private void OnLeave(object source, EventArgs eventArgs) { HttpApplication application = (HttpApplication)source; HttpContext context = application.Context; if ((_fAuthChecked && _fAuthRequired) && (((context.User != null) && (context.User.Identity != null)) && (context.User.Identity is PassportIdentity))) { PassportIdentity identity = (PassportIdentity)context.User.Identity; if ((context.Response.StatusCode == 0x191) && !identity.WWWAuthHeaderSet) { if (((_LoginUrl == null) || (_LoginUrl.Length < 1)) || (string.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0)) { context.Response.Clear(); context.Response.StatusCode = 200; if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context)) { string str = context.Request.Url.ToString(); int index = str.IndexOf('?'); if (index >= 0) { str = str.Substring(0, index); } string str2 = identity.LogoTag2(HttpUtility.UrlEncode(str, context.Request.ContentEncoding)); string s = System.Web.SR.GetString("PassportAuthFailed", new object[] { str2 }); context.Response.Write(s); } else { ErrorFormatter formatter = new PassportAuthFailedErrorFormatter(); context.Response.Write(formatter.GetAdaptiveErrorMessage(context, true)); } } else { string str7; string completeLoginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl); if ((completeLoginUrl == null) || (completeLoginUrl.Length <= 0)) { throw new HttpException(System.Web.SR.GetString("Invalid_Passport_Redirect_URL")); } string str5 = context.Request.Url.ToString(); if (completeLoginUrl.IndexOf('?') >= 0) { str7 = "&"; } else { str7 = "?"; } string url = completeLoginUrl + str7 + "ReturnUrl=" + HttpUtility.UrlEncode(str5, context.Request.ContentEncoding); int num2 = str5.IndexOf('?'); if ((num2 >= 0) && (num2 < (str5.Length - 1))) { url = url + "&" + str5.Substring(num2 + 1); } context.Response.Redirect(url, false); } } } }
private void OnLeave(object source, EventArgs eventArgs) { if (this._fOnEnterCalled) { this._fOnEnterCalled = false; } else { return; } HttpApplication application = (HttpApplication)source; HttpContext context = application.Context; if (context.Response.Cookies.GetNoCreate(FormsAuthentication.FormsCookieName) != null) { context.Response.Cache.SetCacheability(HttpCacheability.NoCache, "Set-Cookie"); } if (context.Response.StatusCode == 0x191) { string rawUrl = context.Request.RawUrl; if ((rawUrl.IndexOf("?ReturnUrl=", StringComparison.Ordinal) == -1) && (rawUrl.IndexOf("&ReturnUrl=", StringComparison.Ordinal) == -1)) { string str3; string strUrl = null; if (!string.IsNullOrEmpty(FormsAuthentication.LoginUrl)) { strUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl); } if ((strUrl == null) || (strUrl.Length <= 0)) { throw new HttpException(System.Web.SR.GetString("Auth_Invalid_Login_Url")); } CookielessHelperClass cookielessHelper = context.CookielessHelper; if (strUrl.IndexOf('?') >= 0) { str3 = FormsAuthentication.RemoveQueryStringVariableFromUrl(strUrl, "ReturnUrl") + "&ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding); } else { str3 = strUrl + "?ReturnUrl=" + HttpUtility.UrlEncode(rawUrl, context.Request.ContentEncoding); } int index = rawUrl.IndexOf('?'); if ((index >= 0) && (index < (rawUrl.Length - 1))) { str3 = str3 + "&" + rawUrl.Substring(index + 1); } cookielessHelper.SetCookieValue('F', null); cookielessHelper.RedirectWithDetectionIfRequired(str3, FormsAuthentication.CookieMode); context.Response.Redirect(str3, false); } } }
