Exemple #1
0
        public async Task <URLContextService> SetUrl(String url)
        {
            this._url          = url;
            this._urlTrustType = URLTrustType.Unknown; // Assume we don't know / trust the return URL

            // check if we are in the AuthorizationRequest of an authorization request
            this._authorizationRequest = await _interaction.GetAuthorizationContextAsync(this.Url);

            if (this.AuthorizationRequest != null)
            {
                this._urlTrustType = URLTrustType.Known;  // It is at least a known / trusted URL

                // we can trust model.ReturnUrl since GetAuthorizationAuthorizationRequestAsync returned non-null
                if (await IsPkceClientAsync(this.AuthorizationRequest.ClientId))
                {
                    // if the client is PKCE then we assume it's native
                    this._urlTrustType = URLTrustType.Native;
                }
            }

            return(this);
        }
 public IActionResult HandleReturnUrl(URLTrustType urlTrust, String returnUrl, Boolean failIfUnknown = true)
 {
     if (urlTrust == URLTrustType.Native)
     {
         return(View("Redirect", new RedirectViewModel {
             RedirectUrl = returnUrl
         }));
     }
     else if (urlTrust == URLTrustType.Known)
     {
         return(Redirect(returnUrl));
     }
     else // URLTrust.Unknown
     {
         if (Url.IsLocalUrl(returnUrl))
         {
             return(Redirect(returnUrl));
         }
         else if (string.IsNullOrEmpty(returnUrl))
         {
             return(Redirect("~/"));
         }
         else
         {
             if (failIfUnknown)
             {
                 // user might have clicked on a malicious link - should be logged
                 throw new Exception("invalid return URL");
             }
             else
             {
                 // since we don't have a valid context, then we just go back to the home page
                 return(Redirect("~/"));
             }
         }
     }
 }