michaelhidalgo · October 27, 2015 22:30
diff --git a/ValidarURL.cs b/ValidarURL.cs
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Web;
 using System.Web.Routing;
 using System.Web.UI;
 using System.Web.UI.WebControls;
 using System.Xml.Linq;

 namespace WebApplication2
 {
    public partial class _Default : Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            var allowedDomains   = new String[] { "MySite.com" };
            var url             = "https://MySite.com/MySection/Home/ExtTransf?returnUrl=https://MySite.com/MySection/Transfers";
            var queryString     = new Uri(url).Query;
            var parsedParams    = System.Web.HttpUtility.ParseQueryString(queryString);


            if (parsedParams != null && parsedParams[0] != null)
            {
                var destinationUrl = parsedParams[0];

                if (!IsLocatToHost(destinationUrl))  //Es una URL absoluta y es necesario verificar el domiion
                {
                    if (IsAllowedDomain(destinationUrl, allowedDomains))
                    {
                        Response.Redirect(destinationUrl);
                    }
                    else //Reject URL
                    {
                        Response.Redirect("/login.aspx");
                    }
                }
                else
                {
                    Response.Redirect(destinationUrl);    
                }
            }
             
        }
        bool IsAllowedDomain (string url,string [] alloweDomains)
        {
            var builder = new UriBuilder(url);
            return alloweDomains.Contains(builder.Host, StringComparer.OrdinalIgnoreCase);

        }
        bool IsLocatToHost(string url)
        { 
            return !String.IsNullOrEmpty(url) &&
          ((url[0] == '/' && (url.Length == 1 ||
           (url[1] != '/' && url[1] != '\\'))) ||   // "/" or "/foo" but not "//" or "/\"
           (url.Length > 1 &&
            url[0] == '~' && url[1] == '/'));   // "~/" or "~/foo"
        }
    }
 }
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Web;
	using System.Web.Routing;
	using System.Web.UI;
	using System.Web.UI.WebControls;
	using System.Xml.Linq;

	namespace WebApplication2
	{
	public partial class _Default : Page
	{
	protected void Page_Load(object sender, EventArgs e)
	{
	var allowedDomains = new String[] { "MySite.com" };
	var url = "https://MySite.com/MySection/Home/ExtTransf?returnUrl=https://MySite.com/MySection/Transfers";
	var queryString = new Uri(url).Query;
	var parsedParams = System.Web.HttpUtility.ParseQueryString(queryString);


	if (parsedParams != null && parsedParams[0] != null)
	{
	var destinationUrl = parsedParams[0];

	if (!IsLocatToHost(destinationUrl)) //Es una URL absoluta y es necesario verificar el domiion
	{
	if (IsAllowedDomain(destinationUrl, allowedDomains))
	{
	Response.Redirect(destinationUrl);
	}
	else //Reject URL
	{
	Response.Redirect("/login.aspx");
	}
	}
	else
	{
	Response.Redirect(destinationUrl);
	}
	}

	}
	bool IsAllowedDomain (string url,string [] alloweDomains)
	{
	var builder = new UriBuilder(url);
	return alloweDomains.Contains(builder.Host, StringComparer.OrdinalIgnoreCase);

	}
	bool IsLocatToHost(string url)
	{
	return !String.IsNullOrEmpty(url) &&
	((url[0] == '/' && (url.Length == 1 \|\|
	(url[1] != '/' && url[1] != '\\'))) \|\| // "/" or "/foo" but not "//" or "/\"
	(url.Length > 1 &&
	url[0] == '~' && url[1] == '/')); // "~/" or "~/foo"
	}
	}
	}