WSFederationAuthenticationModule.GetSignOutRedirectUrl Method

Definition

Determines the URL to which to redirect when processing a WS-Federation sign-out clean-up request (wsignoutcleanup1.0) that contains a wreply parameter.

protected:
 virtual System::String ^ GetSignOutRedirectUrl(System::IdentityModel::Services::SignOutCleanupRequestMessage ^ signOutMessage);
protected virtual string GetSignOutRedirectUrl (System.IdentityModel.Services.SignOutCleanupRequestMessage signOutMessage);
abstract member GetSignOutRedirectUrl : System.IdentityModel.Services.SignOutCleanupRequestMessage -> string
override this.GetSignOutRedirectUrl : System.IdentityModel.Services.SignOutCleanupRequestMessage -> string
Protected Overridable Function GetSignOutRedirectUrl (signOutMessage As SignOutCleanupRequestMessage) As String

Parameters

signOutMessage
SignOutCleanupRequestMessage

The sign-out clean-up request.

Returns

The URL to redirect to.

Exceptions

signOutMessage has a Reply property that is null or empty.

signOutMessage is null.

Remarks

This method is called from the CanReadSignInResponse method in the request processing pipeline to determine the URL to redirect to after processing a WS-Federation sign-out clean-up request. It is only invoked if the message has a wreply parameter (the signOutMessage parameter has a Reply property that is neither null nor empty).

The default implementation validates the reply URL contained in the message (the SignOutCleanupRequestMessage.Reply property) against the address of the security token service (STS) that is specified by the Issuer property. The following conditions must be true for the reply URL to be valid:

  1. The reply URL is an absolute URL.

  2. The reply URL has the same scheme as the issuer.

  3. The reply URL has the same port as the issuer.

  4. Either the reply URL has the same host as the issuer or the reply URL specifies a sub-domain of the issuer.

If all of these conditions are true, the reply URL (Reply) is returned; otherwise, the URL specified by the Issuer property is returned.

Override this method to provide additional validation for the reply URL.

Applies to