Assemblies are made up of IL code modules and the metadata that describes them. Although programs may be compiled via an IDE or the command line, in fact, they are simply translated into IL, not machine code. The actual machine code is not generated until the function that requires it is called.

This is the justintime, or JIT, compilation feature of .NET. JIT compilation happens at runtime for a variety of reasons, one of the most ambitious being Microsoft’s desire for crossplatform
.NET adoption. If a CLR is built for another operating system (UNIX or Mac), the same assemblies will run in addition to the Microsoft platforms. The hope is that .NET assemblies are writeoncerunanywhere applications. This is a .NET feature that works behindthescenes, ensuring that developers are not limited to writing applications for one single line of products. No one has demonstrated whether or not this promise will ever truly materialize.

CTS/CLS

The MSIL Instruction Set Specification is included with the .NET SDK, along with the IL Assembly Language Programmers Reference. If a developer wants to write custom .NET programming languages, these are the necessary specifications and syntax. The CTS and CLS define the types and syntaxes that every .NET language needs to embrace. An application may not expose these features, but it must consider them when communicating through IL.

ASP.NET Authentication Providers and IIS Security

ASP.NET implements authentication using authentication providers, which are code modules that verify credentials and implement other security functionality such as cookie generation. ASP.NET supports the following three authentication providers:

Forms Authentication: Using this provider causes unauthenticated requests to be redirected to a specified HTML form using client side redirection. The user can then supply logon credentials, and post the form back to the server. If the application authenticates the request (using applicationspecific logic), ASP.NET issues a cookie that contains the credentials or a key for reacquiring the client identity. Subsequent requests are issued with the cookie in the request headers, which means that subsequent authentications are unnecessary.

Passport Authentication: This is a centralized authentication service provided by Microsoft that offers a single logon facility and membership services for participating sites. ASP.NET, in conjunction with the Microsoft® Passport software development kit (SDK), provides similar functionality as Forms Authentication to Passport users.

Windows Authentication: This provider utilizes the authentication capabilities of IIS. After IIS completes its authentication, ASP.NET uses the authenticated identity’s token to authorize access.

To enable a specified authentication provider for an ASP.NET application, you must create an entry in the application’s configuration file as follows:
// web.config file