/// <summary>
/// If a user times out before attempting an action, the "ReturnUrl" query string
/// parameter included in the sign-in page URL may need to be rewritten.
/// This can be used to prevent the user being redirected with a GET to a POST-only action
/// after they sign back in.
/// </summary>
public void ApplyReturnUrlMapping(CookieApplyRedirectContext context)
{
Uri currentUri = new Uri(context.RedirectUri);
var queryStringParameters = HttpUtility.ParseQueryString(currentUri.Query);
string returnUrl = queryStringParameters["ReturnUrl"];
if (returnUrlMapping.IsMapped(returnUrl))
{
returnUrl = returnUrlMapping.ApplyMap(returnUrl);
if (returnUrl != null)
{
queryStringParameters["ReturnUrl"] = returnUrl;
}
else
{
queryStringParameters.Remove("ReturnUrl");
}
UriBuilder uriBuilder = new UriBuilder(currentUri);
uriBuilder.Query = queryStringParameters.ToString();
context.RedirectUri = uriBuilder.Uri.ToString();
}
}
public void ApplyReturnUrlMapping_ReturnUrlMappedToNull_ReturnsRedirectUriWithoutReturnUrl()
{
// Arrange
CookieApplyRedirectContext context = A.Fake <CookieApplyRedirectContext>();
context.RedirectUri = "https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1";
IReturnUrlMapping mapping = A.Fake <IReturnUrlMapping>();
A.CallTo(() => mapping.IsMapped("/controller1/action1")).Returns(true);
A.CallTo(() => mapping.ApplyMap("/controller1/action1")).Returns(null);
WeeeCookieAuthenticationProvider provider = new WeeeCookieAuthenticationProvider(mapping);
// Act
provider.ApplyReturnUrlMapping(context);
// Assert
Assert.Equal("https://weee.com/sign-in", context.RedirectUri);
}