/// <summary>
/// IsFacebookAuthorized
///
/// Checks the Facebook request objects to determine if Facebook has passed in
/// a valid authorization request and the user has allowed app permissions.
///
/// The signed_request POST object has a 2 part Base64Url token separated by
/// a '.'. The first part contains the hash for the payload using the application
/// secret to validate the request. The second part contains the payload data.
///
/// While the payload contains the hash algorithm, the HMACSHA256 is assumed to be
/// the hash algorithm.
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
///
protected bool IsFacebookAuthorized(HttpContextBase httpContext)
{
String signedRequestUrl = GetSignedRequest(httpContext);
if (!String.IsNullOrEmpty(signedRequestUrl))
{
JObject fbAuthorization = ValidateAndGetAuthorizationPayload(signedRequestUrl);
String fbUserId = (String)fbAuthorization.SelectToken("user_id");
if (!String.IsNullOrEmpty(fbUserId))
{
String oAuthToken = (String)fbAuthorization.SelectToken("oauth_token");
Int32 expires = (Int32)fbAuthorization.SelectToken("expires");
Int32 issued_at = (Int32)fbAuthorization.SelectToken("issued_at");
FormsAuthenticationTicket ticket = CreateFormsTicket(fbUserId, oAuthToken, expires - issued_at);
FacebookConnection fb = new FacebookConnection(new System.Web.Security.FormsIdentity(ticket));
httpContext.User = fb.GetFacebookUser(ticket.Name);
return(true);
}
}
// This must occur after the check for signedRequestUrl so different users can be checked first
//
if ((httpContext.User != null) && (httpContext.User.Identity.IsAuthenticated))
{
return(true);
}
return(false);
}
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.AuthenticationType == "Forms")
{
System.Web.Security.FormsIdentity id = (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
// Get Facebook information
//
Facebook.FacebookConnection fb = new Facebook.FacebookConnection(id);
HttpContext.Current.User = fb.GetFacebookUser(ticket.Name);
}
}
}
/// <summary>
/// Authorize
///
/// Required member of the IAuthorizationService provider returns true/false to indicate
/// if user has been authorized
/// </summary>
/// <param name="httpContect"></param>
/// <returns></returns>
///
public bool Authorize(HttpContextBase httpContext)
{
if (!String.IsNullOrEmpty(RaceDayConfiguration.Instance.DebugUser))
{
FormsAuthenticationTicket ticket = CreateFormsTicket(RaceDayConfiguration.Instance.DebugUser, "", Int32.MaxValue);
System.Web.Security.FormsIdentity id = new System.Web.Security.FormsIdentity(ticket);
FacebookUser fbUser = FacebookUser.Create(id, null);
fbUser.id = ticket.Name;
fbUser.first_name = "Johnny";
fbUser.last_name = "Test";
fbUser.email = "*****@*****.**";
httpContext.User = fbUser;
return(true);
}
if (!String.IsNullOrEmpty(httpContext.Request.QueryString["code"]))
{
String redirectUrl = String.Concat(httpContext.Request.Url.Scheme, "://", httpContext.Request.Url.Host, (!httpContext.Request.Url.IsDefaultPort ? ":" + httpContext.Request.Url.Port : ""), httpContext.Request.Path);
FacebookConnection fbObject = new FacebookConnection();
fbObject.GetFacebookAccessToken(redirectUrl, httpContext.Request.QueryString["code"]);
fbObject.GetFacebookUserId();
FormsAuthenticationTicket ticket = CreateFormsTicket(fbObject.user_id, fbObject.access_token, fbObject.token_expires);
System.Web.Security.FormsIdentity id = new System.Web.Security.FormsIdentity(ticket);
FacebookConnection fb = new FacebookConnection(id);
httpContext.User = fb.GetFacebookUser(ticket.Name);
httpContext.Response.Redirect(httpContext.Request.Path);
return(true);
}
return(IsFacebookAuthorized(httpContext));
}
