Facebook .NET SDK: How to authenticate with ASP.NET MVC 2

会有一股神秘感。 提交于 2019-12-04 18:09:57

I found this post http://facebooksdk.codeplex.com/discussions/244568 on codeplex. I think this is what you need.

Note that instead of using the client-side flow, you need to use the server-side flow.

This is what you should do

Create a login link for server-side flow. After Authorization, facebook will return an url containing a code instead of a access token.

Then you request for a token from facebook using the code. this is my example

    public ActionResult FBAuthorize()
    {
        FacebookOAuthClient cl = new FacebookOAuthClient(FacebookContext.Current);
        FacebookOAuthResult result = null; 
        string url = Request.Url.OriginalString;

        // verify that there is a code in the url
        if (FacebookOAuthResult.TryParse(url, out result))
        {
            if (result.IsSuccess)
            {                                       
                string code = result.Code;

                // this line is necessary till they fix a bug *see details below
                cl.RedirectUri = new UriBuilder("http://localhost:5000/account/FBAuthorize").Uri;

                var parameters = new Dictionary<string, object>();

                //parameters.Add("permissions", "offline_access");

                Dictionary<String, Object> dict = (Dictionary<String, Object>)cl.ExchangeCodeForAccessToken(code, new Dictionary<string, object> { { "redirect_uri", "http://localhost:5000/account/FBAuthorize" } });


                Object Token = dict.Values.ElementAt(0);

                TempData["accessToken"] = Token.ToString();

                return RedirectToAction ("ShowUser");
            }
            else
            {
                var errorDescription = result.ErrorDescription;
            }
        }
        else 
        {
            // TODO: handle error
        }             
        return View();
    }

*There is bug when using IIS in localhost, see the original post for details (the redirect uri when asking for the token must be the same as the one used asking for the code)

It is highly recommended to use IIS and not visual studio web server. There are many things that wont work in visual studio web server.

Ok. The facebook docs say it quite clearly:

Because the access token is passed in an URI fragment, only client-side code (such as JavaScript executing in the browser or desktop code hosting a web control) can retrieve the token. App authentication is handled by verifying that the redirect_uri is in the same domain as the Site URL configured in the Developer App

from http://developers.facebook.com/docs/authentication/ ---> Client-side Flow Section.

So I'm sending the token back to my server to complete the authentication..

Update:

The sending back to the server I do using Javascript something like this:

               var appId = "<%: Facebook.FacebookContext.Current.AppId %>";

                if (window.location.hash.length > 0) {
                    accessToken = window.location.hash.substring(1);
                    var url = window.location.href.replace(/#/, '?');
                    window.location = url;
}

On the server then I have the following action. Not very nice but it works..

public ActionResult FBAuthorize()
{

    FacebookOAuthResult result  = null;


    string url = Request.Url.OriginalString;
    /// hack to make FacebookOuthResult accept the token..
    url = url.Replace("FBAuthorize?", "FBAuthorize#");

    if (FacebookOAuthResult.TryParse(url, out result))
    {
        if (result.IsSuccess)
        {

            string[] extendedPermissions = new[] { "user_about_me", "offline_access" };

            var fb = new FacebookClient(result.AccessToken);

            dynamic resultGet = fb.Get("/me");
            var name = resultGet.name;

            RegisterModel rm = new Models.RegisterModel();
            rm.UserName = name;
            rm.Password = "something";
            rm.Email = "somethig";
            rm.ConfirmPassword = "23213";
            //Label1.Text = name;

            //Response.Write(name);
            //return RedirectToAction("register", "Account", rm);
            ViewData["Register"] = rm;
            return RedirectToAction("Register");

        }
        else
        {
            var errorDescription = result.ErrorDescription;
            var errorReason = result.ErrorReason;
        }
    }
    return View();
}

I am in the same spot you are at the moment. We never get the Request.QueryString populated becasue of the "fragment" or # in the url.

Love to know if you solved this and how.

It does not look like the FacebookOAuthResult class was written to be used in web applications of any sort.

you can change the response type in you scope paramas to be "code" then it will send back a code in the querystring in which you can swap for a token.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!