Exemplo n.º 1
0
        }                                           // fb_sig_country

        protected FacebookPostCallback(IDictionary <string, string> vars)
        {
            ApiKey           = vars["fb_sig_api_key"];
            AppId            = vars["fb_sig_app_id"];
            RequestedAt      = vars["fb_sig_time"];
            UserId           = vars["fb_sig_user"];
            LinkedAccountIds = (List <string>)FacebookUtils.FromJson(vars["fb_sig_linked_account_id"])["array"];
            UsingNewFacebook = Convert.ToBoolean(vars["fb_sig_in_new_facebook"]);
            Country          = vars["fb_sig_country"];
        }
Exemplo n.º 2
0
        /// <summary>
        /// Validates facebook signed_request using the applicationSecret.
        /// </summary>
        /// <param name="signedRequest">
        /// The signed request.
        /// </param>
        /// <param name="applicationSecret">
        /// The application secret.
        /// </param>
        /// <param name="jsonObject">
        /// The json object if validation passes, else null.
        /// </param>
        /// <returns>
        /// Returns true if validation passes, else false.
        /// </returns>
        public static bool ValidateSignedRequest(string signedRequest, string applicationSecret, out IDictionary <string, object> jsonObject)
        {
            if (signedRequest.StartsWith("signed_request="))
            {
                signedRequest = signedRequest.Substring(15);
            }
            if (string.IsNullOrEmpty(applicationSecret))
            {
                throw new ArgumentNullException("applicationSecret");
            }

            jsonObject = null;

            string expectedSignature = signedRequest.Substring(0, signedRequest.IndexOf('.'));
            string payload           = signedRequest.Substring(signedRequest.IndexOf('.') + 1);

            // Back & Forth with Signature
            // byte[] actualSignature = FromUrlBase64String(expectedSignature);
            // string testSignature = ToUrlBase64String(actualSignature);

            // Back & Forth With Data
            byte[] actualPayload = FromUrlBase64String(payload);
            string json          = (new UTF8Encoding()).GetString(actualPayload);
            // string testPayload = ToUrlBase64String(actualPayload);

            // Attempt to get same hash
            var hmac = SignWithHmac(
                Encoding.UTF8.GetBytes(payload),
                Encoding.UTF8.GetBytes(applicationSecret));

            var hmacBase64 = ToUrlBase64String(hmac);

            if (hmacBase64 != expectedSignature)
            {
                return(false);
            }

            jsonObject = FacebookUtils.FromJson(json);

            return(true);
        }