我正在使用Facebook C#SDK中的示例代码...特别是CS-AspNetWebForms-JsSdk项目作为基础......我基本上将Facebook> Logon.asxp和Facebook> Default.aspx复制到我的项目,这是一个C#DotNetNuke模块。然后我将它们保存为用户控件。除此之外,我没有对代码本身进行任何更改...(除了一些使用语句等,以使其在DNN环境中构建)。
当我运行Facebook C#SDK中提供的基线示例代码时,它运行正常。但是当我在DNN中运行该版本时,我遇到了oAuth弹出窗口(从Javascript调用)的问题,该窗口没有关闭并重定向回我的站点。它只是保持打开状态而不显示任何内容(空白页)。
这是我单击FB登录按钮后弹出浏览器窗口中显示的第一个URL:
https://www.facebook.com/login.php?api_key=270792352985332&skip_api_login=1&display=popup&cancel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.%23cb%3Df282f9d6e4%26origin%3Dhttp%253A%252F%252Flocalhost%252Ff3ce290c44%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Dfc708cc48&fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D270792352985332%26redirect_uri%3Dhttps%253A%252F%252Fs-static.ak.fbcdn.net%252Fconnect%252Fxd_proxy.php%253Fversion%253D3%2523cb%253Df282f9d6e4%2526origin%253Dhttp%25253A%25252F%25252Flocalhost%25252Ff3ce290c44%2526relation%253Dopener%2526transport%253Dpostmessage%2526frame%253Dfc708cc48%26sdk%3Djoey%26display%3Dpopup%26response_type%3Dtoken%252Csigned_request%26fbconnect%3D1%26perms%3Duser_about_me%252Cpublish_stream%26from_login%3D1&rcount=1
如果我使用一个新用户(一个尚未批准该应用但尚未登录的用户),则会显示FB登录页面,然后是权限页面......到目前为止,非常好。但是到了重定向回我的网站的时候......没有运气。 oAuth浏览器窗口打开就在那里,有一个空白页面。这是当时该窗口中的URL:
https://s-static.ak.fbcdn.net/connect/xd_proxy.php?version=3#cb=f282f9d6e4&origin=http%3A%2F%2Flocalhost%2Ff3ce290c44&relation=opener&transport=postmessage&frame=fc708cc48&access_token=AAAD2SMIB8PQBAPE7Jx46Nf4aPZAeqd0iM9TibKsZAx7NajjR3U6AWomEMrX6QsplRhWNoOfuhh7wLEWCT5zQYzbYBW3DGYN7uEdS0tOqg8vXKzTQvI&expires_in=3727&signed_request=8PpxwfwmImbBT9DVjIZ5CzdtMHHu449k0OYQAoP627A.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNsMm5OcE1vZWFuNXlOd2I0UUp6UjEyNU5mWTdJRl9VOGw0ZlZFZzI0MlhyM0Q4ZU8ycTdkdFJMc1RpbktiRUczY2JCeHBiMVNqLTdBQWtFc3NJSlUyZ0VnV2dtZHhsN21aMmUydnU4ZGNJUnJmLXdKeXdzVGl5WFpIVjA4TTJwOVNLOEZUdlFEVkhtUE15dkhOei1zOXB3MjIxVlZsQXJjZDZ1QzNLV0kwM2NFaG1UU1JjQzU4WkxIanRRZXlMYjI2MnhUd2w0azRkLXFneTEzQUZGN3IiLCJpc3N1ZWRfYXQiOjEzMjY0Nzc0NzMsInVzZXJfaWQiOiIxMDAwMDMzMzk2NDAxNjUifQ
这是我的代码:
<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="Logon.ascx.cs" Inherits="Incite.Modules.MySitterGetter.Logon" %>
<%--<input type="button" id="fblogin" value="Login to Facebook" disabled="disabled"/>--%>
<asp:Label ID="lblMessage" runat="server"
Text="Please click the button below to login to Facebook."></asp:Label>
<br />
<asp:ImageButton ID="fblogin" runat="server" ImageUrl="~/DesktopModules/Incite/MySitterGetter/images/fb_login_button.jpg" Enabled="True" />
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function () {
FB.init({
appId: '<%: Facebook.FacebookApplication.Current.AppId %>',
channelUrl: '<%: FBChannelURL %>', // Channel File
cookie: true,
xfbml: true,
oauth: true
});
function facebooklogin() {
FB.login(function (response) {
if (response.authResponse) {
// user authorized
window.location.reload();
} else {
// user cancelled
}
}, { scope: '<%: string.Join(",", ExtendedPermissions) %>' });
};
$(function () {
// make the button is only enabled after the facebook js sdk has been loaded.
//$('#fblogin').attr('disabled', false).click(facebooklogin);
$('#' + '<%= fblogin.ClientID %>').attr('disabled', false).click(facebooklogin);
});
};
(function () {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
} ());
</script>
背后的代码:
using System;
using System.Collections;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Reflection;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using DotNetNuke;
using DotNetNuke.Common.Utilities;
using DotNetNuke.Security;
using DotNetNuke.Services.Exceptions;
using DotNetNuke.Services.Localization;
using DotNetNuke.Entities.Modules;
using DotNetNuke.Entities.Modules.Actions;
using Facebook.Web;
namespace Incite.Modules.MySitterGetter
{
public partial class Logon : PortalModuleBase
{
protected string[] ExtendedPermissions = ConfigurationManager.AppSettings["extendedPermissions"].Split(',');
protected string FBChannelURL = ConfigurationManager.AppSettings["fbChannelURL"];
protected void Page_Load(object sender, EventArgs e)
{
if (FacebookWebContext.Current.IsAuthorized(ExtendedPermissions))
{
if (Request.QueryString.AllKeys.Contains("ReturnUrl"))
{
var returnUrl = Request.QueryString["ReturnUrl"];
// prevent open redirection attacks
if (IsUrlLocalToHost(Request, returnUrl))
{
//Response.Redirect(returnUrl);
return;
}
}
//Redirect to this page after login
//Response.Redirect("~/");
lblMessage.Text = "Successfully logged into Facebook!";
Response.Redirect("~/FBAccount.aspx");
}
else
{
lblMessage.Text = "Facebook login FAILED!";
}
}
public static bool IsUrlLocalToHost(HttpRequest request, string url)
{
// http://www.asp.net/mvc/tutorials/preventing-open-redirection-attacks
if (string.IsNullOrWhiteSpace(url))
{
return false;
}
Uri absoluteUri;
if (Uri.TryCreate(url, UriKind.Absolute, out absoluteUri))
{
return String.Equals(request.Url.Host, absoluteUri.Host,
StringComparison.OrdinalIgnoreCase);
}
else
{
bool isLocal = !url.StartsWith("http:", StringComparison.OrdinalIgnoreCase)
&& !url.StartsWith("https:", StringComparison.OrdinalIgnoreCase)
&& Uri.IsWellFormedUriString(url, UriKind.Relative);
return isLocal;
}
}
}
}
请注意,这种情况发生在Firefox,Chrome和IE9中,这就是我所拥有的。 此外,如果我导航回我的登录页面(使用Logon.ascx控制)TWICE ....而不重新单击FB登录按钮,它然后传递if(FacebookWebContext.Current.IsAuthorized(ExtendedPermissions))检查。因此,即使重定向没有发生,也是在授权。
对不起,很长的帖子。 任何帮助都非常感激,因为到目前为止我浪费了将近一天的时间!
乍得