web: Fix logon with ReturnUrl set.

When first accessing the RD Web site root, the client will be redirected several times and eventually end up at login.aspx with a ReturnUrl set. The page rewrote the ReturnUrl so that the actual query string used in the posted form targeted tokenform.aspx, but in this case login.aspx failed to set some session variables required by tokenform.aspx, so it would immediately redirect to logoff, and then you would end up at login.aspx again, this time without a ReturnUrl. A new attempt to login would work, because without the ReturnUrl set, the session parameter would be prepared properly. This is fixed by: * Don't rewrite the ReturnUrl before it's used in the form action attribute. This has the benefit that it preserves the true ReturnUrl through the whole login procedure. * After successful phase-1 authentication, if 2FA is active, login.aspx will now always set the required parameters and redirect to tokenform.aspx, regardless of any ReturnUrl. But if specified, it will be passed to along to tokenform.aspx. * After successful phase-2 authentication in tokenform.aspx, redirect to ReturnUrl if specified, instead of always forcing Default.aspx.
oskarb · Apr 24, 2016 · 3acf8df · 3acf8df
1 parent ed9728b
commit 3acf8df
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 28 deletions.
diff --git a/web/RDWeb/Pages/en-US/login.aspx b/web/RDWeb/Pages/en-US/login.aspx
@@ -121,18 +121,9 @@
             NameValueCollection objQueryString = Request.QueryString;
             if ( objQueryString["ReturnUrl"] != null )
             {
-                string strSmsToken = ConfigurationManager.AppSettings["SmsToken"];
-                if (strSmsToken == null || !(strSmsToken.Equals("true", StringComparison.CurrentCultureIgnoreCase)))
-                {
                     strReturnUrlPage = objQueryString["ReturnUrl"];
                     strReturnUrl = "?ReturnUrl=" + HttpUtility.UrlEncode(strReturnUrlPage);
                 }
-                else
-                {
-                    strReturnUrlPage = objQueryString["ReturnUrl"].ToLower();
-                    strReturnUrl = "?ReturnUrl=" + HttpUtility.UrlEncode(strReturnUrlPage.Replace("default.aspx", "tokenform.aspx")); 
-                }
-            }
             if ( objQueryString["Error"] != null )
             {
                 if ( objQueryString["Error"].Equals("WkSInUse", StringComparison.CurrentCultureIgnoreCase) )
@@ -305,26 +296,23 @@
 
         }
 
-        if (strRedirectSafeUrl == null)
+        string strSmsToken = ConfigurationManager.AppSettings["SmsToken"];
+        if (strSmsToken != null && strSmsToken.Equals("true", StringComparison.CurrentCultureIgnoreCase))
         {
-             string strSmsToken = ConfigurationManager.AppSettings["SmsToken"];
-             if (strSmsToken == null || !(strSmsToken.Equals("true", StringComparison.CurrentCultureIgnoreCase)))
-             {
-                 strRedirectSafeUrl = "default.aspx";
-             } else
-             {
-        
-                string UserPass = Request.Form["UserPass"];
-                string DomainUserName =Request.Form["DomainUserName"];
-                string Delivery =  Request.Form["rDelivery"];
-                Session["UserPass"] = UserPass;
-                Session["DomainUserName"]= DomainUserName;
-                Session["Delivery"] =  Delivery;
-                strRedirectSafeUrl = "tokenform.aspx";
-           
-            }
+            string UserPass = Request.Form["UserPass"];
+            string DomainUserName = Request.Form["DomainUserName"];
+            string Delivery =  Request.Form["rDelivery"];
+            Session["UserPass"] = UserPass;
+            Session["DomainUserName"] = DomainUserName;
+            Session["Delivery"] =  Delivery;
+            strRedirectSafeUrl = "tokenform.aspx" + strReturnUrl;
         }
-        Response.Redirect(strRedirectSafeUrl);       
+        else if (strRedirectSafeUrl == null)
+        {
+            strRedirectSafeUrl = "default.aspx";
+        }
+
+        Response.Redirect(strRedirectSafeUrl);
     }
 </script>
 <RDWAPage 

diff --git a/web/RDWeb/Pages/en-US/tokenform.aspx.cs b/web/RDWeb/Pages/en-US/tokenform.aspx.cs
@@ -1,6 +1,7 @@
 using System;
 using System.IO;
 using System.Collections.Generic;
+using System.Collections.Specialized;
 using System.Web;
 using System.Web.UI;
 using System.Web.UI.WebControls;
@@ -101,7 +102,16 @@ void onRadiusAccept(RADIUSPacket response){
         Response.Cookies.Add(myCookie);
 
         Session["SMSTOKEN"] = "SMS_AUTH";
-        SafeRedirect("default.aspx");
+
+        string strReturnUrlPage = "";
+        if (Request.QueryString != null)
+        {
+            NameValueCollection objQueryString = Request.QueryString;
+            if (objQueryString["ReturnUrl"] != null)
+                strReturnUrlPage = objQueryString["ReturnUrl"];
+        }
+
+        SafeRedirect(strReturnUrlPage);
     }
 
     void SafeRedirect(string strRedirectUrl){