public virtual RedirectResult RemoveParameterAssociation(string returnUrl)
{
//prevent open redirection attack
if (!Url.IsLocalUrl(returnUrl))
{
returnUrl = Url.RouteUrl("Root");
}
SocialAuthorizerHelper.RemoveParameters();
return(Redirect(returnUrl));
}
private ActionResult LoginInternal(string returnUrl, bool verifyResponse)
{
var viewModel = new LoginModel();
TryUpdateModel(viewModel);
var result = _oAuthProviderFacebookAuthorizer.Authorize(returnUrl, verifyResponse);
switch (result.AuthenticationStatus)
{
case OpenAuthenticationStatus.Error:
{
if (!result.Success)
{
foreach (var error in result.Errors)
{
SocialAuthorizerHelper.AddErrorsToDisplay(error);
}
}
return(new RedirectResult(Url.LogOn(returnUrl)));
}
case OpenAuthenticationStatus.AssociateOnLogon:
{
return(new RedirectResult(Url.LogOn(returnUrl)));
}
default:
break;
}
if (result.Result != null)
{
return(result.Result);
}
return(HttpContext.Request.IsAuthenticated ? new RedirectResult(!string.IsNullOrEmpty(returnUrl) ? returnUrl : "~/") : new RedirectResult(Url.LogOn(returnUrl)));
}
