Created
December 20, 2011 00:20
-
-
Save tarnacious/1499572 to your computer and use it in GitHub Desktop.
Quick hack to validate a facebook javascript api auth cookie on the server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public bool Authenticate() | |
{ | |
var FacebookAppId = ConfigurationManager.AppSettings["FACEBOOK_APPID"]; | |
var FacebookAppSecret = ConfigurationManager.AppSettings["FACEBOOK_SECRET"]; | |
var cookie = Request.Cookies["fbs_" + FacebookAppId]; | |
if (cookie == null) return false; | |
var data = cookie.Value; | |
Func<string, KeyValuePair<string, string>> toNameValue = m => | |
{ | |
var nameValue = m.Split('='); | |
return new KeyValuePair<string, string>(nameValue[0], nameValue[1]); | |
}; | |
data = data.Substring(1, data.Length - 2); | |
var keys = data.Split('&').Select(toNameValue).OrderBy(m => m.Key); | |
var payload = string.Join("", keys.Where(m => m.Key != "sig").Select(m => string.Format("{0}={1}", m.Key, m.Value))); | |
payload = payload + FacebookAppSecret; | |
var hash = payload.ComputeMD5Hash(); | |
var sig = keys.ToDictionary(m => m.Key)["sig"]; | |
var success = sig.Value == hash; | |
return success; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static class Helpers | |
{ | |
public static string ComputeMD5Hash(this string input) | |
{ | |
return input.StringToBytes().ComputeMD5Hash().BytesToString(); | |
} | |
public static byte[] ComputeMD5Hash(this byte[] buffer) | |
{ | |
return System.Security.Cryptography.MD5.Create().ComputeHash(buffer); | |
} | |
public static byte[] StringToBytes(this string input) | |
{ | |
return System.Text.Encoding.UTF8.GetBytes(input); | |
} | |
public static string BytesToString(this byte[] input) | |
{ | |
return string.Join("", input.Select(m => m.ToString("x2"))); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
gistfile1.cs