public static void handleOAuthResult(HttpRequest request, int id) { FacebookOAuthResult oAuthResult; if (FacebookOAuthResult.TryParse(request.Url, out oAuthResult)) { if (oAuthResult.IsSuccess) { string code = request.Params["code"]; FacebookOAuthClient oAuthClient = new FacebookOAuthClient(FacebookApplication.Current); oAuthClient.RedirectUri = new Uri(redirectUrl + "/" + id + "/"); oAuthClient.AppId = ConfigurationManager.AppSettings["Facebook_API_Key"]; oAuthClient.AppSecret = ConfigurationManager.AppSettings["Facebook_API_Secret"]; dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code); string accessToken = tokenResult.access_token; FacebookClient facebookClient = new FacebookClient(accessToken); dynamic me = facebookClient.Get("me"); long facebookId = Convert.ToInt64(me.id); var facebookService = new FacebookService(); FacebookUser fbUser = facebookService.AddFacebookUser(facebookId, accessToken, me.name, me.gender); HttpContext.Current.Session["FBUser"] = fbUser; var _publishedArticleService = new PublishedArticleService(); var article = _publishedArticleService.GetPublishedArticle(id); System.Web.HttpContext.Current.Response.Redirect("/Blog/Details/" + article.headline.Replace(" ", "_") + "/" + article.articleId + "/"); } } }
protected void Page_Load(object sender, EventArgs e) { var url = HttpContext.Current.Request.Url; FacebookOAuthResult oauthResult; var oauthClient = new FacebookOAuthClient { AppId = AppId, AppSecret = AppSecret, RedirectUri = new Uri(_silverlightFacebookCallback) }; if (oauthClient.TryParseResult(url, out oauthResult)) { if (oauthResult.IsSuccess) { var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oauthResult.Code); AccessToken = result["access_token"].ToString(); } else { ErrorDescription = oauthResult.ErrorDescription; } Response.Cache.SetCacheability(HttpCacheability.NoCache); } else { Response.Redirect("~/"); } }
private Core.Entities.User AcceptFacebookOAuthToken(FacebookOAuthResult facebookOAuthResult) { Condition.Requires(facebookOAuthResult).IsNotNull(); // Grab the code. string code = facebookOAuthResult.Code; // Grab the access token. FacebookOAuthClient facebookOAuthClient = FacebookOAuthClient; dynamic result = facebookOAuthClient.ExchangeCodeForAccessToken(code); var oauthData = new OAuthData { OAuthProvider = OAuthProvider.Facebook, AccessToken = result.access_token, ExpiresOn = DateTime.UtcNow.AddSeconds(result.expires) }; // Now grab their info. var facebookWebClient = new FacebookWebClient(oauthData.AccessToken); dynamic facebookUser = facebookWebClient.Get("me"); oauthData.Id = facebookUser.id; // Not sure how to Inject an IUserService because it requires a Session .. which I don't have. var userService = new UserService(DocumentSession); // Now associate this facebook user to an existing user OR create a new one. return(userService.CreateOrUpdate(oauthData, facebookUser.username, facebookUser.name, facebookUser.email)); }
private string GetAccessToken(string code) { var cl = new FacebookOAuthClient(FacebookApplication); cl.RedirectUri = GenerateCallbackUri(); cl.AppId = FacebookApplication.AppId; cl.AppSecret = FacebookApplication.AppSecret; var dict = (JsonObject)cl.ExchangeCodeForAccessToken(code, new Dictionary <string, object> { { "permissions", "offline_access" } }); return(dict.Values.ElementAt(0).ToString()); }
public LoginProfile ProcessAuthoriztion(HttpContext context, IDictionary <string, string> @params) { var builder = new UriBuilder(context.Request.GetUrlRewriter()) { Query = "p=" + context.Request["p"] }; var oauth = new FacebookOAuthClient { AppId = KeyStorage.Get("facebookAppID"), AppSecret = KeyStorage.Get("facebookAppSecret"), RedirectUri = builder.Uri }; FacebookOAuthResult result; if (FacebookOAuthResult.TryParse(context.Request.GetUrlRewriter(), out result)) { if (result.IsSuccess) { var accessToken = (Facebook.JsonObject)oauth.ExchangeCodeForAccessToken(result.Code); var request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString((string)accessToken["access_token"])); using (var response = request.GetResponse()) { using (var responseStream = response.GetResponseStream()) { var