示例#1
0
        /// <summary>
        /// If a user times out before attempting an action, the "ReturnUrl" query string
        /// parameter included in the sign-in page URL may need to be rewritten.
        /// This can be used to prevent the user being redirected with a GET to a POST-only action
        /// after they sign back in.
        /// </summary>
        public void ApplyReturnUrlMapping(CookieApplyRedirectContext context)
        {
            Uri currentUri            = new Uri(context.RedirectUri);
            var queryStringParameters = HttpUtility.ParseQueryString(currentUri.Query);

            string returnUrl = queryStringParameters["ReturnUrl"];

            if (returnUrlMapping.IsMapped(returnUrl))
            {
                returnUrl = returnUrlMapping.ApplyMap(returnUrl);

                if (returnUrl != null)
                {
                    queryStringParameters["ReturnUrl"] = returnUrl;
                }
                else
                {
                    queryStringParameters.Remove("ReturnUrl");
                }

                UriBuilder uriBuilder = new UriBuilder(currentUri);
                uriBuilder.Query    = queryStringParameters.ToString();
                context.RedirectUri = uriBuilder.Uri.ToString();
            }
        }
        public void ApplyReturnUrlMapping_ReturnUrlNotMapped_ReturnsRedirectUriUnchanged()
        {
            // Arrange
            CookieApplyRedirectContext context = A.Fake <CookieApplyRedirectContext>();

            context.RedirectUri = "https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1";

            IReturnUrlMapping mapping = A.Fake <IReturnUrlMapping>();

            A.CallTo(() => mapping.IsMapped("/mycontroller/myaction")).Returns(false);

            WeeeCookieAuthenticationProvider provider = new WeeeCookieAuthenticationProvider(mapping);

            // Act
            provider.ApplyReturnUrlMapping(context);

            // Assert
            Assert.Equal("https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1", context.RedirectUri);
        }
        public void ApplyReturnUrlMapping_ReturnUrlMappedToNull_ReturnsRedirectUriWithoutReturnUrl()
        {
            // Arrange
            CookieApplyRedirectContext context = A.Fake <CookieApplyRedirectContext>();

            context.RedirectUri = "https://weee.com/sign-in?ReturnUrl=%2fcontroller1%2faction1";

            IReturnUrlMapping mapping = A.Fake <IReturnUrlMapping>();

            A.CallTo(() => mapping.IsMapped("/controller1/action1")).Returns(true);
            A.CallTo(() => mapping.ApplyMap("/controller1/action1")).Returns(null);

            WeeeCookieAuthenticationProvider provider = new WeeeCookieAuthenticationProvider(mapping);

            // Act
            provider.ApplyReturnUrlMapping(context);

            // Assert
            Assert.Equal("https://weee.com/sign-in", context.RedirectUri);
        }