Cookies Forbid now includes ReturnUrl

2015-11-04 13:54:37 -08:00 · 2015-11-04 13:54:37 -08:00 · dc6e916bd4
parent 238fdf24e8
commit dc6e916bd4
2 changed files with 8 additions and 8 deletions
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@ -327,14 +327,13 @@ namespace Microsoft.AspNet.Authentication.Cookies

        protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
        {
-            var accessDeniedUri =
-                Request.Scheme +
-                "://" +
-                Request.Host +
-                OriginalPathBase +
-                Options.AccessDeniedPath;
-
-            var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
+            var returnUrl = new AuthenticationProperties(context.Properties).RedirectUri;
+            if (string.IsNullOrEmpty(returnUrl))
+            {
+                returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
+            }
+            var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
+            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri));
            await Options.Events.RedirectToAccessDenied(redirectContext);
            return true;
        }
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@ -645,6 +645,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
            var location = transaction2.Response.Headers.Location;
            Assert.Equal("/Account/AccessDenied", location.LocalPath);
+            Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
        }

        [Theory]