graph = FacebookGraph.Deserialize(responseStream); var profile = ProfileFromFacebook(graph); return(profile); } } } return(LoginProfile.FromError(new Exception(result.ErrorReason))); } //Maybe we didn't query var extendedPermissions = new[] { "email", "user_about_me" }; var parameters = new Dictionary <string, object> { { "display", "popup" } }; if (extendedPermissions.Length > 0) { var scope = new StringBuilder(); scope.Append(string.Join(",", extendedPermissions)); parameters["scope"] = scope.ToString(); } var loginUrl = oauth.GetLoginUrl(parameters); context.Response.Redirect(loginUrl.ToString()); return(LoginProfile.FromError(new Exception("Failed to login with facebook"))); }
// // GET: /Account/OAuth/ public ActionResult OAuth(string code, string state) { FacebookOAuthResult oauthResult; if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult)) { if (oauthResult.IsSuccess) { var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = new Uri(RedirectUrl) }; dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code); string accessToken = tokenResult.access_token; var expiresOn = DateTime.MaxValue; if (tokenResult.ContainsKey("expires")) { DateTimeConvertor.FromUnixTime(tokenResult.expires); } var fbClient = new FacebookClient(accessToken); dynamic me = fbClient.Get("me?fields=id,name"); long facebookId = Convert.ToInt64(me.id); InMemoryUserStore.Add(new FacebookUser { AccessToken = accessToken, Expires = expiresOn, FacebookId = facebookId, Name = (string)me.name, }); FormsAuthentication.SetAuthCookie(facebookId.ToString(), false); // prevent open redirection attack by checking if the url is local. if (Url.IsLocalUrl(state)) { return(Redirect(state)); } else { return(RedirectToAction("Index", "Home")); } } } return(RedirectToAction("Index", "Home")); }
// // GET: /Account/OAuth/ public ActionResult OAuth(string code, string state) { FacebookOAuthResult oauthResult; if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult)) { if (oauthResult.IsSuccess) { string redirectUrl = "http://" + Request.Url.Host + "/Account/OAuth/"; var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current); oAuthClient.RedirectUri = new Uri(redirectUrl); dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code); string accessToken = tokenResult.access_token; DateTime expiresOn = DateTime.MaxValue; if (tokenResult.ContainsKey("expires")) { DateTimeConvertor.FromUnixTime(tokenResult.expires); } FacebookClient fbClient = new FacebookClient(accessToken); dynamic me = fbClient.Get("me?fields=id,name"); long facebookId = Convert.ToInt64(me.id); FormsAuthentication.SetAuthCookie(facebookId.ToString(), false); // prevent open redirection attack by checking if the url is local. if (Url.IsLocalUrl(state)) { return(Redirect(state)); } else { return(RedirectToAction("Index", "Home")); } } } return(RedirectToAction("Index", "Home")); }
/// <summary> /// Awaits permission of facebook user and will issue authenication cookie if successful. /// </summary> /// <param name="code">Facebook authorization code</param> /// <param name="state">Redirect url</param> private void ProcessOAuth(string code, string state) { FacebookOAuthResult oAuthResult; if (FacebookOAuthResult.TryParse(Request.Url, out oAuthResult) && oAuthResult.IsSuccess) { try { // create client to read response var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = new Uri(GetOAuthRedirectUrl()) }; oAuthClient.AppId = PageInstance.Site.FacebookAppId; oAuthClient.AppSecret = PageInstance.Site.FacebookAppSecret; dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code); string accessToken = tokenResult.access_token; FacebookClient fbClient = new FacebookClient(accessToken); dynamic me = fbClient.Get("me"); string facebookId = "FACEBOOK_" + me.id.ToString(); // query for matching id in the user table UserService userService = new UserService(); var user = userService.GetByUserName(facebookId); // if not user was found see if we can find a match in the person table if (user == null) { try { // determine if we can find a match and if so add an user login record // get properties from Facebook dynamic object