/// <summary>
/// Gets ReturnURL set by administrator or taken from query string
/// </summary>
/// <returns>
/// ReturnURL to redirect or empty string
/// </returns>
protected string GetReturnURL(LoginFormViewModel input, HttpContextBase context)
{
string redirectUrl = string.Empty;
if (this.LoginRedirectPageId.HasValue)
{
//Get redirectUrl set by administrator. The value is not validated.
redirectUrl = this.GetPageUrl(this.LoginRedirectPageId);
}
else
{
//Get redirectUrl from query string parameter
string redirectUrlFromQS;
this.TryResolveUrlFromUrlReferrer(context, out redirectUrlFromQS);
if (!string.IsNullOrWhiteSpace(redirectUrlFromQS))
{
//validates whether the redirectUrl is allowed in the relying parties.
byte[] key;
if (SWTIssuer.TryGetRelyingPartyKey(redirectUrlFromQS, out key))
{
redirectUrl = redirectUrlFromQS;
}
}
}
return(redirectUrl);
}
public ActionResult Index(LoginFormViewModel model)
{
if (ModelState.IsValid)
{
model = this.Model.Authenticate(model, this.ControllerContext.HttpContext);
if (!model.IncorrectCredentials && !string.IsNullOrWhiteSpace(model.RedirectUrlAfterLogin))
{
return(this.Redirect(model.RedirectUrlAfterLogin));
}
else if (!model.IncorrectCredentials && this.Request.UrlReferrer != null)
{
var returnUrlFromQS = System.Web.HttpUtility.ParseQueryString(this.Request.UrlReferrer.Query)["ReturnUrl"];
if (!string.IsNullOrEmpty(returnUrlFromQS))
{
//validates whether the returnUrl is allowed in the relying parties.
SWTIssuer.GetRelyingPartyKey(returnUrlFromQS);
return(this.Redirect(returnUrlFromQS));
}
}
}
this.Model.InitializeLoginViewModel(model);
var fullTemplateName = this.loginFormTemplatePrefix + this.LoginFormTemplate;
return(this.View(fullTemplateName, model));
}
