WSFederationAuthenticationModule.GetSignOutRedirectUrl Method

Reference

Definition

Namespace:: System.IdentityModel.Services

Assembly:: System.IdentityModel.Services.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Determines the URL to which to redirect when processing a WS-Federation sign-out clean-up request (wsignoutcleanup1.0) that contains a wreply parameter.

protected:
 virtual System::String ^ GetSignOutRedirectUrl(System::IdentityModel::Services::SignOutCleanupRequestMessage ^ signOutMessage);

protected virtual string GetSignOutRedirectUrl (System.IdentityModel.Services.SignOutCleanupRequestMessage signOutMessage);

abstract member GetSignOutRedirectUrl : System.IdentityModel.Services.SignOutCleanupRequestMessage -> string
override this.GetSignOutRedirectUrl : System.IdentityModel.Services.SignOutCleanupRequestMessage -> string

Protected Overridable Function GetSignOutRedirectUrl (signOutMessage As SignOutCleanupRequestMessage) As String

Parameters

signOutMessage: SignOutCleanupRequestMessage

The sign-out clean-up request.

Returns

String

The URL to redirect to.

Exceptions

ArgumentException

signOutMessage has a Reply property that is null or empty.

ArgumentNullException

signOutMessage is null.

Remarks

This method is called from the CanReadSignInResponse method in the request processing pipeline to determine the URL to redirect to after processing a WS-Federation sign-out clean-up request. It is only invoked if the message has a wreply parameter (the signOutMessage parameter has a Reply property that is neither null nor empty).

The default implementation validates the reply URL contained in the message (the SignOutCleanupRequestMessage.Reply property) against the address of the security token service (STS) that is specified by the Issuer property. The following conditions must be true for the reply URL to be valid:

The reply URL is an absolute URL.
The reply URL has the same scheme as the issuer.
The reply URL has the same port as the issuer.
Either the reply URL has the same host as the issuer or the reply URL specifies a sub-domain of the issuer.

If all of these conditions are true, the reply URL (Reply) is returned; otherwise, the URL specified by the Issuer property is returned.

Override this method to provide additional validation for the reply URL.

Applies to

Share via