5

I'm reading .NET4 sources (they can be downloaded for research freely) and I found something strange in the implementation of System.Web.Security.FormsAuthenticationModule.

The class is declared like this:

public sealed class FormsAuthenticationModule : IHttpModule

where IHttpModule has two methods - Init() and Dispose().

Inside OnEnter() there're these lines:

// Step 2: Call OnAuthenticate virtual method to create 
//    an IPrincipal for this request
OnAuthenticate( new FormsAuthenticationEventArgs(context) );

where OnAuthenticate() is declared like this:

// OnAuthenticate: Forms Authentication modules can override 
//             this method to create a Forms IPrincipal object from
//             a WindowsIdentity 
private void OnAuthenticate(FormsAuthenticationEventArgs e) {

Now the class is sealed, so it's impossible to inherit from. Also OnAuthenticate() is not virtual so I don't see how it could have been overridden anyway.

So it looks like these comments are just outdated and overriding OnAuthenticate() is no longer possible.

Did I get anything wrong? Could this code possibly allow overriding OnAuthenticate()?

sharptooth
  • 167,383
  • 100
  • 513
  • 979
  • AFAIU This class is sealed from the very [beginning](http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationmodule(v=vs.71).aspx) – default locale Mar 04 '13 at 12:06
  • 1
    From the name and params it follows that this is an ['event trigger'](http://stackoverflow.com/a/2448530/60761), they should normally be virtual. That of course conflicts with sealed. Worst case a class could subscribe to its own events. – H H Mar 04 '13 at 12:16

2 Answers2

1

It doesn't work. It's simply incorrect documentation. Not a first for MS. For example, I notified MS about this back in version 1.1 of the .NET Framework and here we are at 4.5 and there documentation is still totally misleading: http://msdn.microsoft.com/en-us/library/7he0a7s1.aspx

Notice the "Notes to Inheritors" section. How is someone supposed to derive a class from BindingManagerBase when it contains several internal abstract properties and methods? And yet there are several places in the documentation for BindingManagerBase and CurrencyManager that have "Notes to Inheritors"...

Pete
  • 6,585
  • 5
  • 43
  • 69
0

I know this is old, but the only way is to implement an FormsAuthenticate_OnAuthenticate event in your Global.asax. When you set e.Context.User to a value, it prevents the internal code from executing. It's a little clunky.

John Jardine
  • 1