private void Application_EndRequest(Object source, EventArgs e) { HttpApplication application = (HttpApplication)source; HttpContext context = application.Context; if (context != null) { MobileRedirect.CheckForInvalidRedirection(context); } }
public static void RedirectFromLoginPage(String userName, bool createPersistentCookie, String strCookiePath) { // Disallow redirection to an absolute url. String requestReturnUrl = HttpContext.Current.Request["ReturnUrl"]; if (requestReturnUrl != null && requestReturnUrl.IndexOf(":") != -1) { throw new SecurityException(SR.GetString(SR.Security_ReturnUrlCannotBeAbsolute, requestReturnUrl)); } // GetRedirectUrl redirects to returnUrl if it exists, current app's default.aspx otherwise. String redirectUrl = FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie); Debug.Assert(redirectUrl == requestReturnUrl || requestReturnUrl == null); String updatedRedirectUrl = redirectUrl; String cookieName = FormsAuthentication.FormsCookieName; HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, strCookiePath); String strEncrypted = cookie.Value; int ticketLoc = redirectUrl.IndexOf(cookieName + "="); if (ticketLoc != -1) { updatedRedirectUrl = redirectUrl.Substring(0, ticketLoc); updatedRedirectUrl += cookieName + "=" + strEncrypted; int ampersandLoc = redirectUrl.IndexOf('&', ticketLoc); if (ampersandLoc != -1) { updatedRedirectUrl += redirectUrl.Substring(ampersandLoc); } } else { int loc = updatedRedirectUrl.IndexOf('?'); updatedRedirectUrl += (loc != -1) ? "&" : "?"; updatedRedirectUrl += cookieName + "=" + strEncrypted; } MobileRedirect.RedirectToUrl(HttpContext.Current, updatedRedirectUrl, true); }