private ActionResult Success([CanBeNull] string salt, [CanBeNull] string redirectUri)
{
if (salt == null || redirectUri == null)
{
return(RedirectToRoute("Default"));
}
var crypto = new ExternalCrypto(salt);
return(Redirect(crypto.Decrypt(redirectUri)));
}
public ActionResult Unauthorized()
{
if (User.Identity.IsAuthenticated)
{
return(View());
}
// Encryption prevents malicious redirects
var crypto = new ExternalCrypto();
var queryString = Request.Url?.Query;
return(new TransferResult("Index", "Login", new
{
area = "Account",
salt = crypto.Salt,
redirectUri = queryString != null && Request.IsLocal
? crypto.Encrypt(queryString.Substring(queryString.IndexOf(";", StringComparison.InvariantCulture) + 1))
: null
}));
}
