private void Application_EndRequest(Object source, EventArgs e)
        {
            HttpApplication application = (HttpApplication)source;
            HttpContext     context     = application.Context;

            if (context != null)
            {
                MobileRedirect.CheckForInvalidRedirection(context);
            }
        }
Beispiel #2
0
        public static void RedirectFromLoginPage(String userName, bool createPersistentCookie, String strCookiePath)
        {
            // Disallow redirection to an absolute url.
            String requestReturnUrl = HttpContext.Current.Request["ReturnUrl"];

            if (requestReturnUrl != null && requestReturnUrl.IndexOf(":") != -1)
            {
                throw new SecurityException(SR.GetString(SR.Security_ReturnUrlCannotBeAbsolute, requestReturnUrl));
            }

            // GetRedirectUrl redirects to returnUrl if it exists, current app's default.aspx otherwise.
            String redirectUrl = FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie);

            Debug.Assert(redirectUrl == requestReturnUrl || requestReturnUrl == null);

            String     updatedRedirectUrl = redirectUrl;
            String     cookieName         = FormsAuthentication.FormsCookieName;
            HttpCookie cookie             = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, strCookiePath);
            String     strEncrypted       = cookie.Value;

            int ticketLoc = redirectUrl.IndexOf(cookieName + "=");

            if (ticketLoc != -1)
            {
                updatedRedirectUrl  = redirectUrl.Substring(0, ticketLoc);
                updatedRedirectUrl += cookieName + "=" + strEncrypted;
                int ampersandLoc = redirectUrl.IndexOf('&', ticketLoc);
                if (ampersandLoc != -1)
                {
                    updatedRedirectUrl += redirectUrl.Substring(ampersandLoc);
                }
            }
            else
            {
                int loc = updatedRedirectUrl.IndexOf('?');
                updatedRedirectUrl += (loc != -1) ? "&" : "?";
                updatedRedirectUrl += cookieName + "=" + strEncrypted;
            }
            MobileRedirect.RedirectToUrl(HttpContext.Current, updatedRedirectUrl, true);
        }