Beispiel #1
0
        /// <summary>
        /// IsFacebookAuthorized
        ///
        /// Checks the Facebook request objects to determine if Facebook has passed in
        /// a valid authorization request and the user has allowed app permissions.
        ///
        /// The signed_request POST object has a 2 part Base64Url token separated by
        /// a '.'. The first part contains the hash for the payload using the application
        /// secret to validate the request.  The second part contains the payload data.
        ///
        /// While the payload contains the hash algorithm, the HMACSHA256 is assumed to be
        /// the hash algorithm.
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        ///
        protected bool IsFacebookAuthorized(HttpContextBase httpContext)
        {
            String signedRequestUrl = GetSignedRequest(httpContext);

            if (!String.IsNullOrEmpty(signedRequestUrl))
            {
                JObject fbAuthorization = ValidateAndGetAuthorizationPayload(signedRequestUrl);
                String  fbUserId        = (String)fbAuthorization.SelectToken("user_id");
                if (!String.IsNullOrEmpty(fbUserId))
                {
                    String oAuthToken = (String)fbAuthorization.SelectToken("oauth_token");
                    Int32  expires    = (Int32)fbAuthorization.SelectToken("expires");
                    Int32  issued_at  = (Int32)fbAuthorization.SelectToken("issued_at");
                    FormsAuthenticationTicket ticket = CreateFormsTicket(fbUserId, oAuthToken, expires - issued_at);

                    FacebookConnection fb = new FacebookConnection(new System.Web.Security.FormsIdentity(ticket));
                    httpContext.User = fb.GetFacebookUser(ticket.Name);

                    return(true);
                }
            }

            // This must occur after the check for signedRequestUrl so different users can be checked first
            //
            if ((httpContext.User != null) && (httpContext.User.Identity.IsAuthenticated))
            {
                return(true);
            }

            return(false);
        }
Beispiel #2
0
        protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {
            if (HttpContext.Current.User != null)
            {
                if (HttpContext.Current.User.Identity.AuthenticationType == "Forms")
                {
                    System.Web.Security.FormsIdentity id     = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket         ticket = id.Ticket;

                    // Get Facebook information
                    //
                    Facebook.FacebookConnection fb = new Facebook.FacebookConnection(id);
                    HttpContext.Current.User = fb.GetFacebookUser(ticket.Name);
                }
            }
        }
Beispiel #3
0
        /// <summary>
        /// Authorize
        ///
        /// Required member of the IAuthorizationService provider returns true/false to indicate
        /// if user has been authorized
        /// </summary>
        /// <param name="httpContect"></param>
        /// <returns></returns>
        ///
        public bool Authorize(HttpContextBase httpContext)
        {
            if (!String.IsNullOrEmpty(RaceDayConfiguration.Instance.DebugUser))
            {
                FormsAuthenticationTicket         ticket = CreateFormsTicket(RaceDayConfiguration.Instance.DebugUser, "", Int32.MaxValue);
                System.Web.Security.FormsIdentity id     = new System.Web.Security.FormsIdentity(ticket);

                FacebookUser fbUser = FacebookUser.Create(id, null);
                fbUser.id         = ticket.Name;
                fbUser.first_name = "Johnny";
                fbUser.last_name  = "Test";
                fbUser.email      = "*****@*****.**";
                httpContext.User  = fbUser;

                return(true);
            }

            if (!String.IsNullOrEmpty(httpContext.Request.QueryString["code"]))
            {
                String redirectUrl = String.Concat(httpContext.Request.Url.Scheme, "://", httpContext.Request.Url.Host, (!httpContext.Request.Url.IsDefaultPort ? ":" + httpContext.Request.Url.Port : ""), httpContext.Request.Path);

                FacebookConnection fbObject = new FacebookConnection();
                fbObject.GetFacebookAccessToken(redirectUrl, httpContext.Request.QueryString["code"]);
                fbObject.GetFacebookUserId();

                FormsAuthenticationTicket         ticket = CreateFormsTicket(fbObject.user_id, fbObject.access_token, fbObject.token_expires);
                System.Web.Security.FormsIdentity id     = new System.Web.Security.FormsIdentity(ticket);

                FacebookConnection fb = new FacebookConnection(id);
                httpContext.User = fb.GetFacebookUser(ticket.Name);

                httpContext.Response.Redirect(httpContext.Request.Path);
                return(true);
            }

            return(IsFacebookAuthorized(httpContext));
        }