protected void Page_Load(object sender, EventArgs e)
{
var url = HttpContext.Current.Request.Url;
FacebookOAuthResult oauthResult;
var oauthClient = new FacebookOAuthClient {
AppId = AppId, AppSecret = AppSecret, RedirectUri = new Uri(_silverlightFacebookCallback)
};
if (oauthClient.TryParseResult(url, out oauthResult))
{
if (oauthResult.IsSuccess)
{
var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oauthResult.Code);
AccessToken = result["access_token"].ToString();
}
else
{
ErrorDescription = oauthResult.ErrorDescription;
}
Response.Cache.SetCacheability(HttpCacheability.NoCache);
}
else
{
Response.Redirect("~/");
}
}
private void webBrowser1_Navigated(object sender, System.Windows.Navigation.NavigationEventArgs e)
{
string htmlstr = webBrowser1.SaveToString();
FacebookOAuthResult oauthResult;
if (!_fbOAuth.TryParseResult(e.Uri, out oauthResult))
{
return;
}
if (oauthResult.IsSuccess)
{
var accessToken = oauthResult.AccessToken;
LoginSucceded(accessToken);
}
else
{
// user cancelled
MessageBox.Show(oauthResult.ErrorDescription);
}
}
public void getFacebookAccessToken(Uri uri, Action <String, Exception> callback)
{
try
{
FacebookOAuthClient fboc = new FacebookOAuthClient();
FacebookOAuthResult oauthResult;
if (!fboc.TryParseResult(uri, out oauthResult))
{
callback(null, null);
}
else
{
if (oauthResult.IsSuccess)
{
_accessToken = oauthResult.AccessToken;
if (callback != null)
{
callback(_accessToken, null);
}
}
else
{
if (callback != null)
{
callback(null, new NetmeraException(NetmeraException.ErrorCode.EC_FB_ERROR, oauthResult.ErrorDescription));
}
}
}
}
catch (Exception)
{
if (callback != null)
{
callback(null, new NetmeraException(NetmeraException.ErrorCode.EC_FB_ERROR, "Error occured while getting facebook access token."));
}
}
}
public ActionResult FacebookCallback()
{
var oauthClient = new FacebookOAuthClient(FacebookApplication.Current)
{
RedirectUri = GetFacebookRedirectUri()
};
FacebookOAuthResult oAuthResult;
if (oauthClient.TryParseResult(Request.Url, out oAuthResult))
{
if (oAuthResult.IsSuccess)
{
if (!string.IsNullOrWhiteSpace(oAuthResult.Code))
{
string returnUrl = null;
try
{
if (!string.IsNullOrWhiteSpace(oAuthResult.State))
{
dynamic state = JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State)));
if (!state.ContainsKey("csrf_token") || !ValidateFacebookCsrfToken(state.csrf_token))
{
// someone tried to hack the site.
return(RedirectToAction("Index", "Home"));
}
if (state.ContainsKey("return_url") && !string.IsNullOrWhiteSpace(state.return_url))
{
returnUrl = Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State));
}
}
}
catch (Exception)
{
// catch incase user puts his own state,
// Base64UrlDecode might throw exception if the value is not properly encoded.
return(RedirectToAction("Index", "Home"));
}
try
{
var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code);
ProcessSuccesfulFacebookCallback(result);
// prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it
if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "Facebook"));
}
}
catch (FacebookApiException)
{
// catch incase the user entered dummy code or the code expired.
