public ActionResult FacebookCallback(string code, string state)
{
if (string.IsNullOrWhiteSpace(code) || string.IsNullOrWhiteSpace(state))
{
return(RedirectToProcessFacebook());
}
// first validate the csrf token
dynamic decodedState;
try
{
decodedState = _fb.DeserializeJson(Encoding.UTF8.GetString(Convert.FromBase64String(state)), null);
var exepectedCsrfToken = Session[SessionKeys.FbCsrfToken] as string;
// make the fb_csrf_token invalid
Session[SessionKeys.FbCsrfToken] = null;
if (!(decodedState is IDictionary <string, object>) || !decodedState.ContainsKey("csrf") || string.IsNullOrWhiteSpace(exepectedCsrfToken) || exepectedCsrfToken != decodedState.csrf)
{
return(RedirectToProcessFacebook());
}
}
catch
{
// log exception
return(RedirectToProcessFacebook());
}
try
{
dynamic result = _fb.Post("oauth/access_token",
new
{
client_id = _settings.FacebookAppId,
client_secret = _settings.FacebookSecretKey,
redirect_uri = FacebookCallbackUri,
code = code
});
Session[SessionKeys.FbAccessToken] = result.access_token;
if (result.ContainsKey("expires"))
{
Session[SessionKeys.FbExpiresIn] = DateTime.Now.AddSeconds(result.expires);
}
if (decodedState.ContainsKey("returnUrl"))
{
return(RedirectToProcessFacebook(decodedState.returnUrl));
}
return(RedirectToProcessFacebook());
}
catch
{
// log exception
return(RedirectToProcessFacebook());
}
}
public ActionResult FacebookCallback(string code, string state)
{
if (string.IsNullOrWhiteSpace(code) || string.IsNullOrWhiteSpace(state))
{
return(RedirectToAction("Index", "Home"));
}
// first validate the csrf token
dynamic decodedState;
try
{
decodedState = _fb.DeserializeJson(Encoding.UTF8.GetString(Convert.FromBase64String(state)), null);
var exepectedCsrfToken = Session["fb_csrf_token"] as string;
// make the fb_csrf_token invalid
Session["fb_csrf_token"] = null;
if (!(decodedState is IDictionary <string, object>) || !decodedState.ContainsKey("csrf") || string.IsNullOrWhiteSpace(exepectedCsrfToken) || exepectedCsrfToken != decodedState.csrf)
{
return(RedirectToAction("Index", "Home"));
}
}
catch
{
// log exception
return(RedirectToAction("Index", "Home"));
}
try
{
dynamic result = _fb.Post("oauth/access_token",
new
{
client_id = AppId,
client_secret = Appsecret,
redirect_uri = _redirectUri,
code = code
});
CurrentUser.Get().AccessToken = result.access_token;
if (result.ContainsKey("expires"))
{
Session["fb_expires_in"] = DateTime.Now.AddSeconds(result.expires);
}
if (decodedState.ContainsKey("returnUrl"))
{
if (Url.IsLocalUrl(decodedState.returnUrl))
{
return(Redirect(decodedState.returnUrl));
}
}
return(RedirectToAction("Index", "Home"));
}
catch
{
// log exception
return(RedirectToAction("Index", "Home"));
}
}