Using ASP.Net with Facebook’s Graph API and OAuth 2.0 Authentication

April 23, 2010

In case you haven’t already heard, Facebook just released their new Graph API at f8.  Its good news for us developers, as the new API is much cleaner and simpler to use than their old REST API.  The great news is that Facebook now supports OAuth 2.0 for authentication instead of their own custom authentication mechanism.  The really great news is that OAuth 2.0 is super simple to use.  If you’ve used OAuth 1.0a before, you know it can be a little tricky, with the request tokens and generating signatures and such.  Well OAuth 2.0 simplifies all that, and makes using the Graph API super simple. You can read Facebook’s documentation here: http://developers.facebook.com/docs/authentication/ .

There’s example code there, but its in PHP and Python, which of course is not very useful for .Net developers.  So here’s all the code you need to get running in C#.

Create a class, called oAuthFacebook.cs. A lot of this code came from a Twitter OAuth example, which I’ve modified for Facebook and OAuth 2.0:

public class oAuthFacebook

{
public enum Method { GET, POST };
public const string AUTHORIZE = "https://graph.facebook.com/oauth/authorize";
public const string ACCESS_TOKEN = "https://graph.facebook.com/oauth/access_token";
public const string CALLBACK_URL = "http://www.blahblah.com/facebookcallback.aspx";

private string _consumerKey = "";
private string _consumerSecret = "";
private string _token = "";

#region Properties

public string ConsumerKey
{
get
{
if (_consumerKey.Length == 0)
{
_consumerKey = "1111111111111"; //Your application ID
}
return _consumerKey;
}
set { _consumerKey = value; }
}

public string ConsumerSecret {
get {
if (_consumerSecret.Length == 0)
{
_consumerSecret = "11111111111111111111111111111111"; //Your application secret
}
return _consumerSecret;
}
set { _consumerSecret = value; }
}

public string Token { get { return _token; } set { _token = value; } }

#endregion

/// <summary>
/// Get the link to Facebook's authorization page for this application.
/// </summary>
/// <returns>The url with a valid request token, or a null string.</returns>
public string AuthorizationLinkGet()
{
return string.Format("{0}?client_id={1}&redirect_uri={2}", AUTHORIZE, this.ConsumerKey, CALLBACK_URL);
}

/// <summary>
/// Exchange the Facebook "code" for an access token.
/// </summary>
/// <param name="authToken">The oauth_token or "code" is supplied by Facebook's authorization page following the callback.</param>
public void AccessTokenGet(string authToken)
{
this.Token = authToken;
string accessTokenUrl = string.Format("{0}?client_id={1}&redirect_uri={2}&client_secret={3}&code={4}",
ACCESS_TOKEN, this.ConsumerKey, CALLBACK_URL, this.ConsumerSecret, authToken);

string response = WebRequest(Method.GET, accessTokenUrl, String.Empty);

if (response.Length > 0)
{
//Store the returned access_token
NameValueCollection qs = HttpUtility.ParseQueryString(response);

if (qs["access_token"] != null)
{
this.Token = qs["access_token"];
}
}
}

/// <summary>
/// Web Request Wrapper
/// </summary>
/// <param name="method">Http Method</param>
/// <param name="url">Full url to the web resource</param>
/// <param name="postData">Data to post in querystring format</param>
/// <returns>The web server response.</returns>
public string WebRequest(Method method, string url, string postData)
{

HttpWebRequest webRequest = null;
StreamWriter requestWriter = null;
string responseData = "";

webRequest = System.Net.WebRequest.Create(url) as HttpWebRequest;
webRequest.Method = method.ToString();
webRequest.ServicePoint.Expect100Continue = false;
webRequest.UserAgent  = "[You user agent]";
webRequest.Timeout = 20000;

if (method == Method.POST)
{
webRequest.ContentType = "application/x-www-form-urlencoded";

//POST the data.
requestWriter = new StreamWriter(webRequest.GetRequestStream());

try
{
requestWriter.Write(postData);
}
catch
{
throw;
}

finally
{
requestWriter.Close();
requestWriter = null;
}
}

responseData = WebResponseGet(webRequest);
webRequest = null;
return responseData;
}

/// <summary>
/// Process the web response.
/// </summary>
/// <param name="webRequest">The request object.</param>
/// <returns>The response data.</returns>
public string WebResponseGet(HttpWebRequest webRequest)
{
StreamReader responseReader = null;
string responseData = "";

try
{
responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
responseData = responseReader.ReadToEnd();
}
catch
{
throw;
}
finally
{
webRequest.GetResponse().GetResponseStream().Close();
responseReader.Close();
responseReader = null;
}

return responseData;
}
}

Add a login button to your .aspx page:

protected void btnLogin_Click(object sender, EventArgs e)
{
oAuthFacebook oFB = new oAuthFacebook();
Response.Redirect(oFB.AuthorizationLinkGet());
}

Create a callback page, call it FBCallback.aspx or whatever:

protected void Page_Load(object sender, EventArgs e)
{
string url = "";
oAuthFacebook oAuth = new oAuthFacebook();

if (Request["code"] == null)
{
//Redirect the user back to Facebook for authorization.
Response.Redirect(oAuth.AuthorizationLinkGet());
}
else
{
//Get the access token and secret.
oAuth.AccessTokenGet(Request["code"]);

if (oAuth.Token.Length > 0)
{
//We now have the credentials, so we can start making API calls
url = "https://graph.facebook.com/me/likes?access_token=" + oAuth.Token;
string json = oAuth.WebRequest(oAuthFacebook.Method.GET, url, String.Empty);
}
}
}

That’s all there is to it!  You can start making Graph API calls by including the  access token with your requests.