}
}
return(Redirect("~/"));
}
return(View("FacebookCallbackError", oAuthResult));
}
return(Redirect("~/"));
}
public ActionResult Callback()
{
var oauthClient = new FacebookOAuthClient(FacebookApplication.Current)
{
RedirectUri = GetFacebookRedirectUri()
};
FacebookOAuthResult oAuthResult;
if (oauthClient.TryParseResult(Request.Url, out oAuthResult))
{
if (oAuthResult.IsSuccess)
{
if (!string.IsNullOrWhiteSpace(oAuthResult.Code))
{
string returnUrl = "";
string domainName = null;
string planName = null;
string affiliate = null;
var state = new CallbackState();
try
{
if (!string.IsNullOrWhiteSpace(oAuthResult.State))
{
state = (CallbackState)JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(OAuthFacebook.Base64UrlDecode(oAuthResult.State)), typeof(CallbackState));
// TODO: at the moment only check if there is token. Hack Bug
// we do this because for logins we are saving token in a separate domain
if (!string.IsNullOrEmpty(state.csrf_token) && !ValidateFacebookCsrfToken(state.csrf_token))
{
// someone tried to hack the site.
return(RedirectToAction("Index", "Error"));
}
if (!string.IsNullOrEmpty(state.return_url))
{
returnUrl = state.return_url;
}
if (!string.IsNullOrEmpty(state.domain_name))
{
domainName = state.domain_name;
}
if (!string.IsNullOrEmpty(state.plan_name))
{
planName = state.plan_name;
}
if (!string.IsNullOrEmpty(state.affiliate))
{
affiliate = state.affiliate;
}
}
}
catch (Exception ex)
{
Syslog.Write(ex);
// catch incase user puts his own state,
// Base64UrlDecode might throw exception if the value is not properly encoded.
return(RedirectToAction("Index", "Error"));
}
try
{
var token = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code);
var token_key = (string)token["access_token"];
var token_expires = token.ContainsKey("expires") ? token["expires"].ToString() : "";
if (state.isRegistration && !string.IsNullOrEmpty(domainName))
{
var errorMessage = ProcessSuccesfulFacebookRegistrationCallback(token, domainName, planName, affiliate);
if (!string.IsNullOrEmpty(errorMessage))
{
return(Redirect(ErrorHelper.CreateErrorPage(errorMessage, "/register/" + planName)));
}
}
if (state.isLogin || state.isLink)
{
var returnUri = new Uri(returnUrl);
var queryParameters = HttpUtility.ParseQueryString(returnUri.Query);
queryParameters.Add("token", token_key);
queryParameters.Add("expires", token_expires);
returnUrl = string.Format("{0}://{1}{2}{3}", returnUri.Scheme, returnUri.Host, returnUri.LocalPath, queryParameters.ToQueryString(true));
}
if (state.requestPageTokens && !string.IsNullOrEmpty(state.domain_name))
{
// obtain any other account tokens
var facebook = new FacebookService(token_key);
var accounts = facebook.Account.GetAccountTokens("me");
if (accounts != null && accounts.data != null)
{
var domain =
repository.GetSubDomains().SingleOrDefault(x => x.name == state.domain_name);
if (domain != null)
{
foreach (var entry in accounts.data)
{
if (entry.name != null)
{
var ftoken = new facebook_token
{
pageid = entry.id,
subdomainid = domain.id,
accesstoken = entry.access_token,
name = entry.name,
category = entry.category,
flags = (int)FacebookTokenSettings.NONE
};
repository.AddUpdateFacebookToken(ftoken);
}
}
}
}
}
// save any changes
repository.Save();
// prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it
if (!string.IsNullOrWhiteSpace(returnUrl) && returnUrl.Contains(GeneralConstants.SUBDOMAIN_HOST))
{
return(Redirect(returnUrl));
}
}
catch (FacebookApiException ex)
{
// catch incase the user entered dummy code or the code expired.
Syslog.Write(ex);
}
}
}
else
{
switch (oAuthResult.ErrorReason)
{
// permission request denied
case "user_denied":
return(RedirectToAction("NoAuth", "Error"));
default:
Syslog.Write(string.Format("Unhandled Facebook OAUTH {0} - {1}", oAuthResult.ErrorReason, oAuthResult.ErrorDescription));
break;
}
}
}
return(RedirectToAction("Index", "Error"));
}
