} // fb_sig_country
protected FacebookPostCallback(IDictionary <string, string> vars)
{
ApiKey = vars["fb_sig_api_key"];
AppId = vars["fb_sig_app_id"];
RequestedAt = vars["fb_sig_time"];
UserId = vars["fb_sig_user"];
LinkedAccountIds = (List <string>)FacebookUtils.FromJson(vars["fb_sig_linked_account_id"])["array"];
UsingNewFacebook = Convert.ToBoolean(vars["fb_sig_in_new_facebook"]);
Country = vars["fb_sig_country"];
}
/// <summary>
/// Validates facebook signed_request using the applicationSecret.
/// </summary>
/// <param name="signedRequest">
/// The signed request.
/// </param>
/// <param name="applicationSecret">
/// The application secret.
/// </param>
/// <param name="jsonObject">
/// The json object if validation passes, else null.
/// </param>
/// <returns>
/// Returns true if validation passes, else false.
/// </returns>
public static bool ValidateSignedRequest(string signedRequest, string applicationSecret, out IDictionary <string, object> jsonObject)
{
if (signedRequest.StartsWith("signed_request="))
{
signedRequest = signedRequest.Substring(15);
}
if (string.IsNullOrEmpty(applicationSecret))
{
throw new ArgumentNullException("applicationSecret");
}
jsonObject = null;
string expectedSignature = signedRequest.Substring(0, signedRequest.IndexOf('.'));
string payload = signedRequest.Substring(signedRequest.IndexOf('.') + 1);
// Back & Forth with Signature
// byte[] actualSignature = FromUrlBase64String(expectedSignature);
// string testSignature = ToUrlBase64String(actualSignature);
// Back & Forth With Data
byte[] actualPayload = FromUrlBase64String(payload);
string json = (new UTF8Encoding()).GetString(actualPayload);
// string testPayload = ToUrlBase64String(actualPayload);
// Attempt to get same hash
var hmac = SignWithHmac(
Encoding.UTF8.GetBytes(payload),
Encoding.UTF8.GetBytes(applicationSecret));
var hmacBase64 = ToUrlBase64String(hmac);
if (hmacBase64 != expectedSignature)
{
return(false);
}
jsonObject = FacebookUtils.FromJson(json);
return(true);
}