public ActionResult RegisterViaFacebook(string signed_request) { var signedRequest = FacebookSignedRequest.Parse(AppSettingConfig.Current.FacebookApplicationSecret, signed_request); string name = ((dynamic)signedRequest.Data).registration.name; string nickname = ((dynamic)signedRequest.Data).registration.nickname; string email = ((dynamic)signedRequest.Data).registration.email; string password = ((dynamic)signedRequest.Data).registration.password ?? Guid.NewGuid().ToString(); var model = new RegisterModel() { Email = email, Password = password, UserName = nickname }; model.ConfirmPassword = model.Password; var validationContext = new ValidationContext(model, null, null); var validationResults = new List <ValidationResult>(); if (!Validator.TryValidateObject(model, validationContext, validationResults, true)) { foreach (var error in validationResults) { ModelState.AddModelError("", error.ErrorMessage); } } return(Register(model)); }
public void ShouldThrowInvalidOperationException(string signedRequestWithMoreThanTwoDots) { string secret = "secret"; int maxAge = 3600; double currentTime = 1297678642.8070507; Assert.Throws <InvalidOperationException>(() => FacebookSignedRequest.TryParse(secret, signedRequestWithMoreThanTwoDots, maxAge, currentTime, true)); }
public void ShouldThrowInvalidOperationException() { var signedRequest = ".envelope_only"; string secret = "secret"; int maxAge = 3600; double currentTime = 1297678642.8070507; Assert.Throws <InvalidOperationException>(() => FacebookSignedRequest.TryParse(secret, signedRequest, maxAge, currentTime, true)); }
/// <summary> /// Parses the signed_request sent by Facebook /// </summary> public static bool TryParseSignedRequest(string signedRequest, string secret, out FacebookSignedRequest parsedSignedRequest) { parsedSignedRequest = new FacebookSignedRequest(); try { parsedSignedRequest.OriginalSignedRequest = signedRequest; string[] split = signedRequest.Split('.'); string encodedSig = split[0]; string encodedPayload = split[1]; string payload = Encoding.UTF8.GetString(Crypto.Base64.UrlDecodeBase64(split[1])); parsedSignedRequest = JsonConvert.DeserializeObject <FacebookSignedRequest>(payload); if (parsedSignedRequest.Algorithm != "HMAC-SHA256") { throw new Exception("Unknown algorithm. Expected HMAC-SHA256"); } byte[] key = Encoding.UTF8.GetBytes(secret); byte[] digest = Crypto.SHA256.ComputeHMACSHA256(Encoding.UTF8.GetBytes(encodedPayload), key); if (!digest.SequenceEqual(Crypto.Base64.UrlDecodeBase64(encodedSig))) { string d = string.Empty; foreach (var val in digest) { d += val; } string e = string.Empty; foreach (var val in Crypto.Base64.UrlDecodeBase64(encodedSig)) { e += val; } Log.Error("Authentication.TryParseSignedRequest", "Bad Signed JSON signature", string.Format("encodedSig : {0}, encodedPayload : {1}, key : {2} not equals to digest : {3}", encodedSig, encodedPayload, d, e)); throw new Exception("Bad Signed JSON signature"); } Logger.Current.Debug("Authentication.TryParseSignedRequest", "Signature ok", signedRequest, secret); return(true); } catch (Exception e) { Logger.Current.Error("Authentication.TryParseSignedRequest", "Invalid signed_request", e, signedRequest, secret); } return(false); }
protected void Page_Load(object sender, EventArgs e) { FacebookApp fap = new FacebookApp(); fap.AppId = "************"; fap.AppSecret = "********************"; string requested_Data = Request.Form["signed_request"]; FacebookSignedRequest fsr = fap.ParseSignedRequest(requested_Data); // string json = JsonConvert.SerializeObject(fsr.Dictionary, Formatting.Indented); UserData ud = new UserData(fsr); Response.Write(ud.name + "<br>"); Response.Write(ud.birthday + "<br>"); Response.Write(ud.country + "<br>"); Response.Write(ud.email + "<br>"); Response.Write(ud.gender + "<br>"); Response.Write(ud.location + "<br>"); Response.Write(ud.userId + "<br>"); }
public void ErrorMessageShouldBeInvalidSingedRequest(string signedRequestWithMoreThanTwoDots) { string secret = "secret"; int maxAge = 3600; double currentTime = 1297678642.8070507; Exception exception = null; try { FacebookSignedRequest.TryParse(secret, signedRequestWithMoreThanTwoDots, maxAge, currentTime, true); } catch (InvalidOperationException ex) { exception = ex; } Assert.Equal(Properties.Resources.InvalidSignedRequest, exception.Message); }
public FacebookContextSettings() { FacebookWebContext facebookContext = FacebookWebContext.Current; IFacebookApplication settings; FacebookSignedRequest signedRequest; if (facebookContext.SignedRequest == null) { // ajax requests won't have a signed request, so we need to build it from the current http request // see http://facebooksdk.codeplex.com/discussions/251878 settings = FacebookApplication.Current; try { signedRequest = FacebookSignedRequest.Parse(settings, SignedRequest); } catch (Exception exception) { // Facebook posts to the iframe, but only IE supports this so the first request will always fail for non IE browsers if (HttpContext.Current.Request.Browser.Browser.Contains("IE")) { throw; } // it doesn't break anything so we'll throw a custom exception so that we can filter it out later InvalidSignedRequestException signedRequestException = new InvalidSignedRequestException("Invalid SignedRequest - Non - IE (" + SignedRequest + ")", exception); throw signedRequestException; } } else { settings = facebookContext.Settings; signedRequest = facebookContext.SignedRequest; } CanvasPage = settings.CanvasPage; AccessToken = signedRequest.AccessToken; AppId = settings.AppId; UserId = signedRequest.UserId; }
public void ErrorMessageShouldBeInvalidSingedRequest() { var signedRequest = "t63pZQ4Q3ZTHJt0hOsKrY2pb28xRlduW0pg4lL_Zhl4.eyJhbGdvcml0aG0iOiJBRVMtMjU2LUNCQyBITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI4NzYwMTk4OCwiaXYiOiJmRExKQ1cteWlYbXVOYTI0ZVNhckpnIiwicGF5bG9hZCI6IllHeW00cG9Rbk1UckVnaUFPa0ZUVkk4NWxsNVJ1VWlFbC1JZ3FmeFRPVEhRTkl2VlZJOFk4a1Z1T29lS2FXT2Vhc3NXRlRFdjBRZ183d0NDQkVlbjdsVUJCemxGSjFWNjNISjNBZjBTSW5nY3hXVEo3TDZZTGF0TW13WGdEQXZXbjVQc2ZxeldrNG1sOWg5RExuWXB0V0htREdMNmlCaU9oTjdXeUk3cDZvRXBWcmlGdUp3X2NoTG9QYjhhM3ZHRG5vVzhlMlN4eDA2QTJ4MnhraWFwdmcifQ"; string secret = "13750c9911fec5865d01f3bd00bdf4db"; int maxAge = 3600; double currentTime = 1294741460; Exception exception = null; try { FacebookSignedRequest.TryParse(secret, signedRequest, maxAge, currentTime, true); } catch (InvalidOperationException ex) { exception = ex; } Assert.Equal(Properties.Resources.OldSignedRequest, exception.Message); }