//////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// /// <devdoc> /// <para>[To be supplied.]</para> /// </devdoc> private void OnLeave(Object source, EventArgs eventArgs) { if (_fOnEnterCalled) { _fOnEnterCalled = false; } else { return; // no need to continue if we skipped OnEnter } HttpApplication app; HttpContext context; app = (HttpApplication)source; context = app.Context; //////////////////////////////////////////////////////////// // Step 1: Check if we are using cookie authentication and // if authentication failed if (context.Response.StatusCode != 401) { return; } //////////////////////////////////////////////////////////// // Change 401 to a redirect to login page // Don't do it if the redirect is suppressed for this response if (context.Response.SuppressFormsAuthenticationRedirect) { return; } // Don't do it if already there is ReturnUrl, already being redirected, // to avoid infinite redirection loop String strUrl = context.Request.RawUrl; if (strUrl.IndexOf("?" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1 || strUrl.IndexOf("&" + FormsAuthentication.ReturnUrlVar + "=", StringComparison.Ordinal) != -1) { return; } //////////////////////////////////////////////////////////// // Step 2: Get the complete url to the login-page String loginUrl = null; if (!String.IsNullOrEmpty(FormsAuthentication.LoginUrl)) { loginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, FormsAuthentication.LoginUrl); } //////////////////////////////////////////////////////////// // Step 3: Check if we have a valid url to the login-page if (loginUrl == null || loginUrl.Length <= 0) { throw new HttpException(SR.GetString(SR.Auth_Invalid_Login_Url)); } //////////////////////////////////////////////////////////// // Step 4: Construct the redirect-to url String strRedirect; int iIndex; CookielessHelperClass cookielessHelper; // if(context.Request.Browser["isMobileDevice"] == "true") { // //__redir=1 is marker for devices that post on redirect // if(strUrl.IndexOf("__redir=1") >= 0) { // strUrl = SanitizeUrlForCookieless(strUrl); // } // else { // if(strUrl.IndexOf('?') >= 0) // strSep = "&"; // else // strSep = "?"; // strUrl = SanitizeUrlForCookieless(strUrl + strSep + "__redir=1"); // } // } // Create the CookielessHelper class to rewrite the path, if needed. cookielessHelper = context.CookielessHelper; if (loginUrl.IndexOf('?') >= 0) { loginUrl = FormsAuthentication.RemoveQueryStringVariableFromUrl(loginUrl, FormsAuthentication.ReturnUrlVar); strRedirect = loginUrl + "&" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); } else { strRedirect = loginUrl + "?" + FormsAuthentication.ReturnUrlVar + "=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); } //////////////////////////////////////////////////////////// // Step 5: Add the query-string from the current url iIndex = strUrl.IndexOf('?'); if (iIndex >= 0 && iIndex < strUrl.Length - 1) { strRedirect += "&" + strUrl.Substring(iIndex + 1); } cookielessHelper.SetCookieValue('F', null); // remove old ticket if present cookielessHelper.RedirectWithDetectionIfRequired(strRedirect, FormsAuthentication.CookieMode); //////////////////////////////////////////////////////////// // Step 6: Do the redirect context.Response.Redirect(strRedirect, false); }
void OnLeave(Object source, EventArgs eventArgs) { HttpApplication app; HttpContext context; app = (HttpApplication)source; context = app.Context; if (!_fAuthChecked || !_fAuthRequired || context.User == null || context.User.Identity == null || !(context.User.Identity is PassportIdentity)) { return; } PassportIdentity id = (PassportIdentity)context.User.Identity; if (context.Response.StatusCode != 401 || id.WWWAuthHeaderSet) { return; } if (_LoginUrl == null || _LoginUrl.Length < 1 || String.Compare(_LoginUrl, "internal", StringComparison.Ordinal) == 0) { context.Response.Clear(); context.Response.StatusCode = 200; if (!ErrorFormatter.RequiresAdaptiveErrorReporting(context)) { String strUrl = context.Request.Url.ToString(); int iPos = strUrl.IndexOf('?'); if (iPos >= 0) { strUrl = strUrl.Substring(0, iPos); } String strLogoTag = id.LogoTag2(HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding)); String strMsg = SR.GetString(SR.PassportAuthFailed, strLogoTag); context.Response.Write(strMsg); } else { ErrorFormatter errorFormatter = new