I have wcf service function which uploads image to Facebook app.
how can i get the authorization code for this purpose.i need to generate the authorization code for the below purpose of user token generation.
how to generate the authorization code?
dynamic token = fb.Get("oauth/access_token", new
{
client_id = "104685639880509",
client_secret = "xxxxxxxxxxxxxxxxxxx",
redirect_uri = "http://localhost:50487/SRMPServiceApplication.svc",
code = "code"
});
Generate extended authorization token from this link
https://developers.facebook.com/tools/accesstoken/
dynamic token = fb.Get("oauth/access_token", new
{
client_id = "104685639880509",
client_secret = "xxxxxxxxxxxxxxxxxxx",
grant_type = "fb_exchange_token",
fb_exchange_token = "your extended authorization token"
});
fb.AccessToken = token.access_token;
Related
I'm trying to find out which is the right way to secure my web api(I am using Sql as database).
Step one: client makes a Login in application.
Client sends username and password.
Asp net checks in sql database if username and password exists.
If exist it sends back a token-key.
In next client's request, do i send again username and password? Or only token?
Also how can i retreive token from asp net and store it inside my asp net application?
Do i need to create a list Collection and add inside the token?
But this way is not thread safe.... Is there any other mechanicm? For stroring-retreiving tokens and other data from asp net application?
You should use JWT Tokens
Here is a useful link for that.
JWT Authentication for Asp.Net Web Api
E.g
Here is how you generate JWT Token
private const string Secret = "db3OIsj+BXE9NZDy0t8W3TcNekrF+2d/1sFnWG4HnV8TZY30iTOdtVWJG8abWvB1GlOgJuQZdcF2Luqm/hccMw==";
public static string GenerateToken(string username, int expireMinutes = 20)
{
var symmetricKey = Convert.FromBase64String(Secret);
var tokenHandler = new JwtSecurityTokenHandler();
var now = DateTime.UtcNow;
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, username)
}),
Expires = now.AddMinutes(Convert.ToInt32(expireMinutes)),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256Signature)
};
var stoken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(stoken);
return token;
}
I have a desktop app where I authenticate users via Azure via AuthenticationContext.AcquireTokenAsync.
With the result from this method I can get the access-token, send it to my WCF and in my WCF use JwtSecurityToken / ConfigurationManager< OpenIdConnectConfiguration > to validate the token.
I've implemented login via Azure in a web app now by configuring it with app.UseOpenIdConnectAuthentication. So in my web app I dont explicitly call a method that returns a token. Rather I jack this in in asp.net's flow.
But now I want to fetch the token in a method and send it for validation similiarly how I did in my desktop app. I cannot find any token that the ConfigurationManager accepts however. I've looked in the regular HttpContext and Owincontext but no info that I find there is useful. Is the accesstoken stored anywhere where I can fetch it? Or do I have to do another request to get an accesstoken?
You should be getting access token as part of the response.
A simple way would be to look at the Authorization header. Look at code below -
HttpContext.Current.Request.Headers["Authorization"];
Also, I don't know what you mean by send the token for validation.
If you're trying to validate the token manually, here's a sample that does exactly that -
Manually validating a JWT access token in a web API
In the sample, specifically look at the Global.asax.cs
string jwtToken = null;
AuthenticationHeaderValue authHeader = request.Headers.Authorization;
if (authHeader != null)
{
jwtToken = authHeader.Parameter;
}
if (jwtToken == null)
{
HttpResponseMessage response = this.BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
return response;
}
.........
.........
.........
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
// We accept both the App Id URI and the AppId of this service application
ValidAudiences = new[] { audience, clientId },
// Supports both the Azure AD V1 and V2 endpoint
ValidIssuers = new[] { issuer, $"{issuer}/v2.0" },
IssuerSigningKeys = signingKeys
};
try
{
// Validate token.
SecurityToken validatedToken = new JwtSecurityToken();
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out validatedToken);
I have a web application in which any user if opt for social media automation such as twitter, they click on twitter button and a oauth procedure is done. That oauth process is done using php.
I store the oauth token and oauth secret for that particular user in the database.
Now I have four keys:
ConsumerKey // common for all as it is the key of app in dev.twitter.com
ConsumerSecret // common for all as it is the secret of app in dev.twitter.com
OauthToken //store in database, which keeps on changing as other user activates the socia media
OauthTokenSecret //store in database, which keeps on changing
I have applied all the authorizing technique like below:
var auth = new MvcAuthorizer
{
Credentials = new InMemoryCredentials
{
ConsumerKey = "###################",
ConsumerSecret = "##################",
OAuthToken = token,
AccessToken = secret
}
};
auth.Authorize();
var auth = new SingleUserAuthorizer
{
Credentials = new InMemoryCredentials
{
ConsumerKey = "###############",
ConsumerSecret = "#############################",
OAuthToken = token,
AccessToken = secret
}
};
auth.Authorize();
The problem is if I enter the Token and secret which is given on the site dev.twitter.com everything works fine but if I provide the token and secret stored in the database it does not authenticate the user.
On SingleUserAuthorizer, don't call Authorize. Also, any time you provide all 4 credentials to any authorizer, you don't need to call Authoirize. LINQ to Twitter will use those credentials to build the authorization header.
