public ActionResult RegisterViaFacebook(string signed_request)
{
var signedRequest = FacebookSignedRequest.Parse(AppSettingConfig.Current.FacebookApplicationSecret, signed_request);
string name = ((dynamic)signedRequest.Data).registration.name;
string nickname = ((dynamic)signedRequest.Data).registration.nickname;
string email = ((dynamic)signedRequest.Data).registration.email;
string password = ((dynamic)signedRequest.Data).registration.password ?? Guid.NewGuid().ToString();
var model = new RegisterModel()
{
Email = email,
Password = password,
UserName = nickname
};
model.ConfirmPassword = model.Password;
var validationContext = new ValidationContext(model, null, null);
var validationResults = new List <ValidationResult>();
if (!Validator.TryValidateObject(model, validationContext, validationResults, true))
{
foreach (var error in validationResults)
{
ModelState.AddModelError("", error.ErrorMessage);
}
}
return(Register(model));
}
public void ShouldThrowInvalidOperationException(string signedRequestWithMoreThanTwoDots)
{
string secret = "secret";
int maxAge = 3600;
double currentTime = 1297678642.8070507;
Assert.Throws <InvalidOperationException>(() => FacebookSignedRequest.TryParse(secret, signedRequestWithMoreThanTwoDots, maxAge, currentTime, true));
}
public void ShouldThrowInvalidOperationException()
{
var signedRequest = ".envelope_only";
string secret = "secret";
int maxAge = 3600;
double currentTime = 1297678642.8070507;
Assert.Throws <InvalidOperationException>(() => FacebookSignedRequest.TryParse(secret, signedRequest, maxAge, currentTime, true));
}
/// <summary>
/// Parses the signed_request sent by Facebook
/// </summary>
public static bool TryParseSignedRequest(string signedRequest, string secret, out FacebookSignedRequest parsedSignedRequest)
{
parsedSignedRequest = new FacebookSignedRequest();
try
{
parsedSignedRequest.OriginalSignedRequest = signedRequest;
string[] split = signedRequest.Split('.');
string encodedSig = split[0];
string encodedPayload = split[1];
string payload = Encoding.UTF8.GetString(Crypto.Base64.UrlDecodeBase64(split[1]));
parsedSignedRequest = JsonConvert.DeserializeObject <FacebookSignedRequest>(payload);
if (parsedSignedRequest.Algorithm != "HMAC-SHA256")
{
throw new Exception("Unknown algorithm. Expected HMAC-SHA256");
}
byte[] key = Encoding.UTF8.GetBytes(secret);
byte[] digest = Crypto.SHA256.ComputeHMACSHA256(Encoding.UTF8.GetBytes(encodedPayload), key);
if (!digest.SequenceEqual(Crypto.Base64.UrlDecodeBase64(encodedSig)))
{
string d = string.Empty;
foreach (var val in digest)
{
d += val;
}
string e = string.Empty;
foreach (var val in Crypto.Base64.UrlDecodeBase64(encodedSig))
{
e += val;
}
Log.Error("Authentication.TryParseSignedRequest", "Bad Signed JSON signature", string.Format("encodedSig : {0}, encodedPayload : {1}, key : {2} not equals to digest : {3}", encodedSig, encodedPayload, d, e));
throw new Exception("Bad Signed JSON signature");
}
Logger.Current.Debug("Authentication.TryParseSignedRequest", "Signature ok", signedRequest, secret);
return(true);
}
catch (Exception e)
{
Logger.Current.Error("Authentication.TryParseSignedRequest", "Invalid signed_request", e, signedRequest, secret);
}
return(false);
}
protected void Page_Load(object sender, EventArgs e)
{
FacebookApp fap = new FacebookApp();
fap.AppId = "************";
fap.AppSecret = "********************";
string requested_Data = Request.Form["signed_request"];
FacebookSignedRequest fsr = fap.ParseSignedRequest(requested_Data);
// string json = JsonConvert.SerializeObject(fsr.Dictionary, Formatting.Indented);
UserData ud = new UserData(fsr);
Response.Write(ud.name + "<br>");
Response.Write(ud.birthday + "<br>");
Response.Write(ud.country + "<br>");
Response.Write(ud.email + "<br>");
Response.Write(ud.gender + "<br>");
Response.Write(ud.location + "<br>");
Response.Write(ud.userId + "<br>");
}
public void ErrorMessageShouldBeInvalidSingedRequest(string signedRequestWithMoreThanTwoDots)
{
string secret = "secret";
int maxAge = 3600;
double currentTime = 1297678642.8070507;
Exception exception = null;
try
{
FacebookSignedRequest.TryParse(secret, signedRequestWithMoreThanTwoDots, maxAge, currentTime, true);
}
catch (InvalidOperationException ex)
{
exception = ex;
}
Assert.Equal(Properties.Resources.InvalidSignedRequest, exception.Message);
}
public FacebookContextSettings()
{
FacebookWebContext facebookContext = FacebookWebContext.Current;
IFacebookApplication settings;
FacebookSignedRequest signedRequest;
if (facebookContext.SignedRequest == null)
{
// ajax requests won't have a signed request, so we need to build it from the current http request
// see http://facebooksdk.codeplex.com/discussions/251878
settings = FacebookApplication.Current;
try
{
signedRequest = FacebookSignedRequest.Parse(settings, SignedRequest);
}
catch (Exception exception)
{
// Facebook posts to the iframe, but only IE supports this so the first request will always fail for non IE browsers
if (HttpContext.Current.Request.Browser.Browser.Contains("IE"))
{
throw;
}
// it doesn't break anything so we'll throw a custom exception so that we can filter it out later
InvalidSignedRequestException signedRequestException =
new InvalidSignedRequestException("Invalid SignedRequest - Non - IE (" + SignedRequest + ")", exception);
throw signedRequestException;
}
}
else
{
settings = facebookContext.Settings;
signedRequest = facebookContext.SignedRequest;
}
CanvasPage = settings.CanvasPage;
AccessToken = signedRequest.AccessToken;
AppId = settings.AppId;
UserId = signedRequest.UserId;
}
public void ErrorMessageShouldBeInvalidSingedRequest()
{
var signedRequest = "t63pZQ4Q3ZTHJt0hOsKrY2pb28xRlduW0pg4lL_Zhl4.eyJhbGdvcml0aG0iOiJBRVMtMjU2LUNCQyBITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI4NzYwMTk4OCwiaXYiOiJmRExKQ1cteWlYbXVOYTI0ZVNhckpnIiwicGF5bG9hZCI6IllHeW00cG9Rbk1UckVnaUFPa0ZUVkk4NWxsNVJ1VWlFbC1JZ3FmeFRPVEhRTkl2VlZJOFk4a1Z1T29lS2FXT2Vhc3NXRlRFdjBRZ183d0NDQkVlbjdsVUJCemxGSjFWNjNISjNBZjBTSW5nY3hXVEo3TDZZTGF0TW13WGdEQXZXbjVQc2ZxeldrNG1sOWg5RExuWXB0V0htREdMNmlCaU9oTjdXeUk3cDZvRXBWcmlGdUp3X2NoTG9QYjhhM3ZHRG5vVzhlMlN4eDA2QTJ4MnhraWFwdmcifQ";
string secret = "13750c9911fec5865d01f3bd00bdf4db";
int maxAge = 3600;
double currentTime = 1294741460;
Exception exception = null;
try
{
FacebookSignedRequest.TryParse(secret, signedRequest, maxAge, currentTime, true);
}
catch (InvalidOperationException ex)
{
exception = ex;
}
Assert.Equal(Properties.Resources.OldSignedRequest, exception.Message);
}
