protected void Page_Load(object sender, EventArgs e)
        {
            var url = HttpContext.Current.Request.Url;
            FacebookOAuthResult oauthResult;

            var oauthClient = new FacebookOAuthClient { AppId = AppId, AppSecret = AppSecret, RedirectUri = new Uri(_silverlightFacebookCallback) };

            if (oauthClient.TryParseResult(url, out oauthResult))
            {
                if (oauthResult.IsSuccess)
                {
                    var result = (IDictionary<string, object>)oauthClient.ExchangeCodeForAccessToken(oauthResult.Code);
                    AccessToken = result["access_token"].ToString();
                    Label1.Text = AccessToken;
                }
                else
                {
                    ErrorDescription = oauthResult.ErrorDescription;
                }

                Response.Cache.SetCacheability(HttpCacheability.NoCache);
            }
            else
            {
                Response.Redirect("~/");
            }
        }
Ejemplo n.º 2
0
        public ActionResult FacebookCallback()
        {
            var oauthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = GetFacebookRedirectUri() };

            FacebookOAuthResult oAuthResult;
            if (oauthClient.TryParseResult(Request.Url, out oAuthResult))
            {
                if (oAuthResult.IsSuccess)
                {
                    if (!string.IsNullOrWhiteSpace(oAuthResult.Code))
                    {
                        string returnUrl = null;
                        try
                        {
                            if (!string.IsNullOrWhiteSpace(oAuthResult.State))
                            {
                                dynamic state = JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State)));
                                if (!state.ContainsKey("csrf_token") || !ValidateFacebookCsrfToken(state.csrf_token))
                                {
                                    // someone tried to hack the site.
                                    return RedirectToAction("Index", "Home");
                                }

                                if (state.ContainsKey("return_url") && !string.IsNullOrWhiteSpace(state.return_url))
                                {
                                    returnUrl = Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State));
                                }
                            }
                        }
                        catch (Exception)
                        {
                            // catch incase user puts his own state, 
                            // Base64UrlDecode might throw exception if the value is not properly encoded.
                            return RedirectToAction("Index", "Home");
                        }

                        try
                        {
                            var result = (IDictionary<string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code);

                            ProcessSuccesfulFacebookCallback(result);

                            // prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it
                            if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                            {
                                return Redirect(returnUrl);
                            }
                            else
                            {
                                return RedirectToAction("Index", "Facebook");
                            }

                        }
                        catch (FacebookApiException)
                        {
                            // catch incase the user entered dummy code or the code expired.
                        }
                    }

                    return Redirect("~/");
                }

                return View("FacebookCallbackError", oAuthResult);
            }

            return Redirect("~/");
        }
        public FacebookAuthorizationModule(FacebookClient fb, FacebookOAuthClient fbOAuthClient, IAppUserMapper userMapper)
            : base("/facebook")
        {
            _fb = fb;
            _userMapper = userMapper;

            Get["/login"] = _ =>
                                {
                                    string returnUrl = Request.Query.returnUrl;

                                    dynamic parameters = new ExpandoObject();
                                    parameters.scope = ExtendedPermissions;
                                    parameters.state = Base64UrlEncode(Encoding.UTF8.GetBytes(
                                        JsonSerializer.Current.SerializeObject(new { return_url = returnUrl })));

                                    string loginUri = fbOAuthClient.GetLoginUrl(parameters).AbsoluteUri;
                                    return Response.AsRedirect(loginUri);
                                };

            Get["/login/callback"] = _ =>
                                         {
                                             FacebookOAuthResult oAuthResult;
                                             var requestUrl = Request.Url.Scheme + "://" + Request.Url.HostName + Request.Url.BasePath + Request.Url.Path + Request.Url.Query;
                                             if (fbOAuthClient.TryParseResult(requestUrl, out oAuthResult))
                                             {
                                                 if (oAuthResult.IsSuccess)
                                                 {
                                                     if (!string.IsNullOrWhiteSpace(oAuthResult.Code))
                                                     {
                                                         string returnUrl = null;
                                                         try
                                                         {
                                                             if (!string.IsNullOrWhiteSpace(oAuthResult.State))
                                                             {
                                                                 dynamic state = JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State)));
                                                                 if (state.ContainsKey("return_url") && !string.IsNullOrWhiteSpace(state.return_url))
                                                                     returnUrl = state.return_url;
                                                             }
                                                         }
                                                         catch (Exception ex)
                                                         {
                                                             // catch exception incase user puts custom state
                                                             // which contains invalid json or invalid base64 url encoding
                                                             return Response.AsRedirect("~/");
                                                         }

                                                         try
                                                         {
                                                             dynamic result = fbOAuthClient.ExchangeCodeForAccessToken(oAuthResult.Code);

                                                             DateTime expiresOn;
                                                             User user = ProcessSuccessfulFacebookCallback(result, out expiresOn);
                                                             if (user == null)
                                                                 return Response.AsRedirect("~/");

                                                             // todo: prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it

                                                             return this.LoginAndRedirect(user.Identifier, expiresOn, returnUrl);
                                                         }
                                                         catch (Exception ex)
                                                         {
                                                             // catch incase the user entered dummy code or the code expires
                                                             // or no internet access or any other errors
                                                         }
                                                     }
                                                     return Response.AsRedirect("~/");
                                                 }
                                                 return View["FacebookLoginCallbackError", oAuthResult];
                                             }
                                             return Response.AsRedirect("~/");
                                         };
        }