string lastName = me.last_name.ToString(); string firstName = me.first_name.ToString(); string email = me.email.ToString(); var personService = new PersonService(); var person = personService.Queryable().FirstOrDefault(u => u.LastName == lastName && (u.GivenName == firstName || u.NickName == firstName) && u.Email == email); if (person != null) { // since we have the data enter the birthday from Facebook to the db if we don't have it yet DateTime birthdate = Convert.ToDateTime(me.birthday.ToString()); if (person.BirthDay == null) { person.BirthDate = birthdate; personService.Save(person, person.Id); } } else { person = new Person(); person.GivenName = me.first_name.ToString(); person.LastName = me.last_name.ToString(); person.Email = me.email.ToString(); if (me.gender.ToString() == "male") { person.Gender = Gender.Male; } if (me.gender.ToString() == "female") { person.Gender = Gender.Female; } person.BirthDate = Convert.ToDateTime(me.birthday.ToString()); personService.Add(person, null); personService.Save(person, null); } user = userService.Create(person, AuthenticationType.Facebook, facebookId, "fb", true, person.Id); } catch (Exception ex) { string msg = ex.Message; // TODO: probably should report something... } // TODO: Show label indicating inability to find user corresponding to facebook id } // update user record noting the login datetime user.LastLoginDate = DateTime.Now; user.LastActivityDate = DateTime.Now; userService.Save(user, user.PersonId); FormsAuthentication.SetAuthCookie(user.UserName, false); Session["UserIsAuthenticated"] = true; if (state != null) { Response.Redirect(state); } } catch (FacebookOAuthException oae) { string msg = oae.Message; // TODO: Add error handeling // Error validating verification code. (usually from wrong return url very picky with formatting) // Error validating client secret. // Error validating application. } } }
public LoginProfile ProcessAuthoriztion(HttpContext context, IDictionary<string, string> @params) { var builder = new UriBuilder(context.Request.GetUrlRewriter()) {Query = "p=" + context.Request["p"]}; var oauth = new FacebookOAuthClient { AppId = KeyStorage.Get("facebookAppID"), AppSecret = KeyStorage.Get("facebookAppSecret"), RedirectUri = builder.Uri }; FacebookOAuthResult result; if (FacebookOAuthResult.TryParse(context.Request.GetUrlRewriter(), out result)) { if (result.IsSuccess) { var accessToken = (Facebook.JsonObject)oauth.ExchangeCodeForAccessToken(result.Code); var request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString((string)accessToken["access_token"])); using (var response = request.GetResponse()) { using (var responseStream = response.GetResponseStream()) { var graph = FacebookGraph.Deserialize(responseStream); var profile = ProfileFromFacebook(graph); return profile; } } } return LoginProfile.FromError(new Exception(result.ErrorReason)); } //Maybe we didn't query var extendedPermissions = new[] { "email", "user_about_me" }; var parameters = new Dictionary<string, object> { { "display", "popup" } }; if (extendedPermissions.Length > 0) { var scope = new StringBuilder(); scope.Append(string.Join(",", extendedPermissions)); parameters["scope"] = scope.ToString(); } var loginUrl = oauth.GetLoginUrl(parameters); context.Response.Redirect(loginUrl.ToString()); return LoginProfile.FromError(new Exception("Failed to login with facebook")); //var client = new FacebookClient // { // ClientIdentifier = KeyStorage.Get("facebookAppID"), // ClientSecret = KeyStorage.Get("facebookAppSecret"), // }; //try //{ // IAuthorizationState authorization = client.ProcessUserAuthorization(new HttpRequestInfo(context.Request)); // if (authorization == null) // { // // Kick off authorization request // var scope = new List<string>() // { // "email,user_about_me", // }; // client.RequestUserAuthorization(scope, null, null); // } // else // { // var request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(authorization.AccessToken)); // using (var response = request.GetResponse()) // { // if (response != null) // using (var responseStream = response.GetResponseStream()) // { // var graph = FacebookGraph.Deserialize(responseStream); // var profile = ProfileFromFacebook(graph); // return profile; // } // } // } //} //catch (ProtocolException e) //{ // if (e.InnerException is WebException) // { // //Read stream // var responce = // new StreamReader((e.InnerException as WebException).Response.GetResponseStream()).ReadToEnd(); // } // throw; //} }
