private void Application_EndRequest(Object source, EventArgs e)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if (context != null)
{
MobileRedirect.CheckForInvalidRedirection(context);
}
}
public static void RedirectFromLoginPage(String userName, bool createPersistentCookie, String strCookiePath)
{
// Disallow redirection to an absolute url.
String requestReturnUrl = HttpContext.Current.Request["ReturnUrl"];
if (requestReturnUrl != null && requestReturnUrl.IndexOf(":") != -1)
{
throw new SecurityException(SR.GetString(SR.Security_ReturnUrlCannotBeAbsolute, requestReturnUrl));
}
// GetRedirectUrl redirects to returnUrl if it exists, current app's default.aspx otherwise.
String redirectUrl = FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie);
Debug.Assert(redirectUrl == requestReturnUrl || requestReturnUrl == null);
String updatedRedirectUrl = redirectUrl;
String cookieName = FormsAuthentication.FormsCookieName;
HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, strCookiePath);
String strEncrypted = cookie.Value;
int ticketLoc = redirectUrl.IndexOf(cookieName + "=");
if (ticketLoc != -1)
{
updatedRedirectUrl = redirectUrl.Substring(0, ticketLoc);
updatedRedirectUrl += cookieName + "=" + strEncrypted;
int ampersandLoc = redirectUrl.IndexOf('&', ticketLoc);
if (ampersandLoc != -1)
{
updatedRedirectUrl += redirectUrl.Substring(ampersandLoc);
}
}
else
{
int loc = updatedRedirectUrl.IndexOf('?');
updatedRedirectUrl += (loc != -1) ? "&" : "?";
updatedRedirectUrl += cookieName + "=" + strEncrypted;
}
MobileRedirect.RedirectToUrl(HttpContext.Current, updatedRedirectUrl, true);
}