public void LogOn_Post_ReturnsRedirectToHomeOnSuccess_WithExternalReturnUrl()
{
// Arrange
AccountController controller = GetAccountController();
LogOnModel model = new LogOnModel()
{
UserName = "someUser",
Password = "goodPassword",
RememberMe = false
};
// Act
ActionResult result = controller.LogOn(model, "http://malicious.example.net");
// Assert
Assert.IsInstanceOfType(result, typeof(RedirectToRouteResult));
RedirectToRouteResult redirectResult = (RedirectToRouteResult)result;
Assert.AreEqual("Home", redirectResult.RouteValues["controller"]);
Assert.AreEqual("Index", redirectResult.RouteValues["action"]);
Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignInWasCalled);
}