I'm reading .NET4 sources (they can be downloaded for research freely) and I found something strange in the implementation of System.Web.Security.FormsAuthenticationModule
.
The class is declared like this:
public sealed class FormsAuthenticationModule : IHttpModule
where IHttpModule
has two methods - Init()
and Dispose()
.
Inside OnEnter()
there're these lines:
// Step 2: Call OnAuthenticate virtual method to create
// an IPrincipal for this request
OnAuthenticate( new FormsAuthenticationEventArgs(context) );
where OnAuthenticate()
is declared like this:
// OnAuthenticate: Forms Authentication modules can override
// this method to create a Forms IPrincipal object from
// a WindowsIdentity
private void OnAuthenticate(FormsAuthenticationEventArgs e) {
Now the class is sealed
, so it's impossible to inherit from. Also OnAuthenticate()
is not virtual
so I don't see how it could have been overridden anyway.
So it looks like these comments are just outdated and overriding OnAuthenticate()
is no longer possible.
Did I get anything wrong? Could this code possibly allow overriding OnAuthenticate()
?
It doesn't work. It's simply incorrect documentation. Not a first for MS. For example, I notified MS about this back in version 1.1 of the .NET Framework and here we are at 4.5 and there documentation is still totally misleading: http://msdn.microsoft.com/en-us/library/7he0a7s1.aspx
Notice the "Notes to Inheritors" section. How is someone supposed to derive a class from BindingManagerBase when it contains several internal abstract
properties and methods? And yet there are several places in the documentation for BindingManagerBase and CurrencyManager that have "Notes to Inheritors"...