Example #1
0
        public ActionResult FacebookCallback(string code, string state)
        {
            if (string.IsNullOrWhiteSpace(code) || string.IsNullOrWhiteSpace(state))
            {
                return(RedirectToProcessFacebook());
            }

            // first validate the csrf token
            dynamic decodedState;

            try
            {
                decodedState = _fb.DeserializeJson(Encoding.UTF8.GetString(Convert.FromBase64String(state)), null);
                var exepectedCsrfToken = Session[SessionKeys.FbCsrfToken] as string;
                // make the fb_csrf_token invalid
                Session[SessionKeys.FbCsrfToken] = null;

                if (!(decodedState is IDictionary <string, object>) || !decodedState.ContainsKey("csrf") || string.IsNullOrWhiteSpace(exepectedCsrfToken) || exepectedCsrfToken != decodedState.csrf)
                {
                    return(RedirectToProcessFacebook());
                }
            }
            catch
            {
                // log exception
                return(RedirectToProcessFacebook());
            }

            try
            {
                dynamic result = _fb.Post("oauth/access_token",
                                          new
                {
                    client_id     = _settings.FacebookAppId,
                    client_secret = _settings.FacebookSecretKey,
                    redirect_uri  = FacebookCallbackUri,
                    code          = code
                });
                Session[SessionKeys.FbAccessToken] = result.access_token;
                if (result.ContainsKey("expires"))
                {
                    Session[SessionKeys.FbExpiresIn] = DateTime.Now.AddSeconds(result.expires);
                }

                if (decodedState.ContainsKey("returnUrl"))
                {
                    return(RedirectToProcessFacebook(decodedState.returnUrl));
                }

                return(RedirectToProcessFacebook());
            }
            catch
            {
                // log exception
                return(RedirectToProcessFacebook());
            }
        }
        public ActionResult FacebookCallback(string code, string state)
        {
            if (string.IsNullOrWhiteSpace(code) || string.IsNullOrWhiteSpace(state))
            {
                return(RedirectToAction("Index", "Home"));
            }

            // first validate the csrf token
            dynamic decodedState;

            try
            {
                decodedState = _fb.DeserializeJson(Encoding.UTF8.GetString(Convert.FromBase64String(state)), null);
                var exepectedCsrfToken = Session["fb_csrf_token"] as string;
                // make the fb_csrf_token invalid
                Session["fb_csrf_token"] = null;

                if (!(decodedState is IDictionary <string, object>) || !decodedState.ContainsKey("csrf") || string.IsNullOrWhiteSpace(exepectedCsrfToken) || exepectedCsrfToken != decodedState.csrf)
                {
                    return(RedirectToAction("Index", "Home"));
                }
            }
            catch
            {
                // log exception
                return(RedirectToAction("Index", "Home"));
            }

            try
            {
                dynamic result = _fb.Post("oauth/access_token",
                                          new
                {
                    client_id     = AppId,
                    client_secret = Appsecret,
                    redirect_uri  = _redirectUri,
                    code          = code
                });

                CurrentUser.Get().AccessToken = result.access_token;

                if (result.ContainsKey("expires"))
                {
                    Session["fb_expires_in"] = DateTime.Now.AddSeconds(result.expires);
                }

                if (decodedState.ContainsKey("returnUrl"))
                {
                    if (Url.IsLocalUrl(decodedState.returnUrl))
                    {
                        return(Redirect(decodedState.returnUrl));
                    }
                }

                return(RedirectToAction("Index", "Home"));
            }
            catch
            {
                // log exception
                return(RedirectToAction("Index", "Home"));
            }
        }