public async Task <IActionResult> Challenge(string provider, string returnUrl)
{
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = "~/";
}
// Validate returnUrl - either it is a valid OIDC URL or back to a local page.
if (Url.IsLocalUrl(returnUrl) == false && _interaction.IsValidReturnUrl(returnUrl) == false)
{
// User might have clicked on a malicious link - should be logged.
throw new Exception("Invalid return URL.");
}
if (AccountOptions.WindowsAuthenticationSchemeName == provider)
{
// Windows authentication needs special handling.
return(await ProcessWindowsLoginAsync(returnUrl));
}
var authenticationProperties = _signInManager.ConfigureExternalAuthenticationProperties(provider, Url.Action(nameof(Callback), new { returnUrl }));
authenticationProperties.Items.Add(nameof(returnUrl), returnUrl);
return(Challenge(authenticationProperties, provider));
}
public IActionResult Challenge(string provider, string returnUrl)
{
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = "~/";
}
// Validate returnUrl - either it is a valid OIDC URL or back to a local page.
if (Url.IsLocalUrl(returnUrl) == false && _interaction.IsValidReturnUrl(returnUrl) == false)
{
// User might have clicked on a malicious link - should be logged.
throw new Exception("Invalid return URL.");
}
var authenticationProperties = _signInManager.ConfigureExternalAuthenticationProperties(provider, Url.Action(nameof(Callback), new { returnUrl }));
authenticationProperties.Items.Add(nameof(returnUrl), returnUrl);
return(Challenge(authenticationProperties, provider));
}