private string GetContextFromRequest() { Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(this.Request.Url); var message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form); return(message != null ? message.Context : string.Empty); }
private string GetContextFromRequest() { Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(this.Request.Url); WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form); return(message != null && message.Context != null?Uri.UnescapeDataString(message.Context) : string.Empty); }
private static bool IsInvitationRequest(out Guid invitationNumber) { Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(HttpContext.Current.Request.Url); WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, HttpContext.Current.Request.Form); invitationNumber = Guid.Empty; if (message != null) { invitationNumber = message.Context.ToUpperInvariant().Contains(ConfigurationManager.AppSettings["UserAccountInvitationAction"].ToUpperInvariant()) ? new Guid(message.Context.Split('/').Last()) : Guid.Empty; } else { invitationNumber = requestBaseUrl.AbsolutePath.StartsWith(ConfigurationManager.AppSettings["UserAccountInvitationAction"], StringComparison.OrdinalIgnoreCase) ? new Guid(requestBaseUrl.AbsolutePath.Split('/').Last()) : Guid.Empty; } return(invitationNumber != Guid.Empty); }
// See http://social.technet.microsoft.com/wiki/contents/articles/1725.windows-identity-foundation-wif-a-potentially-dangerous-request-form-value-was-detected-from-the-client-wresult-t-requestsecurityto/history.aspx protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex) { validationFailureIndex = 0; if (requestValidationSource == RequestValidationSource.Form && !String.IsNullOrEmpty(collectionKey) && collectionKey.Equals(WSFederationConstants.Parameters.Result, StringComparison.Ordinal)) { var unvalidatedFormValues = GetUnvalidatedFormValues(context); SignInResponseMessage message = WSFederationMessage.CreateFromNameValueCollection(WSFederationMessage.GetBaseUrl(context.Request.Url), unvalidatedFormValues) as SignInResponseMessage; if (message != null) { return(true); } } return(base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex)); }