PassportAuthFailedErrorFormatter(); context.Response.Write(errorFormatter.GetAdaptiveErrorMessage(context, true)); } } else { //////////////////////////////////////////////////////////// // Step 1: Get the redirect url String redirectUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl); //////////////////////////////////////////////////////////// // Step 2: Check if we have a valid url to the redirect-page if (redirectUrl == null || redirectUrl.Length <= 0) { throw new HttpException(SR.GetString(SR.Invalid_Passport_Redirect_URL)); } //////////////////////////////////////////////////////////// // Step 3: Construct the redirect-to url String strUrl = context.Request.Url.ToString(); String strRedirect; int iIndex; String strSep; if (redirectUrl.IndexOf('?') >= 0) { strSep = "&"; } else { strSep = "?"; } strRedirect = redirectUrl + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); //////////////////////////////////////////////////////////// // Step 4: Add the query-string from the current url iIndex = strUrl.IndexOf('?'); if (iIndex >= 0 && iIndex < strUrl.Length - 1) { strRedirect += "&" + strUrl.Substring(iIndex + 1); } //////////////////////////////////////////////////////////// // Step 5: Do the redirect context.Response.Redirect(strRedirect, false); } }
//////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// /// <include file='doc\FormsAuthenticationModule.uex' path='docs/doc[@for="FormsAuthenticationModule.OnLeave"]/*' /> /// <devdoc> /// <para>[To be supplied.]</para> /// </devdoc> private void OnLeave(Object source, EventArgs eventArgs) { if (!_fAuthChecked || !_fAuthRequired) // not-checked means OnEnter was not called { return; } HttpApplication app; HttpContext context; app = (HttpApplication)source; context = app.Context; //////////////////////////////////////////////////////////// // Step 1: Check if we are using cookie authentication and // if authentication failed if (context.Response.StatusCode != 401) { return; } //////////////////////////////////////////////////////////// // Change 401 to a redirect to login page // Don't do it if already there is ReturnUrl, already being redirected, // to avoid infinite redirection loop if (context.Request.QueryString["ReturnUrl"] != null) { return; } //////////////////////////////////////////////////////////// // Step 2: Get the complete url to the login-page String loginUrl = null; if (_LoginUrl != null && _LoginUrl.Length > 0) { loginUrl = AuthenticationConfig.GetCompleteLoginUrl(context, _LoginUrl); } //////////////////////////////////////////////////////////// // Step 3: Check if we have a valid url to the login-page if (loginUrl == null || loginUrl.Length <= 0) { throw new HttpException(HttpRuntime.FormatResourceString(SR.Auth_Invalid_Login_Url)); } //////////////////////////////////////////////////////////// // Step 4: Construct the redirect-to url String strUrl = context.Request.PathWithQueryString; String strRedirect; int iIndex; String strSep; if (context.Request.Browser["isMobileDevice"] == "true") { //__redir=1 is marker for devices that post on redirect if (strUrl.IndexOf("__redir=1") >= 0) { strUrl = SanitizeUrlForCookieless(strUrl); } else { if (strUrl.IndexOf('?') >= 0) { strSep = "&"; } else { strSep = "?"; } strUrl = SanitizeUrlForCookieless(strUrl + strSep + "__redir=1"); } } if (loginUrl.IndexOf('?') >= 0) { strSep = "&"; } else { strSep = "?"; } strRedirect = loginUrl + strSep + "ReturnUrl=" + HttpUtility.UrlEncode(strUrl, context.Request.ContentEncoding); //////////////////////////////////////////////////////////// // Step 5: Add the query-string from the current url iIndex = strUrl.IndexOf('?'); if (iIndex >= 0 && iIndex < strUrl.Length - 1) { strRedirect += "&" + strUrl.Substring(iIndex + 1); } //////////////////////////////////////////////////////////// // Step 6: Do the redirect context.Response.Redirect(strRedirect, false); }