private string GetContextFromRequest()
        {
            Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(this.Request.Url);
            var message        = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form);

            return(message != null ? message.Context : string.Empty);
        }
Beispiel #2
0
        private string GetContextFromRequest()
        {
            Uri requestBaseUrl          = WSFederationMessage.GetBaseUrl(this.Request.Url);
            WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form);

            return(message != null && message.Context != null?Uri.UnescapeDataString(message.Context) : string.Empty);
        }
        private static bool IsInvitationRequest(out Guid invitationNumber)
        {
            Uri requestBaseUrl          = WSFederationMessage.GetBaseUrl(HttpContext.Current.Request.Url);
            WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, HttpContext.Current.Request.Form);

            invitationNumber = Guid.Empty;

            if (message != null)
            {
                invitationNumber = message.Context.ToUpperInvariant().Contains(ConfigurationManager.AppSettings["UserAccountInvitationAction"].ToUpperInvariant()) ?
                                   new Guid(message.Context.Split('/').Last()) :
                                   Guid.Empty;
            }
            else
            {
                invitationNumber = requestBaseUrl.AbsolutePath.StartsWith(ConfigurationManager.AppSettings["UserAccountInvitationAction"], StringComparison.OrdinalIgnoreCase) ?
                                   new Guid(requestBaseUrl.AbsolutePath.Split('/').Last()) :
                                   Guid.Empty;
            }

            return(invitationNumber != Guid.Empty);
        }
Beispiel #4
0
 // See http://social.technet.microsoft.com/wiki/contents/articles/1725.windows-identity-foundation-wif-a-potentially-dangerous-request-form-value-was-detected-from-the-client-wresult-t-requestsecurityto/history.aspx
 protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
 {
     validationFailureIndex = 0;
     if (requestValidationSource == RequestValidationSource.Form && !String.IsNullOrEmpty(collectionKey) && collectionKey.Equals(WSFederationConstants.Parameters.Result, StringComparison.Ordinal))
     {
         var unvalidatedFormValues     = GetUnvalidatedFormValues(context);
         SignInResponseMessage message = WSFederationMessage.CreateFromNameValueCollection(WSFederationMessage.GetBaseUrl(context.Request.Url), unvalidatedFormValues) as SignInResponseMessage;
         if (message != null)
         {
             return(true);
         }
     }
     return(base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex));
 }