/// <summary> /// Gets ReturnURL set by administrator or taken from query string /// </summary> /// <returns> /// ReturnURL to redirect or empty string /// </returns> protected string GetReturnURL(LoginFormViewModel input, HttpContextBase context) { string redirectUrl = string.Empty; if (this.LoginRedirectPageId.HasValue) { //Get redirectUrl set by administrator. The value is not validated. redirectUrl = this.GetPageUrl(this.LoginRedirectPageId); } else { //Get redirectUrl from query string parameter string redirectUrlFromQS; this.TryResolveUrlFromUrlReferrer(context, out redirectUrlFromQS); if (!string.IsNullOrWhiteSpace(redirectUrlFromQS)) { //validates whether the redirectUrl is allowed in the relying parties. byte[] key; if (SWTIssuer.TryGetRelyingPartyKey(redirectUrlFromQS, out key)) { redirectUrl = redirectUrlFromQS; } } } return(redirectUrl); }
public ActionResult Index(LoginFormViewModel model) { if (ModelState.IsValid) { model = this.Model.Authenticate(model, this.ControllerContext.HttpContext); if (!model.IncorrectCredentials && !string.IsNullOrWhiteSpace(model.RedirectUrlAfterLogin)) { return(this.Redirect(model.RedirectUrlAfterLogin)); } else if (!model.IncorrectCredentials && this.Request.UrlReferrer != null) { var returnUrlFromQS = System.Web.HttpUtility.ParseQueryString(this.Request.UrlReferrer.Query)["ReturnUrl"]; if (!string.IsNullOrEmpty(returnUrlFromQS)) { //validates whether the returnUrl is allowed in the relying parties. SWTIssuer.GetRelyingPartyKey(returnUrlFromQS); return(this.Redirect(returnUrlFromQS)); } } } this.Model.InitializeLoginViewModel(model); var fullTemplateName = this.loginFormTemplatePrefix + this.LoginFormTemplate; return(this.View(fullTemplateName, model)); }