I'm reading .NET4 sources (they can be downloaded for research freely) and I found something strange in the implementation of System.Web.Security.FormsAuthenticationModule.
The class is declared like this:
public sealed class FormsAuthenticationModule : IHttpModule
where IHttpModule has two methods - Init() and Dispose().
Inside OnEnter() there're these lines:
// Step 2: Call OnAuthenticate virtual method to create
// an IPrincipal for this request
OnAuthenticate( new FormsAuthenticationEventArgs(context) );
where OnAuthenticate() is declared like this:
// OnAuthenticate: Forms Authentication modules can override
// this method to create a Forms IPrincipal object from
// a WindowsIdentity
private void OnAuthenticate(FormsAuthenticationEventArgs e) {
Now the class is sealed, so it's impossible to inherit from. Also OnAuthenticate() is not virtual so I don't see how it could have been overridden anyway.
So it looks like these comments are just outdated and overriding OnAuthenticate() is no longer possible.
Did I get anything wrong? Could this code possibly allow overriding OnAuthenticate()?
It doesn't work. It's simply incorrect documentation. Not a first for MS. For example, I notified MS about this back in version 1.1 of the .NET Framework and here we are at 4.5 and there documentation is still totally misleading: http://msdn.microsoft.com/en-us/library/7he0a7s1.aspx
Notice the "Notes to Inheritors" section. How is someone supposed to derive a class from BindingManagerBase when it contains several internal abstract properties and methods? And yet there are several places in the documentation for BindingManagerBase and CurrencyManager that have "Notes to Inheritors"...