// // GET: /Account/OAuth/ public ActionResult OAuth(string code, string state) { FacebookOAuthResult oauthResult; if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult)) { if (oauthResult.IsSuccess) { var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current); oAuthClient.RedirectUri = new Uri(redirectUrl); dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code); string accessToken = tokenResult.access_token; DateTime expiresOn = DateTime.MaxValue; if (tokenResult.ContainsKey("expires")) { DateTimeConvertor.FromUnixTime(tokenResult.expires); } FacebookClient fbClient = new FacebookClient(accessToken); dynamic me = fbClient.Get("me?fields=id,name,email,birthday,gender"); long facebookId = Convert.ToInt64(me.id); InMemoryUserStore.Add(new FacebookUser { AccessToken = accessToken, Expires = expiresOn, FacebookId = facebookId, Name = (string)me.name, }); var user = Membership.GetUser(facebookId.ToString()); FormsAuthentication.SetAuthCookie(facebookId.ToString(), false); string format = "d"; CultureInfo provider = CultureInfo.InvariantCulture; DateTime birthday = new DateTime(); try { birthday = DateTime.ParseExact(me.birthday, format, provider); } catch { } if (user == null) { var u = Membership.CreateUser(facebookId.ToString(), Guid.NewGuid().ToString()); using (BestPlaceEntities db = new BestPlaceEntities()) { db.bp_Profile_Create((Guid)u.ProviderUserKey, facebookId.ToString(), (string)me.name, Transfer.GetPictureUrl(facebookId.ToString()), (string)me.email, null, birthday, ((string)me.gender == "male") ? true : false, null, null); } } else { using (BestPlaceEntities db = new BestPlaceEntities()) { db.bp_Profile_Update((Guid)user.ProviderUserKey, (string)me.name, (string)me.email, null, birthday, ((string)me.gender == "male") ? true : false, null, null); } } // prevent open redirection attack by checking if the url is local. if (Url.IsLocalUrl(state)) { return(Redirect(state)); } else { return(RedirectToAction("Index", "Home")); } } } return(RedirectToAction("Index", "Home")); }
public ActionResult FacebookCallback() { var oauthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = GetFacebookRedirectUri() }; FacebookOAuthResult oAuthResult; if (oauthClient.TryParseResult(Request.Url, out oAuthResult)) { if (oAuthResult.IsSuccess) { if (!string.IsNullOrWhiteSpace(oAuthResult.Code)) { string returnUrl = null; try { if (!string.IsNullOrWhiteSpace(oAuthResult.State)) { dynamic state = JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State))); if (!state.ContainsKey("csrf_token") || !ValidateFacebookCsrfToken(state.csrf_token)) { // someone tried to hack the site. return(RedirectToAction("Index", "Home")); } if (state.ContainsKey("return_url") && !string.IsNullOrWhiteSpace(state.return_url)) { returnUrl = Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State)); } } } catch (Exception) { // catch incase user puts his own state, // Base64UrlDecode might throw exception if the value is not properly encoded. return(RedirectToAction("Index", "Home")); } try { var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code); ProcessSuccesfulFacebookCallback(result); // prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return(Redirect(returnUrl)); } else { return(RedirectToAction("Index", "Facebook")); } } catch (FacebookApiException) { // catch incase the user entered dummy code or the code expired. } } return(Redirect("~/")); } return(View("FacebookCallbackError", oAuthResult)); } return(Redirect("~/")); }
