我在下面发布的Auth课程以前曾经工作过。但现在,我在Facebook应用程序画布页面中看不到权限对话框。 (apps.facebook.com/apppage)那些未经过Facebook帐户授权的用户看到空白页。
但它在我的页面上工作正常(www.mypage.com)我是否缺少任何新的安全更新?我该如何解决这种情况?
oAuth.AccessTokenGet(Request["code"]);
if (oAuth.Token.Length > 0)
{
//We now have the credentials, so we can start making API calls
url = "https://graph.facebook.com/me/likes?access_token=" + oAuth.Token;
string json = oAuth.WebRequest(oAuthFacebook.Method.GET, url, String.Empty);
var facebookClient = new FacebookClient(oAuth.Token);
dynamic me = facebookClient.Get("me");
string email = me.email;
...
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.IO;
using System.Linq;
using System.Net;
using System.Text;
using System.Web;
namespace Web.Facebook
{
public class oAuthFacebook
{
public enum Method
{
GET,
POST
};
public const string AUTHORIZE =
"https://graph.facebook.com/oauth/authorize";
public const string ACCESS_TOKEN =
"https://graph.facebook.com/oauth/access_token";
public string CALLBACK_URL =
System.Configuration.ConfigurationManager.AppSettings["CALLBACK_URL"];
//"/";
private string _consumerKey = "";
private string _consumerSecret = "";
private string _token = "";
private string _scope =
System.Configuration.ConfigurationManager.AppSettings["SCOPE"];
#region Properties
public string ConsumerKey
{
get
{
if (_consumerKey.Length == 0)
{
_consumerKey =
System.Configuration.ConfigurationManager.AppSettings["CONSUMER_KEY"];
}
return _consumerKey;
}
set
{
_consumerKey = value;
}
}
public string ConsumerSecret
{
get
{
if (_consumerSecret.Length == 0)
{
_consumerSecret =
System.Configuration.ConfigurationManager.AppSettings["CONSUMER_SECRET"];
}
return _consumerSecret;
}
set
{
_consumerSecret = value;
}
}
public string Token
{
get { return _token; }
set { _token = value; }
}
#endregion
/// <summary>
/// Get the link to Facebook's authorization page for this application.
/// </summary>
/// <returns>The url with a valid request token, or a null string.</returns>
public string AuthorizationLinkGet()
{
return string.Format("{0}?client_id={1}&redirect_uri={2}&scope={3}",
AUTHORIZE,
this.ConsumerKey,
CALLBACK_URL,
_scope);
}
/// <summary>
/// Exchange the Facebook "code" for an access token.
/// </summary>
/// <param name="authToken">The oauth_token or "code" is supplied by Facebook's authorization page following the callback.</param>
public void AccessTokenGet(string authToken)
{
this.Token = authToken;
string accessTokenUrl = string.Format("{0}?client_id={1}&redirect_uri={2}&client_secret={3}&code={4}",
ACCESS_TOKEN,
this.ConsumerKey,
CALLBACK_URL,
this.ConsumerSecret,
authToken);
string response = WebRequest(Method.GET, accessTokenUrl, String.Empty);
if (response.Length > 0)
{
//Store the returned access_token
NameValueCollection qs = HttpUtility.ParseQueryString(response);
if (qs["access_token"] != null)
{
this.Token = qs["access_token"];
}
}
}
/// <summary>
/// Web Request Wrapper
/// </summary>
/// <param name="method">Http Method</param>
/// <param name="url">Full url to the web resource</param>
/// <param name="postData">Data to post in querystring format</param>
/// <returns>The web server response.</returns>
public string WebRequest(Method method, string url, string postData)
{
HttpWebRequest webRequest = null;
StreamWriter requestWriter = null;
string responseData = "";
webRequest = System.Net.WebRequest.Create(url) as HttpWebRequest;
webRequest.Method = method.ToString();
webRequest.ServicePoint.Expect100Continue = false;
webRequest.UserAgent = "[You user agent]";
webRequest.Timeout = 20000;
if (method == Method.POST)
{
webRequest.ContentType = "application/x-www-form-urlencoded";
//POST the data.
requestWriter =
new StreamWriter(webRequest.GetRequestStream());
try
{
requestWriter.Write(postData);
}
catch
{
throw;
}
finally
{
requestWriter.Close();
requestWriter = null;
}
}
responseData = WebResponseGet(webRequest);
webRequest = null;
return responseData;
}
/// <summary>
/// Process the web response.
/// </summary>
/// <param name="webRequest">The request object.</param>
/// <returns>The response data.</returns>
public string WebResponseGet(HttpWebRequest webRequest)
{
StreamReader responseReader = null;
string responseData = "";
try
{
responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
responseData = responseReader.ReadToEnd();
}
catch
{
throw;
}
finally
{
webRequest.GetResponse().GetResponseStream().Close();
responseReader.Close();
responseReader = null;
}
return responseData;
}
}
}
答案 0 :(得分:0)
好的,因为Facebook正在发送X-Frame-Options:DENY,它阻止重定向到另一个页面来获取令牌。取而代之的是iframe重定向,我使用JS SDK获取访问令牌,并使用我需要的访问令牌将整个页面重定向到授权页面。
以下链接有修复所需的内容。我希望这个主题对其他人有用,所以我不删除它。 https://developers.facebook.com/docs/reference/javascript/