ntotten · March 21, 2011 18:31
diff --git a/AccountController.cs b/AccountController.cs
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Web;
 using System.Web.Mvc;
 using Facebook;
 using MyFacebookSite3434.Models;
 using System.Web.Security;

 namespace MyFacebookSite3434.Controllers
 {
    public class AccountController : Controller
    {
        private const string logoffUrl = "http://localhost:3434/";
        private const string redirectUrl = "http://localhost:3434/Account/OAuth";
        //
        // GET: /Account/LogOn/

        public ActionResult LogOn(string returnUrl)
        {
            var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
            oAuthClient.RedirectUri = new Uri(redirectUrl);
            var loginUri = oAuthClient.GetLoginUrl(new Dictionary<string, object> { { "state", returnUrl } });
            return Redirect(loginUri.AbsoluteUri);
        }

        //
        // GET: /Account/OAuth/

        public ActionResult OAuth(string code, string state)
        {
            FacebookOAuthResult oauthResult;
            if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult))
            {
                if (oauthResult.IsSuccess)
                {
                    var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
                    oAuthClient.RedirectUri = new Uri(redirectUrl);
                    dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code);
                    string accessToken = tokenResult.access_token;

                    DateTime expiresOn = DateTime.MaxValue;

                    if (tokenResult.ContainsKey("expires"))
                    {
                        DateTimeConvertor.FromUnixTime(tokenResult.expires);
                    }

                    FacebookClient fbClient = new FacebookClient(accessToken);
                    dynamic me = fbClient.Get("me?fields=id,name");
                    long facebookId = Convert.ToInt64(me.id);

                    InMemoryUserStore.Add(new FacebookUser
                    {
                        AccessToken = accessToken,
                        Expires = expiresOn,
                        FacebookId = facebookId,
                        Name = (string)me.name,
                    });

                    FormsAuthentication.SetAuthCookie(facebookId.ToString(), false);

                    // prevent open redirection attack by checking if the url is local.
                    if (Url.IsLocalUrl(state))
                    {
                        return Redirect(state);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
            }

            return RedirectToAction("Index", "Home");
        }

        //
        // GET: /Account/LogOff/

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();
            var oAuthClient = new FacebookOAuthClient();
            oAuthClient.RedirectUri = new Uri(logoffUrl);
            var logoutUrl = oAuthClient.GetLogoutUrl();
            return Redirect(logoutUrl.AbsoluteUri);
        }

    }
 }
diff --git a/FacebookUser.cs b/FacebookUser.cs
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Web;

 namespace MyFacebookSite3434.Models
 {
    public class FacebookUser
    {

        public long FacebookId { get; set; }
        public string AccessToken { get; set; }
        public DateTime Expires { get; set; }


        public string Name { get; set; }
    }
 }
diff --git a/InMemoryUserStore.cs b/InMemoryUserStore.cs
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Web;

 namespace MyFacebookSite3434.Models
 {
    public class InMemoryUserStore
    {

        private static System.Collections.Concurrent.ConcurrentBag<FacebookUser> users = new System.Collections.Concurrent.ConcurrentBag<FacebookUser>();

        public static void Add(FacebookUser user)
        {
            if (users.SingleOrDefault(u => u.FacebookId == user.FacebookId) != null)
            {
                throw new InvalidOperationException("User already exists.");
            }

            users.Add(user);
        }

        public static FacebookUser Get(long facebookId)
        {
            return users.SingleOrDefault(u => u.FacebookId == facebookId);
        }

    }
 }
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Web;
	using System.Web.Mvc;
	using Facebook;
	using MyFacebookSite3434.Models;
	using System.Web.Security;

	namespace MyFacebookSite3434.Controllers
	{
	public class AccountController : Controller
	{
	private const string logoffUrl = "http://localhost:3434/";
	private const string redirectUrl = "http://localhost:3434/Account/OAuth";
	//
	// GET: /Account/LogOn/

	public ActionResult LogOn(string returnUrl)
	{
	var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
	oAuthClient.RedirectUri = new Uri(redirectUrl);
	var loginUri = oAuthClient.GetLoginUrl(new Dictionary<string, object> { { "state", returnUrl } });
	return Redirect(loginUri.AbsoluteUri);
	}

	//
	// GET: /Account/OAuth/

	public ActionResult OAuth(string code, string state)
	{
	FacebookOAuthResult oauthResult;
	if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult))
	{
	if (oauthResult.IsSuccess)
	{
	var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
	oAuthClient.RedirectUri = new Uri(redirectUrl);
	dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code);
	string accessToken = tokenResult.access_token;

	DateTime expiresOn = DateTime.MaxValue;

	if (tokenResult.ContainsKey("expires"))
	{
	DateTimeConvertor.FromUnixTime(tokenResult.expires);
	}

	FacebookClient fbClient = new FacebookClient(accessToken);
	dynamic me = fbClient.Get("me?fields=id,name");
	long facebookId = Convert.ToInt64(me.id);

	InMemoryUserStore.Add(new FacebookUser
	{
	AccessToken = accessToken,
	Expires = expiresOn,
	FacebookId = facebookId,
	Name = (string)me.name,
	});

	FormsAuthentication.SetAuthCookie(facebookId.ToString(), false);

	// prevent open redirection attack by checking if the url is local.
	if (Url.IsLocalUrl(state))
	{
	return Redirect(state);
	}
	else
	{
	return RedirectToAction("Index", "Home");
	}
	}
	}

	return RedirectToAction("Index", "Home");
	}

	//
	// GET: /Account/LogOff/

	public ActionResult LogOff()
	{
	FormsAuthentication.SignOut();
	var oAuthClient = new FacebookOAuthClient();
	oAuthClient.RedirectUri = new Uri(logoffUrl);
	var logoutUrl = oAuthClient.GetLogoutUrl();
	return Redirect(logoutUrl.AbsoluteUri);
	}

	}
	}