public virtual RedirectResult RemoveParameterAssociation(string returnUrl) { //prevent open redirection attack if (!Url.IsLocalUrl(returnUrl)) { returnUrl = Url.RouteUrl("Root"); } SocialAuthorizerHelper.RemoveParameters(); return(Redirect(returnUrl)); }
private ActionResult LoginInternal(string returnUrl, bool verifyResponse) { var viewModel = new LoginModel(); TryUpdateModel(viewModel); var result = _oAuthProviderFacebookAuthorizer.Authorize(returnUrl, verifyResponse); switch (result.AuthenticationStatus) { case OpenAuthenticationStatus.Error: { if (!result.Success) { foreach (var error in result.Errors) { SocialAuthorizerHelper.AddErrorsToDisplay(error); } } return(new RedirectResult(Url.LogOn(returnUrl))); } case OpenAuthenticationStatus.AssociateOnLogon: { return(new RedirectResult(Url.LogOn(returnUrl))); } default: break; } if (result.Result != null) { return(result.Result); } return(HttpContext.Request.IsAuthenticated ? new RedirectResult(!string.IsNullOrEmpty(returnUrl) ? returnUrl : "~/") : new RedirectResult(Url.LogOn(returnUrl))); }