private void OnLeave(object source, EventArgs eventArgs)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if ((_fAuthChecked && _fAuthRequired) && (((context.User != null) && (context.User.Identity != null)) && (context.User.Identity is PassportIdentity)))
{
PassportIdentity identity = (PassportIdentity)context.User.Identity;
if ((context.Response.StatusCode == 0x191) && !identity.WWWAuthHeaderSet)
{
if (((_LoginUrl == null) || (_LoginUrl.Length < 1)) || (string.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0))
{
context.Response.Clear();
context.Response.StatusCode = 200;
if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context))
{
string str = context.Request.Url.ToString();
int index = str.IndexOf('?');
if (index >= 0)
{
str = str.Substring(0, index);
}
string str2 = identity.LogoTag2(HttpUtility.UrlEncode(str, context.Request.ContentEncoding));
string s = System.Web.SR.GetString("PassportAuthFailed", new object[] { str2 });
context.Response.Write(s);
}
else
{
ErrorFormatter formatter = new PassportAuthFailedErrorFormatter();
context.Response.Write(formatter.GetAdaptiveErrorMessage(context, true));
}
}
else
{
string str7;
string completeLoginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl);
if ((completeLoginUrl == null) || (completeLoginUrl.Length <= 0))
{
throw new HttpException(System.Web.SR.GetString("Invalid_Passport_Redirect_URL"));
}
string str5 = context.Request.Url.ToString();
if (completeLoginUrl.IndexOf('?') >= 0)
{
str7 = "&";
}
else
{
str7 = "?";
}
string url = completeLoginUrl + str7 + "ReturnUrl=" + HttpUtility.UrlEncode(str5, context.Request.ContentEncoding);
int num2 = str5.IndexOf('?');
if ((num2 >= 0) && (num2 < (str5.Length - 1)))
{
url = url + "&" + str5.Substring(num2 + 1);
}
context.Response.Redirect(url, false);
}
}
}
}
private void OnLeave(object source, EventArgs eventArgs)
{
if (this._fOnEnterCalled)
{
this._fOnEnterCalled = false;
}
else
{
return;
}
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if (context.Response.Cookies.GetNoCreate(FormsAuthentication.FormsCookieName) != null)
{
context.Response.Cache.SetCacheability(HttpCacheability.NoCache, "Set-Cookie");
}
if (context.Response.StatusCode == 0x191)
{
string rawUrl = context.Request.RawUrl;
if ((rawUrl.IndexOf("?ReturnUrl=", StringComparison.Ordinal) == -1) && (rawUrl.IndexOf("&ReturnUrl=", StringComparison.Ordinal) == -1))
{
string str3;
string strUrl = null;
if (!string.IsNullOrEmpty(FormsAuthentication.LoginUrl))
{
strUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl);
}
if ((strUrl == null) || (strUrl.Length <= 0))
{
throw new HttpException(System.Web.SR.GetString("Auth_Invalid_Login_Url"));
}
CookielessHelperClass cookielessHelper = context.CookielessHelper;
if (strUrl.IndexOf('?') >= 0)
{
str3 = FormsAuthentication.RemoveQueryStringVariableFromUrl(strUrl, "ReturnUrl") + "&ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding);
}
else
{
str3 = strUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding);
}
int index = rawUrl.IndexOf('?');
if ((index >= 0) && (index < (rawUrl.Length - 1)))
{
str3 = str3 + "&" + rawUrl.Substring(index + 1);
}
cookielessHelper.SetCookieValue('F', null);
cookielessHelper.RedirectWithDetectionIfRequired(str3, FormsAuthentication.CookieMode);
context.Response.Redirect(str3, false);
}
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
private void OnLeave(Object source, EventArgs eventArgs)
{
if (_fOnEnterCalled)
{
_fOnEnterCalled = false;
}
else
{
return; // no need to continue if we skipped OnEnter
}
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
////////////////////////////////////////////////////////////
// Step 1: Check if we are using cookie authentication and
// if authentication failed
if (context.Response.StatusCode != 401)
{
return;
}
////////////////////////////////////////////////////////////
// Change 401 to a redirect to login page
// Don't do it if the redirect is suppressed for this response
if (context.Response.SuppressFormsAuthenticationRedirect)
{
return;
}
// Don't do it if already there is ReturnUrl, already being redirected,
// to avoid infinite redirection loop
String strUrl = context.Request.RawUrl;
if (strUrl.IndexOf("?" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1 ||
strUrl.IndexOf("&" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1)
{
return;
}
////////////////////////////////////////////////////////////
// Step 2: Get the complete url to the login-page
String loginUrl = null;
if (!String.IsNullOrEmpty(FormsAuthentication.LoginUrl))
{
loginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl);
}
////////////////////////////////////////////////////////////
// Step 3: Check if we have a valid url to the login-page
if (loginUrl == null || loginUrl.Length <= 0)
{
throw new HttpException(SR.GetString(SR.Auth_Invalid_Login_Url));
}
////////////////////////////////////////////////////////////
// Step 4: Construct the redirect-to url
String strRedirect;
int iIndex;
CookielessHelperClass cookielessHelper;
// if(context.Request.Browser["isMobileDevice"] == "true") {
// //__redir=1 is marker for devices that post on redirect
// if(strUrl.IndexOf("__redir=1") >= 0) {
// strUrl = SanitizeUrlForCookieless(strUrl);
// }
// else {
// if(strUrl.IndexOf('?') >= 0)
// strSep = "&";
// else
// strSep = "?";
// strUrl = SanitizeUrlForCookieless(strUrl + strSep + "__redir=1");
// }
// }
// Create the CookielessHelper class to rewrite the path, if needed.
