/// <summary>
/// Deny access to any application page without user acknowledgment.
/// </summary>
public override void OnAuthorization(AuthorizationContext filterContext)
{
var context = filterContext.HttpContext;
var request = filterContext.HttpContext.Request;
// force acknowledgement
if (request.Cookies[NoticeAndConsent] == null)
{
// redirect if return URL exists
if (context.Response.Cookies[ReturnUrl] == null ||
string.IsNullOrWhiteSpace(context.Response.Cookies[ReturnUrl].Value))
{
context.Response.SetCookie(
HttpCookieFactory.Create(
ReturnUrl,
request.Url.PathAndQuery,
secure: request.Url.Scheme.Equals("https")
)
);
}
// redirect to application home
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = ControllerName, action = ActionName })
);
}
}
public void Create_WithValueParameter_CookieSetsValue()
{
_cookie = HttpCookieFactory.Create(COOKIE_KEY, "my value");
CookieKeyExists();
Assert.Equal("my value", _cookie.Value);
}
public void Create_WithoutValueParameter_CookieValueIsNull()
{
_cookie = HttpCookieFactory.Create(COOKIE_KEY);
CookieKeyExists();
Assert.Null(_cookie.Value);
}
public void Create_WithHttpOnlyAndSecureParameters_SetProperties()
{
_cookie = HttpCookieFactory.Create(COOKIE_KEY, httpOnly: false, secure: false);
CookieKeyExists();
Assert.False(_cookie.HttpOnly);
Assert.False(_cookie.Secure);
}
public void Create_DefaultHttpOnlyAndSecureParameters_AreHttpOnlyAndSecure()
{
_cookie = HttpCookieFactory.Create(COOKIE_KEY);
CookieKeyExists();
Assert.True(_cookie.HttpOnly);
Assert.True(_cookie.Secure);
}
public void Create_WithWhiteSpaceNameParameter_Throws()
{
var exception = Assert.Throws <ArgumentNullException>(
() => HttpCookieFactory.Create(" ")
);
Assert.Equal(HttpCookieFactory.InvalidCreateParameter, exception.ParamName);
}
