, run scripts, and identify the entry point to our package.

Answer 18

**Kiota is a command line tool for generating an API client to call any OpenAPI-described API you're interested in.** The goal is to eliminate the need to take a dependency on a different API client library for every API that you need to call. Kiota API clients provide a strongly typed experience with all the features you expect from a high quality API SDK, but without having to learn a new library for every HTTP API. **The kiota-lock.json file is used to capture what the parameters were at the time of generation and can be used to regenerate based on the parameters in the file.**

Answer 19

Sure! Here's a concise summary: **`class`**: - Mutable by default. - Equality is reference-based. - Used for general-purpose object-oriented programming. **`record`**: - Immutable by default. - Equality is value-based. - Designed for data models and DTOs. - Supports `with` expressions for creating modified copies. Use `class` for mutable objects and `record` for immutable, value-based data.

Answer 20

A factory method is a design pattern used to create objects. Instead of calling a constructor directly, you call a factory method that returns an instance of the object. This method encapsulates the creation logic, which can include complex initialization, validation, or configuration steps. A static method used to create instances of a class or record, encapsulating the creation logic.

Answer 21

1. Static methods are usually useful for operations that don't require any data from an instance of the class (from this) and can perform their intended purpose solely using their arguments. A simple example of this would be a method Point::distance(Point a, Point b); that calculates the distance between two points and don't require an instance. 2. They can be defined within a class as a factory method to create an instace of a class, without needing an existing class instance to be called upon. This is what they call a factory method.

Answer 22

**In Microsoft's context, an entity typically refers to an object or a class that represents a table within a database in the Entity Framework. The Entity Framework is an ORM (Object-Relational Mapping) framework provided by Microsoft that allows developers to work with data using object-oriented programming concepts rather than dealing directly with database tables and SQL queries.** An entity class in the Entity Framework often represents a table in a database, where each instance of the class corresponds to a row in that table. These classes are used to define the structure of the data and its relationships. Key characteristics of entities in the Entity Framework include: 1. Properties: Properties of the entity class typically represent columns in the corresponding database table. 1. Navigation Properties: These properties represent relationships between different entities, often reflecting foreign key relationships in the database schema. 1. Attributes or Annotations: Annotations or attributes can be used to provide additional information to the Entity Framework about how the entity maps to the database. Entities in the Entity Framework enable developers to interact with the database using object-oriented techniques, allowing for a more natural and intuitive way to handle data persistence. Developers can perform CRUD (Create, Read, Update, Delete) operations on these entities, and Entity Framework takes care of translating these operations into appropriate SQL queries to interact with the database. ## Footnote https://dev.to/rechidesigns/understand-the-key-difference-between-entity-framework-core-and-entity-framework-2dj0

Answer 23

Comparison: * Entity Framework (EF) refers to the older versions designed for the .NET Framework. * Entity Framework Core (EF Core) is the modern, cross-platform ORM specifically designed for .NET Core and later versions. Both frameworks aim to provide object-relational mapping capabilities, allowing developers to work with databases using object-oriented paradigms, but EF Core is more lightweight, modular, and compatible with the cross-platform (EF Core can work on various platforms, including Windows, Linux, and macOS.).NET Core ecosystem. As of .NET 5 and beyond, EF Core is the recommended ORM for new .NET applications.

Answer 24

In C#, a delegate is a type that represents references to methods with a particular parameter list and return type. When you instantiate a delegate, you can associate the delegate instance with any method that has a compatible signature and return type. You can invoke (or call) the method through the delegate instance. Delegates are used to pass methods as arguments to other methods. Event handlers are essentially methods you invoke through delegates. When you create a custom method, a class such as a Windows control can call your method when a certain event occurs. ## Footnote https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/delegates/

Answer 25

In C#, an anonymous function is a function without a name, defined using either an anonymous method or a lambda expression. Both constructs enable the creation of inline, unnamed methods that can be assigned to delegates or passed as arguments to higher-order functions.

Answer 26

In programming, a method signature uniquely identifies a method within a class. It typically consists of the method's name and its parameter list, including the number, types, and order of parameters. This allows the compiler or interpreter to distinguish between methods, especially when overloading methods with the same name but different parameters.

