I'm using Url.IsLocalUrl
to check if the return URL passed to my authentication action is local or not. It works fine as long as there is no fragment in the URL. That is,
/t/test-team-3/tasks/lists/15
returns true, but /t/test-team-3/tasks#/lists/15
returns false.
What's the reasoning behind this? Is there some obscure security issue that could manifest itself in the fragment, or can I safely ignore the fragment when I'm checking if the URL is local?
This method internally calls the Uri.IsWellFormedUriString method. When you call this method on a relative URL containing a fragment it returns false. There is a bug on MS Connect which is closed with the by design reason.
When you use this method on an absolute URL (with a scheme like http/https) the method behaves as expected. I think the reason is that the Uri class is intended to work not only with HTTP URLs. When you don't specify the protocol (relative URL), a generic URL parser is used which doesn't allow fragments.
So I guess you have two possibilities:
http://foo.com/t/test-team-3/tasks#/lists/15
) because anyway if you are calling this method on a relative URL we can expect that it is a local URL.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With