cookielessHelper = context.CookielessHelper;
if (loginUrl.IndexOf('?') >= 0)
{
loginUrl = FormsAuthentication.RemoveQueryStringVariableFromUrl(loginUrl, FormsAuthentication.ReturnUrlVar);
strRedirect = loginUrl + "&" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
}
else
{
strRedirect = loginUrl + "?" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
}
////////////////////////////////////////////////////////////
// Step 5: Add the query-string from the current url
iIndex = strUrl.IndexOf('?');
if (iIndex >= 0 && iIndex < strUrl.Length - 1)
{
strRedirect += "&" + strUrl.Substring(iIndex + 1);
}
cookielessHelper.SetCookieValue('F', null); // remove old ticket if present
cookielessHelper.RedirectWithDetectionIfRequired(strRedirect, FormsAuthentication.CookieMode);
////////////////////////////////////////////////////////////
// Step 6: Do the redirect
context.Response.Redirect(strRedirect, false);
}
void OnLeave(Object source, EventArgs eventArgs)
{
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
if (!_fAuthChecked || !_fAuthRequired || context.User == null || context.User.Identity == null || !(context.User.Identity is PassportIdentity))
{
return;
}
PassportIdentity id = (PassportIdentity)context.User.Identity;
if (context.Response.StatusCode != 401 || id.WWWAuthHeaderSet)
{
return;
}
if (_LoginUrl == null || _LoginUrl.Length < 1 || String.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0)
{
context.Response.Clear();
context.Response.StatusCode = 200;
if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context))
{
String strUrl = context.Request.Url.ToString();
int iPos = strUrl.IndexOf('?');
if (iPos >= 0)
{
strUrl = strUrl.Substring(0, iPos);
}
String strLogoTag = id.LogoTag2(HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding));
String strMsg = SR.GetString(SR.PassportAuthFailed, strLogoTag);
context.Response.Write(strMsg);
}
else
{
ErrorFormatter errorFormatter = new PassportAuthFailedErrorFormatter();
context.Response.Write(errorFormatter.GetAdaptiveErrorMessage(context, true));
}
}
else
{
////////////////////////////////////////////////////////////
// Step 1: Get the redirect url
String redirectUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl);
////////////////////////////////////////////////////////////
// Step 2: Check if we have a valid url to the redirect-page
if (redirectUrl == null || redirectUrl.Length <= 0)
{
throw new HttpException(SR.GetString(SR.Invalid_Passport_Redirect_URL));
}
////////////////////////////////////////////////////////////
// Step 3: Construct the redirect-to url
String strUrl = context.Request.Url.ToString();
String strRedirect;
int iIndex;
String strSep;
if (redirectUrl.IndexOf('?') >= 0)
{
strSep = "&";
}
else
{
strSep = "?";
}
strRedirect = redirectUrl + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
////////////////////////////////////////////////////////////
// Step 4: Add the query-string from the current url
iIndex = strUrl.IndexOf('?');
if (iIndex >= 0 && iIndex < strUrl.Length - 1)
{
strRedirect += "&" + strUrl.Substring(iIndex + 1);
}
////////////////////////////////////////////////////////////
// Step 5: Do the redirect
context.Response.Redirect(strRedirect, false);
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
/// <include file='doc\FormsAuthenticationModule.uex' path='docs/doc[@for="FormsAuthenticationModule.OnLeave"]/*' />
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
private void OnLeave(Object source, EventArgs eventArgs)
{
if (!_fAuthChecked || !_fAuthRequired) // not-checked means OnEnter was not called
{
return;
}
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
////////////////////////////////////////////////////////////
// Step 1: Check if we are using cookie authentication and
// if authentication failed
if (context.Response.StatusCode != 401)
{
return;
}
////////////////////////////////////////////////////////////
// Change 401 to a redirect to login page
// Don't do it if already there is ReturnUrl, already being redirected,
// to avoid infinite redirection loop
if (context.Request.QueryString["ReturnUrl"] != null)
{
return;
}
////////////////////////////////////////////////////////////
// Step 2: Get the complete url to the login-page
String loginUrl = null;
if (_LoginUrl != null && _LoginUrl.Length > 0)
{
loginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl);
}
////////////////////////////////////////////////////////////
// Step 3: Check if we have a valid url to the login-page
if (loginUrl == null || loginUrl.Length <= 0)
{
throw new HttpException(HttpRuntime.FormatResourceString(SR.Auth_Invalid_Login_Url));
}
////////////////////////////////////////////////////////////
// Step 4: Construct the redirect-to url
String strUrl = context.Request.PathWithQueryString;
String strRedirect;
int iIndex;
String strSep;
if (context.Request.Browser["isMobileDevice"] == "true")
{
//__redir=1 is marker for devices that post on redirect
if (strUrl.IndexOf("__redir=1") >= 0)
{
strUrl = SanitizeUrlForCookieless(strUrl);
}
else
{
if (strUrl.IndexOf('?') >= 0)
{
strSep = "&";
}
else
{
strSep = "?";
}
strUrl = SanitizeUrlForCookieless(strUrl + strSep + "__redir=1");
}
}
if (loginUrl.IndexOf('?') >= 0)
{
strSep = "&";
}
else
{
strSep = "?";
}
strRedirect = loginUrl + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding);
////////////////////////////////////////////////////////////
// Step 5: Add the query-string from the current url
iIndex = strUrl.IndexOf('?');
if (iIndex >= 0 && iIndex < strUrl.Length - 1)
{
strRedirect += "&" + strUrl.Substring(iIndex + 1);
}
////////////////////////////////////////////////////////////
// Step 6: Do the redirect
context.Response.Redirect(strRedirect, false);
}