Answer 27

I just met you, And this is crazy, But here's my number (delegate), So if something happens (event), Call me, maybe (callback)?

Answer 28

**Key Differences** **Scope:** * Middleware: Applied globally to all requests. * Filters: Can be applied globally, to specific controllers, or to specific actions. **Use Cases:** * Middleware: Broad concerns that apply to all requests (e.g., authentication, logging). * Filters: Concerns specific to MVC applications (e.g., action execution, result processing). **Execution Order:** * Middleware: Executed in the order registered in Startup.Configure. * Filters: Executed based on their type and the order in which they are applied. **Pipeline Control:** * Middleware: Can short-circuit the request pipeline. * Filters: Can short-circuit the action execution pipeline within MVC actions or Razor Pages.

Answer 29

Cross-cutting concerns are aspects of a program that affect multiple layers or components of an application. These concerns are not specific to any single part of the application but are used throughout the application. They typically involve functionality that is needed across different modules or layers, such as logging, error handling, authentication, and authorization.

Answer 30

In [ASP.NET](http://asp.net/) Core, a "wrapper" typically refers to a design pattern or a technique used to encapsulate and manage the behavior of another component or service. Wrappers can be used to add additional functionality, such as logging, error handling, or caching, without modifying the original component. This concept is often used to adhere to the Single Responsibility Principle and to promote code reuse and separation of concerns.

Answer 31

Azure Front Door optimizes web application performance through global routing, load balancing, and security features like a built-in WAF. Azure CDN accelerates content delivery by caching on distributed servers. Both services enhance user experience, but Front Door is ideal for dynamic applications while CDN focuses on static content delivery.

Answer 32

**`ActionResult`** * is a type in ASP.NET Core that represents the result of an action method in a controller. It is a generic wrapper that combines two things: * The HTTP Response: It encapsulates the HTTP status code (e.g., 200 OK, 404 Not Found, etc.) and any additional metadata (like headers). * The Response Data (T): It contains the actual data being returned to the client, where T is the type of the data. **`HandleDashboardRequest` Generic method** * The method `HandleDashboardRequest `is a generic method. The `` is a type parameter, meaning the method can work with any type that the caller specifies. For example, T could be a string, a custom object, or any other type. This makes the method flexible and reusable. **`delegate Func, DateRange, Task> dashboardFunc` as a parameter** * This is a delegate (a function pointer) that takes two parameters * It returns a `Task`, meaning it performs an asynchronous operation and resolves to a value of type `T`

Answer 33

C# is primarily a type-safe language, meaning that types can interact only through protocols they define, thereby ensuring each type’s internal consistency. For instance, C# prevents you from interacting with a string type as though it were an integer type. More specifically, C# supports static typing, meaning that the language enforces type safety at compile time. This is in addition to dynamic type safety, which the .NET CLR enforces at runtime. Static typing eliminates a large class of errors before a program is even run. It shifts the burden away from runtime unit tests onto the compiler to verify that all the types in a program fit together correctly. This makes large programs much easier to manage, more predictable, and more robust. Furthermore, static typing allows tools such as IntelliSense in Visual Studio to help you write a program, since it knows for a given variable what type it is, and hence what methods you can call on that variable.

Answer 34

C# is called a strongly typed language because its type rules (whether enforced statically or dynamically) are very strict. For instance, you cannot call a function that’s designed to accept an integer with a floating-point number, unless you first explicitly convert the floating-point number to an integer. This helps prevent mistakes. Strong typing also plays a role in enabling C# code to run in a sandbox—an environment where every aspect of security is controlled by the host. In a sandbox, it is important that you cannot arbitrarily corrupt the state of an object by bypassing its type rules.

Answer 35

Static classes and members are usually used for data or functions that do not change in response to object state, or for utility functions that do not rely on object state at all. One common use of static classes is to hold application-level data, such as configuration settings. Static methods, on the other hand, are often used for utility functions. For example, the Math class in C# is a static class with static methods. To use any method of the Math class, such as Math.Sqrt(), you do not need to create an instance of the Math class.

Answer 36

When a class object is created at runtime, a certain memory space is allocated to it in the heap memory. However, after all the actions related to the object are completed in the program, the memory space allocated to it is a waste as it cannot be used. In this case, garbage collection is very useful as it automatically releases the memory space after it is no longer required.