public FacebookProfile Authenticate(HttpRequest request = null) { FacebookOAuthClient facebookOAuthClient = new FacebookOAuthClient { AppId = AppID, AppSecret = AppSecret, RedirectUri = RedirectUri }; Dictionary <string, object> oauthParams = new Dictionary <string, object> { { "redirect_uri", RedirectUri } }; FacebookAuthResult facebookAuthResult = SerilizationHelper.Deserialize <FacebookAuthResult>(facebookOAuthClient.ExchangeCodeForAccessToken(AuthCode, oauthParams).ToString()); Token = facebookAuthResult.access_token; FacebookClient facebookClient = new FacebookClient(Token); return(SerilizationHelper.Deserialize <FacebookProfile>(facebookClient.Get("/me").ToString())); }
public ActionResult Callback() { var oauthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = GetFacebookRedirectUri() }; FacebookOAuthResult oAuthResult; if (oauthClient.TryParseResult(Request.Url, out oAuthResult)) { if (oAuthResult.IsSuccess) { if (!string.IsNullOrWhiteSpace(oAuthResult.Code)) { string returnUrl = ""; string domainName = null; string planName = null; string affiliate = null; var state = new CallbackState(); try { if (!string.IsNullOrWhiteSpace(oAuthResult.State)) { state = (CallbackState)JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(OAuthFacebook.Base64UrlDecode(oAuthResult.State)), typeof(CallbackState)); // TODO: at the moment only check if there is token. Hack Bug // we do this because for logins we are saving token in a separate domain if (!string.IsNullOrEmpty(state.csrf_token) && !ValidateFacebookCsrfToken(state.csrf_token)) { // someone tried to hack the site. return(RedirectToAction("Index", "Error")); } if (!string.IsNullOrEmpty(state.return_url)) { returnUrl = state.return_url; } if (!string.IsNullOrEmpty(state.domain_name)) { domainName = state.domain_name; } if (!string.IsNullOrEmpty(state.plan_name)) { planName = state.plan_name; } if (!string.IsNullOrEmpty(state.affiliate)) { affiliate = state.affiliate; } } } catch (Exception ex) { Syslog.Write(ex); // catch incase user puts his own state, // Base64UrlDecode might throw exception if the value is not properly encoded. return(RedirectToAction("Index", "Error")); } try { var token = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code); var token_key = (string)token["access_token"]; var token_expires = token.ContainsKey("expires") ? token["expires"].ToString() : ""; if (state.isRegistration && !string.IsNullOrEmpty(domainName)) { var errorMessage = ProcessSuccesfulFacebookRegistrationCallback(token, domainName, planName, affiliate); if (!string.IsNullOrEmpty(errorMessage)) { return(Redirect(ErrorHelper.CreateErrorPage(errorMessage, "/register/" + planName))); } } if (state.isLogin || state.isLink) { var returnUri = new Uri(returnUrl); var queryParameters = HttpUtility.ParseQueryString(returnUri.Query); queryParameters.Add("token", token_key); queryParameters.Add("expires", token_expires); returnUrl = string.Format("{0}://{1}{2}{3}", returnUri.Scheme, returnUri.Host, returnUri.LocalPath, queryParameters.ToQueryString(true)); } if (state.requestPageTokens && !string.IsNullOrEmpty(state.domain_name)) { // obtain any other account tokens var facebook = new FacebookService(token_key); var accounts = facebook.Account.GetAccountTokens("me"); if (accounts != null && accounts.data != null) { var domain = repository.GetSubDomains().SingleOrDefault(x => x.name == state.domain_name); if (domain != null) { foreach (var entry in accounts.data) { if (entry.name != null) { var ftoken = new facebook_token { pageid = entry.id, subdomainid = domain.id, accesstoken = entry.access_token, name = entry.name, category = entry.category, flags = (int)FacebookTokenSettings.NONE }; repository.AddUpdateFacebookToken(ftoken); } } } } } // save any changes repository.Save(); // prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it if (!string.IsNullOrWhiteSpace(returnUrl) && returnUrl.Contains(GeneralConstants.SUBDOMAIN_HOST)) { return(Redirect(returnUrl)); } } catch (FacebookApiException ex) { // catch incase the user entered dummy code or the code expired. Syslog.Write(ex); } } } else { switch (oAuthResult.ErrorReason) { // permission request denied case "user_denied": return(RedirectToAction("NoAuth", "Error")); default: Syslog.Write(string.Format("Unhandled Facebook OAUTH {0} - {1}", oAuthResult.ErrorReason, oAuthResult.ErrorDescription)); break; } } } return(RedirectToAction("Index", "Error")); }