使用ASP.NET登录Facebook

Question

I am implementing Facebook login on my website. I am creating an asp.net user as well with the Facebook users details. This way I can control login in people to my site using .NET membership regardless of whether they are a Facebook user or not.

The problem I am facing now is security. When a user logs in with Facebook I am calling a webservice with their facebook details, if the user exists on the system (by their facebook userid) then I log them in. However as it stands anyone could call the webservice with someone elses facebook id and it would log them in (if that user existed on the system). Is there something that I can use to link the facebook user with my asp.net user that is only accessible to that user, such as an access token. It also needs to be something which does not change? Does facebook send back such a thing in the response object?

Any help or suggestions are much appreciated.

Thanks

Answer 1

Yes, we can get that profile data from Facebook. Using that requestAccessToken Url you can get that access token.

requestAccessTokenurl="https://graph.facebook.com/oauth/access_token?client_id={0} redirect_uri={1};client_secret={2};code={3}"

Also we can get the Profile Data using this access token requestProfileUrl="https://graph.facebook.com/me"

please see this link- http://easyoauth.codeplex.com/

you can download the source code also :)

We have implemented for Facebook, Twitter, LinkedIn, Google using this framework. It is very straight forward. I can help you how to do this.

Thanks