Answer 37

https://www.geeksforgeeks.org/introduction-to-model-view-view-model-mvvm/

Answer 38

* Clarity and Intent: Marking a method/property as static makes it clear that the method does not depend on instance data and can be called without creating an instance of the class. This improves the readability of the code by clearly conveying the member’s intended use. * Performance: Instance methods/properties in C# require an instance of the class to be called. This means that even if the it doesn’t use any instance data, the runtime still needs to pass a reference to the instance during the call. For static methods and properties, this overhead is avoided, leading to slightly better performance. * Memory Usage: Since instance methods implicitly carry a reference to the instance (the caller object), they can potentially prevent the garbage collector from collecting the instance whem it is not otherwise referenced. Static members do not carry this overhead, potentially reducing memory usage. * Testing: Static members can be easier to test since they do not require an instance of the class. This can simplify unit testing and reduce the amount of boilerplate code needed to set up tests.

Answer 39

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA. Let’s explain some concepts of this definition further. * Compact: Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast. * Self-contained: The payload contains all the required information about the user, to avoid querying the database more than once. ## Footnote http://auth0.com/learn/json-web-tokens

Answer 40

These are some scenarios where JSON Web Tokens are useful: * **Authentication**: This is the typical scenario for using JWT, once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used among systems of different domains. * **Information Exchange**: JWTs are a good way of securely transmitting information between parties, because as they can be signed, for example using a public/private key pair, you can be sure that the sender is who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn’t changed. ## Footnote https://auth0.com/learn/json-web-tokens

Answer 41

Assemblies are a collection of types and resources that are built to work together and form a logical unit of functionality. They usually compose of one or more compiled source code files or modules and therefore, they are considered the building blocks of C# applications.

Answer 42

SSL (Secure Sockets Layer) termination, also known as SSL offloading or decryption, is a process where encrypted SSL/TLS data traffic is decrypted at an intermediate point in a network, rather than at the destination server. This decryption is typically performed by a load balancer, proxy server, or other dedicated hardware.

Answer 43

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability. In order to better understand how a reverse proxy works and the benefits it can provide, let’s first define what a proxy server is. A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman.

Answer 44

They can be applied to a wide range of program elements, collectively known as "attribute targets." This flexibility allows developers to annotate various parts of their code with metadata that can influence behavior at compile-time or runtime. ## Footnote https://dev.to/rasheedmozaffar/introduction-to-attributes-in-c-21gn

Answer 45

``` private static void PrintAuthorInfo(System.Type t) { System.Console.WriteLine($"Author information for {t}"); // Using reflection. System.Attribute[] attrs = System.Attribute.GetCustomAttributes(t); // Reflection. // Displaying output. foreach (System.Attribute attr in attrs) { if (attr is AuthorAttribute a) { System.Console.WriteLine($" {a.GetName()}, version {a.Version:f}"); } } } static List GetDisplayNamesPropertyValues() { var typeProperties = typeof(T).GetProperties(); var output = new List(); foreach (var property in typeProperties) { var displayNameAttribute = property.GetCustomAttribute(); var displayName = displayNameAttribute is not null ? displayNameAttribute.DisplayName : property.Name; output.Add(displayName); } return output; } ``` [Attribute.GetCustomAttributes Method](https://learn.microsoft.com/en-us/dotnet/api/system.attribute.getcustomattributes?view=net-9.0) [CustomAttributeExtensions.GetCustomAttribute Method](https://learn.microsoft.com/en-us/dotnet/api/system.reflection.customattributeextensions.getcustomattribute?view=net-9.0) ## Footnote https://learn.microsoft.com/en-us/dotnet/csharp/advanced-topics/reflection-and-attributes/accessing-attributes-by-using-reflection https://dev.to/rasheedmozaffar/introduction-to-attributes-in-c-21gn

Answer 46

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-9.0

Answer 47

https://code-maze.com/csharp-mock-ioptions/ https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/options?view=aspnetcore-9.0 https://learn.microsoft.com/en-us/answers/questions/1275933/ioptions-interface-in-c

Software Engineer concepts Flashcards

(79 cards)