I have an MVC web app where I'm redirecting in the Application_AuthenticateRequest in order to authenticate using this code:
string[] tokens = Regex.Split(url, "(returnurl=.*default.aspx)");
Response.Redirect(url.Replace(tokens[1], "r=/"));
It works fine on its own, but I need to host this app entirely within an iframe in customer sites. In an iframe this redirects the parent window, unless it's already authenicated (if it's authenticated it works). I'm relatively new to MS MVC so I'm sure this code is probably a little brute force. Happy to hear about a more "nuanced" approach.
Any ideas why this is happening, and how I can get it to stop redirecting the parent?