The case where you would call authorize is if you only provided ConsumerKey and ConsumerSecret and the authorizer type is not SingleUserAuthorizer. Authorize implements the part of the OAuth protocol that gets the OAuthToken and AccessToken.
Your syntax for SingleUserAuthorizer should work, but here's another way that matches keys to how the Twitter app page names them:
var auth = new SingleUserAuthorizer
{
Credentials = new SingleUserInMemoryCredentials
{
ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"],
ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"],
TwitterAccessToken = ConfigurationManager.AppSettings["twitterAccessToken"],
TwitterAccessTokenSecret = ConfigurationManager.AppSettings["twitterAccessTokenSecret"]
}
};
I have been struggling to get the Facebook C# SDK to post to my page, as the page for a couple of days.
From my googling, I have found that the process should be as follows:
Authorize application for manage_pages and publish_stream with my user account (done through this URL: https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=publish_stream,manage_pages)
Get user access token
Exchange user access token for long lived access token
Get me/accounts with the long lived user access token
Get the page access token from the result
Post to the page_id/feeds endpoint using the long lived token
I can follow this process through the graph explorer, and it works. A post is created on the page with the generated token.
How do I do this using the C# SDK?
I tried:
dynamic userTokenResult = client.Get("oauth/access_token", new
{
client_id = appid,
client_secret = appsecret,
grant_type = "client_credentials"
});
dynamic longLivedResult = client.Get("oauth/access_token", new
{
client_id = appid,
client_secret = appsecret,
grant_type = "fb_exchange_token",
fb_exchange_token = userTokenResult.access_token;
});
client.AccessToken = longLivedResult.access_token;
// Post the message
dynamic messagePost = new
{
link = message.LinkUrl,
name = message.LinkName,
caption = message.LinkCaption,
description = message.LinkDescription,
message = message.Message
};
// Set the status
var postId = client.Post("pagename/feed", messagePost);
However, I suspect that this is returning the application access_token, not the user access_token (it fails at GET: me/accounts).
you cannot get user token from server-side code (even if you know login/password). You should either:
copy/paste it from Graph API Explorer
Get it from JS SDK client side
Use GetLoginUrl function from FacebookClient to get login URL and redirect the user to that page. After login is completed, facebook will call your function back - and in that function you will be able to the the token. Below are 2 functions (authorize and callback) from my MVC project - but I think you will get the idea.
public ActionResult Authorize(Guid eventId)
{
var redirectUri = ConfigurationProvider.HostingEndpoint + this.Url.Action("AuthorizeCallback", new { eventCode = eventId });
var service = new FacebookClient();
var loginUrl = service.GetLoginUrl(new {
client_id = ConfigurationProvider.FacebookAppId,
client_secret = ConfigurationProvider.FacebookAppSecret,
redirect_uri = redirectUri,
response_type = "code",
scope = "manage_pages, publish_actions, user_photos, publish_stream" // Add other permissions as needed
});
return new RedirectResult(loginUrl.AbsoluteUri, permanent: false);
}
that will redirect user to the Facebook login page. When user enters credentials and presses login, this function will be called (note the code parameter - it will be used to get the token):
public ActionResult AuthorizeCallback(string code, string eventCode)
{
var redirectUri = ConfigurationProvider.HostingEndpoint + this.Url.Action("AuthorizeCallback", new { eventCode = eventId });
var fb = new FacebookClient();
dynamic result = fb.Post("oauth/access_token", new
{
client_id = ConfigurationProvider.FacebookAppId,
client_secret = ConfigurationProvider.FacebookAppSecret,
redirect_uri = redirectUri,
code = code
});
var accessToken = result.access_token;
// update the facebook client with the access token so
// we can make requests on behalf of the user
fb.AccessToken = accessToken;
// now get externded app Token
dynamic extendedToken = fb.Get("oauth/access_token", new
{
client_id = ConfigurationProvider.FacebookAppId,
client_secret = ConfigurationProvider.FacebookAppSecret,
grant_type = "fb_exchange_token",
fb_exchange_token = fb.AccessToken
});
// Get the user's information
dynamic me = fb.Get("me");
}
After that you should call "/me/accounts", find your page and get its token from there.
If you're just trying to post to your own page, an alternative is to use Windows PowerShell and http://facebookpsmodule.codeplex.com. This reduces the operation to a few lines of PowerShell script.
How do I get the facebook access token for getting insights.
The following is used to get the client data only, but I want the user information/fan page insight. I would like to know if I can get the insights data programatically(without logging into facebook and allowing access) with some examples in Asp.Net MVC. Logging in to facebook and granting access should also be done programmatically, I do not want the end user to be involved.
var fb = new FacebookClient();
dynamic result = fb.Get("oauth/access_token", new {
client_id = "app_id",
client_secret = "app_secret",
grant_type = "client_credentials"
});
fb.AccessToken = result.access_token;
I tried using the above as but I cannot get the insight data. Can anyone please help me. If you do not understand I would be happy to explain in detail.
var fb = new FacebookClient();
dynamic result = fb.Get("oauth/access_token", new {
client_id = "app_id",
client_secret = "app_secret",
grant_type = "client_credentials",
redirect_uri = "redirect_uri",
scope= "read_insights"
});
fb.AccessToken = result.access_token;
Thank you.