Decode Signed Request Without Authentication

问题

Are we able to use the Facebook C# SDK to decode the signed_request parameter that is passed to the Facebook Tab page, without using Authentication? Basically, I am looking for a way to decode and parse the page JSON object that the signed_request contains.

I am looking for the .NET C# equivelent to accomplishing the same type of decode in this PHP example: Seamless way to check if user likes page

回答1:

I am just pasting same answer I have answered in another post.

Fans-only content in facebook with asp.net C# sdk

You get signed request when your web page is loaded within facebook canvas app; you should be able to parse signed request something similar to following:

if (Request.Params["signed_request"] != null)
{
    string payload = Request.Params["signed_request"].Split('.')[1];
    var encoding = new UTF8Encoding();
    var decodedJson = payload.Replace("=", string.Empty).Replace('-', '+').Replace('_', '/');
    var base64JsonArray = Convert.FromBase64String(decodedJson.PadRight(decodedJson.Length + (4 - decodedJson.Length % 4) % 4, '='));
    var json = encoding.GetString(base64JsonArray);
    var o = JObject.Parse(json);
    var lPid = Convert.ToString(o.SelectToken("page.id")).Replace("\"", "");
    var lLiked = Convert.ToString(o.SelectToken("page.liked")).Replace("\"", "");
    var lUserId= Convert.ToString(o.SelectToken("user_id")).Replace("\"", "");
}

You need to add reference to json libraries in order to parse signed requestin C#, download from http://json.codeplex.com/

Also refere to How to decode OAuth 2.0 for Canvas signed_request in C#? if you are worndering about signed request.

回答2:

What do you mean 'without authentication'? The signed request is signed with your app secret, so you can decode it regardless of whether the current user has authorised your app

{edit} I now realise you're referring to a library named Authentication{/edit}

If you find another library or reimplement the algorithm for HMAC SHA-256 and a base64url decoder i'm sure you could do it without using that specific library, but it's probably easier to just use it

来源：https://stackoverflow.com/questions/7891303/decode-signed-request-without-authentication