private ActionResult Success([CanBeNull] string salt, [CanBeNull] string redirectUri) { if (salt == null || redirectUri == null) { return(RedirectToRoute("Default")); } var crypto = new ExternalCrypto(salt); return(Redirect(crypto.Decrypt(redirectUri))); }
public ActionResult Unauthorized() { if (User.Identity.IsAuthenticated) { return(View()); } // Encryption prevents malicious redirects var crypto = new ExternalCrypto(); var queryString = Request.Url?.Query; return(new TransferResult("Index", "Login", new { area = "Account", salt = crypto.Salt, redirectUri = queryString != null && Request.IsLocal ? crypto.Encrypt(queryString.Substring(queryString.IndexOf(";", StringComparison.InvariantCulture) + 1)) : null })); }