Skip to content

Instantly share code, notes, and snippets.

@ntotten

ntotten/AccountController.cs

Created March 21, 2011 18:31
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ntotten/879932 to your computer and use it in GitHub Desktop.
Save ntotten/879932 to your computer and use it in GitHub Desktop.
Download ZIP
ASP.NET MVC 3 Simple Authorization
Raw
AccountController.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using Facebook;
using MyFacebookSite3434.Models;
using System.Web.Security;
namespace MyFacebookSite3434.Controllers
{
public class AccountController : Controller
{
private const string logoffUrl = "http://localhost:3434/";
private const string redirectUrl = "http://localhost:3434/Account/OAuth";
//
// GET: /Account/LogOn/
public ActionResult LogOn(string returnUrl)
{
var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
oAuthClient.RedirectUri = new Uri(redirectUrl);
var loginUri = oAuthClient.GetLoginUrl(new Dictionary<string, object> { { "state", returnUrl } });
return Redirect(loginUri.AbsoluteUri);
}
//
// GET: /Account/OAuth/
public ActionResult OAuth(string code, string state)
{
FacebookOAuthResult oauthResult;
if (FacebookOAuthResult.TryParse(Request.Url, out oauthResult))
{
if (oauthResult.IsSuccess)
{
var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current);
oAuthClient.RedirectUri = new Uri(redirectUrl);
dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code);
string accessToken = tokenResult.access_token;
DateTime expiresOn = DateTime.MaxValue;
if (tokenResult.ContainsKey("expires"))
{
DateTimeConvertor.FromUnixTime(tokenResult.expires);
}
FacebookClient fbClient = new FacebookClient(accessToken);
dynamic me = fbClient.Get("me?fields=id,name");
long facebookId = Convert.ToInt64(me.id);
InMemoryUserStore.Add(new FacebookUser
{
AccessToken = accessToken,
Expires = expiresOn,
FacebookId = facebookId,
Name = (string)me.name,
});
FormsAuthentication.SetAuthCookie(facebookId.ToString(), false);
// prevent open redirection attack by checking if the url is local.
if (Url.IsLocalUrl(state))
{
return Redirect(state);
}
else
{
return RedirectToAction("Index", "Home");
}
}
}
return RedirectToAction("Index", "Home");
}
//
// GET: /Account/LogOff/
public ActionResult LogOff()
{
FormsAuthentication.SignOut();
var oAuthClient = new FacebookOAuthClient();
oAuthClient.RedirectUri = new Uri(logoffUrl);
var logoutUrl = oAuthClient.GetLogoutUrl();
return Redirect(logoutUrl.AbsoluteUri);
}
}
}
Raw
FacebookUser.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace MyFacebookSite3434.Models
{
public class FacebookUser
{
public long FacebookId { get; set; }
public string AccessToken { get; set; }
public DateTime Expires { get; set; }
public string Name { get; set; }
}
}
Raw
InMemoryUserStore.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace MyFacebookSite3434.Models
{
public class InMemoryUserStore
{
private static System.Collections.Concurrent.ConcurrentBag<FacebookUser> users = new System.Collections.Concurrent.ConcurrentBag<FacebookUser>();
public static void Add(FacebookUser user)
{
if (users.SingleOrDefault(u => u.FacebookId == user.FacebookId) != null)
{
throw new InvalidOperationException("User already exists.");
}
users.Add(user);
}
public static FacebookUser Get(long facebookId)
{
return users.SingleOrDefault(u => u.FacebookId == facebookId);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment