public async Task <IActionResult> Challenge(string provider, string returnUrl) { if (string.IsNullOrEmpty(returnUrl)) { returnUrl = "~/"; } // Validate returnUrl - either it is a valid OIDC URL or back to a local page. if (Url.IsLocalUrl(returnUrl) == false && _interaction.IsValidReturnUrl(returnUrl) == false) { // User might have clicked on a malicious link - should be logged. throw new Exception("Invalid return URL."); } if (AccountOptions.WindowsAuthenticationSchemeName == provider) { // Windows authentication needs special handling. return(await ProcessWindowsLoginAsync(returnUrl)); } var authenticationProperties = _signInManager.ConfigureExternalAuthenticationProperties(provider, Url.Action(nameof(Callback), new { returnUrl })); authenticationProperties.Items.Add(nameof(returnUrl), returnUrl); return(Challenge(authenticationProperties, provider)); }
public IActionResult Challenge(string provider, string returnUrl) { if (string.IsNullOrEmpty(returnUrl)) { returnUrl = "~/"; } // Validate returnUrl - either it is a valid OIDC URL or back to a local page. if (Url.IsLocalUrl(returnUrl) == false && _interaction.IsValidReturnUrl(returnUrl) == false) { // User might have clicked on a malicious link - should be logged. throw new Exception("Invalid return URL."); } var authenticationProperties = _signInManager.ConfigureExternalAuthenticationProperties(provider, Url.Action(nameof(Callback), new { returnUrl })); authenticationProperties.Items.Add(nameof(returnUrl), returnUrl); return(Challenge(authenticationProperties, provider)); }