Cookies Forbid now includes ReturnUrl

This commit is contained in:
Hao Kung 2015-11-04 13:54:37 -08:00
parent 238fdf24e8
commit dc6e916bd4
2 changed files with 8 additions and 8 deletions

View File

@ -327,14 +327,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context) protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
{ {
var accessDeniedUri = var returnUrl = new AuthenticationProperties(context.Properties).RedirectUri;
Request.Scheme + if (string.IsNullOrEmpty(returnUrl))
"://" + {
Request.Host + returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
OriginalPathBase + }
Options.AccessDeniedPath; var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri));
var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
await Options.Events.RedirectToAccessDenied(redirectContext); await Options.Events.RedirectToAccessDenied(redirectContext);
return true; return true;
} }

View File

@ -645,6 +645,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode); Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
var location = transaction2.Response.Headers.Location; var location = transaction2.Response.Headers.Location;
Assert.Equal("/Account/AccessDenied", location.LocalPath); Assert.Equal("/Account/AccessDenied", location.LocalPath);
Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
} }
[Theory] [Theory]