C# (CSharp) Request.AbsoluteVirtualDirectoryPath Examples

Example #1

        public IntegratedAuthenticationModule(ILog log, IAuthCookieCreator tokenIssuer, IApiActionResponseCreator responseCreator, IWebPortalConfigurationStore webPortalConfigurationStore)
        {
            Get[DirectoryServicesConstants.ChallengePath] = c =>
            {
                if (Context.CurrentUser == null)
                {
                    return(responseCreator.Unauthorized(Request));
                }

                var principal   = (IOctopusPrincipal)Context.CurrentUser;
                var tokenCookie = tokenIssuer.CreateAuthCookie(Context, principal.IdentificationToken, false);

                var directoryPathResult = Request.AbsoluteVirtualDirectoryPath();
                if (!directoryPathResult.IsValid)
                {
                    return(responseCreator.BadRequest(directoryPathResult.InvalidReason));
                }

                var      whitelist = webPortalConfigurationStore.GetTrustedRedirectUrls();
                Response response;
                if (Request.Query["redirectTo"].HasValue && Requests.IsLocalUrl(directoryPathResult.Path, Request.Query["redirectTo"].Value, whitelist))
                {
                    var redirectLocation = Request.Query["redirectTo"].Value;
                    response = new RedirectResponse(redirectLocation).WithCookie(tokenCookie);
                }
                else
                {
                    log.WarnFormat("Prevented potential Open Redirection attack on an NTLM challenge from the local instance {0} to the non-local url {1}", directoryPathResult.Path, Request.Query["redirectTo"].Value);
                    response = new RedirectResponse(directoryPathResult.Path ?? "/").WithCookie(tokenCookie);
                }

                return(response);
            };
        }