protected void Page_Load(object sender, EventArgs e) { var url = HttpContext.Current.Request.Url; FacebookOAuthResult oauthResult; var oauthClient = new FacebookOAuthClient { AppId = AppId, AppSecret = AppSecret, RedirectUri = new Uri(_silverlightFacebookCallback) }; if (oauthClient.TryParseResult(url, out oauthResult)) { if (oauthResult.IsSuccess) { var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oauthResult.Code); AccessToken = result["access_token"].ToString(); } else { ErrorDescription = oauthResult.ErrorDescription; } Response.Cache.SetCacheability(HttpCacheability.NoCache); } else { Response.Redirect("~/"); } }
private void webBrowser1_Navigated(object sender, System.Windows.Navigation.NavigationEventArgs e) { string htmlstr = webBrowser1.SaveToString(); FacebookOAuthResult oauthResult; if (!_fbOAuth.TryParseResult(e.Uri, out oauthResult)) { return; } if (oauthResult.IsSuccess) { var accessToken = oauthResult.AccessToken; LoginSucceded(accessToken); } else { // user cancelled MessageBox.Show(oauthResult.ErrorDescription); } }
public void getFacebookAccessToken(Uri uri, Action <String, Exception> callback) { try { FacebookOAuthClient fboc = new FacebookOAuthClient(); FacebookOAuthResult oauthResult; if (!fboc.TryParseResult(uri, out oauthResult)) { callback(null, null); } else { if (oauthResult.IsSuccess) { _accessToken = oauthResult.AccessToken; if (callback != null) { callback(_accessToken, null); } } else { if (callback != null) { callback(null, new NetmeraException(NetmeraException.ErrorCode.EC_FB_ERROR, oauthResult.ErrorDescription)); } } } } catch (Exception) { if (callback != null) { callback(null, new NetmeraException(NetmeraException.ErrorCode.EC_FB_ERROR, "Error occured while getting facebook access token.")); } } }
public ActionResult FacebookCallback() { var oauthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = GetFacebookRedirectUri() }; FacebookOAuthResult oAuthResult; if (oauthClient.TryParseResult(Request.Url, out oAuthResult)) { if (oAuthResult.IsSuccess) { if (!string.IsNullOrWhiteSpace(oAuthResult.Code)) { string returnUrl = null; try { if (!string.IsNullOrWhiteSpace(oAuthResult.State)) { dynamic state = JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State))); if (!state.ContainsKey("csrf_token") || !ValidateFacebookCsrfToken(state.csrf_token)) { // someone tried to hack the site. return(RedirectToAction("Index", "Home")); } if (state.ContainsKey("return_url") && !string.IsNullOrWhiteSpace(state.return_url)) { returnUrl = Encoding.UTF8.GetString(Base64UrlDecode(oAuthResult.State)); } } } catch (Exception) { // catch incase user puts his own state, // Base64UrlDecode might throw exception if the value is not properly encoded. return(RedirectToAction("Index", "Home")); } try { var result = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code); ProcessSuccesfulFacebookCallback(result); // prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return(Redirect(returnUrl)); } else { return(RedirectToAction("Index", "Facebook")); } } catch (FacebookApiException) { // catch incase the user entered dummy code or the code expired. } } return(Redirect("~/")); } return(View("FacebookCallbackError", oAuthResult)); } return(Redirect("~/")); }
public ActionResult Callback() { var oauthClient = new FacebookOAuthClient(FacebookApplication.Current) { RedirectUri = GetFacebookRedirectUri() }; FacebookOAuthResult oAuthResult; if (oauthClient.TryParseResult(Request.Url, out oAuthResult)) { if (oAuthResult.IsSuccess) { if (!string.IsNullOrWhiteSpace(oAuthResult.Code)) { string returnUrl = ""; string domainName = null; string planName = null; string affiliate = null; var state = new CallbackState(); try { if (!string.IsNullOrWhiteSpace(oAuthResult.State)) { state = (CallbackState)JsonSerializer.Current.DeserializeObject(Encoding.UTF8.GetString(OAuthFacebook.Base64UrlDecode(oAuthResult.State)), typeof(CallbackState)); // TODO: at the moment only check if there is token. Hack Bug // we do this because for logins we are saving token in a separate domain if (!string.IsNullOrEmpty(state.csrf_token) && !ValidateFacebookCsrfToken(state.csrf_token)) { // someone tried to hack the site. return(RedirectToAction("Index", "Error")); } if (!string.IsNullOrEmpty(state.return_url)) { returnUrl = state.return_url; } if (!string.IsNullOrEmpty(state.domain_name)) { domainName = state.domain_name; } if (!string.IsNullOrEmpty(state.plan_name)) { planName = state.plan_name; } if (!string.IsNullOrEmpty(state.affiliate)) { affiliate = state.affiliate; } } } catch (Exception ex) { Syslog.Write(ex); // catch incase user puts his own state, // Base64UrlDecode might throw exception if the value is not properly encoded. return(RedirectToAction("Index", "Error")); } try { var token = (IDictionary <string, object>)oauthClient.ExchangeCodeForAccessToken(oAuthResult.Code); var token_key = (string)token["access_token"]; var token_expires = token.ContainsKey("expires") ? token["expires"].ToString() : ""; if (state.isRegistration && !string.IsNullOrEmpty(domainName)) { var errorMessage = ProcessSuccesfulFacebookRegistrationCallback(token, domainName, planName, affiliate); if (!string.IsNullOrEmpty(errorMessage)) { return(Redirect(ErrorHelper.CreateErrorPage(errorMessage, "/register/" + planName))); } } if (state.isLogin || state.isLink) { var returnUri = new Uri(returnUrl); var queryParameters = HttpUtility.ParseQueryString(returnUri.Query); queryParameters.Add("token", token_key); queryParameters.Add("expires", token_expires); returnUrl = string.Format("{0}://{1}{2}{3}", returnUri.Scheme, returnUri.Host, returnUri.LocalPath, queryParameters.ToQueryString(true)); } if (state.requestPageTokens && !string.IsNullOrEmpty(state.domain_name)) { // obtain any other account tokens var facebook = new FacebookService(token_key); var accounts = facebook.Account.GetAccountTokens("me"); if (accounts != null && accounts.data != null) { var domain = repository.GetSubDomains().SingleOrDefault(x => x.name == state.domain_name); if (domain != null) { foreach (var entry in accounts.data) { if (entry.name != null) { var ftoken = new facebook_token { pageid = entry.id, subdomainid = domain.id, accesstoken = entry.access_token, name = entry.name, category = entry.category, flags = (int)FacebookTokenSettings.NONE }; repository.AddUpdateFacebookToken(ftoken); } } } } } // save any changes repository.Save(); // prevent open redirection attacks. make sure the returnUrl is trusted before redirecting to it if (!string.IsNullOrWhiteSpace(returnUrl) && returnUrl.Contains(GeneralConstants.SUBDOMAIN_HOST)) { return(Redirect(returnUrl)); } } catch (FacebookApiException ex) { // catch incase the user entered dummy code or the code expired. Syslog.Write(ex); } } } else { switch (oAuthResult.ErrorReason) { // permission request denied case "user_denied": return(RedirectToAction("NoAuth", "Error")); default: Syslog.Write(string.Format("Unhandled Facebook OAUTH {0} - {1}", oAuthResult.ErrorReason, oAuthResult.ErrorDescription)); break; } } } return(RedirectToAction("Index", "Error")); }