Home/ Questions/Q 6613835
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T20:15:56+00:00

I’m using DotNetOpenAuth v3.5.0.10357 and each time a user authenticates against Facebook I get

  • 0

I’m using DotNetOpenAuth v3.5.0.10357 and each time a user authenticates against Facebook I get a different claimed identifier back. The token looks to be encrypted so I assume DNOA is somehow encrypting the token along with the expiry. Can anyone confirm this? Or am I using it wrong:

    public ActionResult FacebookLogOn(string returnUrl)
    {
        IAuthorizationState authorization = m_FacebookClient.ProcessUserAuthorization();
        if (authorization == null)
        {
            // Kick off authorization request
            return new FacebookAuthenticationResult(m_FacebookClient, returnUrl);
        }
        else
        {
            // TODO: can we check response status codes to see if request was successful?
            var baseTokenUrl = "https://graph.facebook.com/me?access_token=";
            var requestUrl = String.Format("{0}{1}", baseTokenUrl, Uri.EscapeDataString(authorization.AccessToken));
            var claimedIdentifier = String.Format("{0}{1}", baseTokenUrl, authorization.AccessToken.Split('|')[0]);

            var request = WebRequest.Create(requestUrl);
            using (var response = request.GetResponse())
            {
                using (var responseStream = response.GetResponseStream())
                {
                    var graph = FacebookGraph.Deserialize(responseStream);
                    var token = RelyingPartyLogic.User.ProcessUserLogin(graph, claimedIdentifier);
                    this.FormsAuth.SignIn(token.ClaimedIdentifier, false);
                }
            }

            return RedirectAfterLogin(returnUrl);
        }
    }

Here’s the code for FacebookAuthenticationResult:

    public class FacebookAuthenticationResult : ActionResult
{
    private FacebookClient m_Client;
    private OutgoingWebResponse m_Response;

    public FacebookAuthenticationResult(FacebookClient client, string returnUrl)
    {
        m_Client = client;

        var authorizationState = new AuthorizationState(new String[] { "email" });
        if (!String.IsNullOrEmpty(returnUrl))
        {
            var currentUri = HttpContext.Current.Request.Url;
            var path = HttpUtility.UrlDecode(returnUrl);

            authorizationState.Callback = new Uri(String.Format("{0}?returnUrl={1}", currentUri.AbsoluteUri, path));

        }
        m_Response = m_Client.PrepareRequestUserAuthorization(authorizationState);
    }

    public FacebookAuthenticationResult(FacebookClient client) : this(client, null) { }

    public override void ExecuteResult(ControllerContext context)
    {
        m_Response.Send();
    }
}

Also, I am using the RelyingPartyLogic project included in the DNOA samples, but I added an overload for ProcessUserLogin that’s specific to facebook:

    public static AuthenticationToken ProcessUserLogin(FacebookGraph claim, string claimedIdentifier)
    {
        string name = claim.Name;
        string email = claim.Email;
        if (String.IsNullOrEmpty(name))
            name = String.Format("{0} {1}", claim.FirstName, claim.LastName).TrimEnd();
        return ProcessUserLogin(claimedIdentifier, "http://facebook.com", email, name, claim.Verified);
    }

It looks as though FacebookClient inherits from WebServerClient but I looked for the source on GitHub and I don’t see a branch or a tag related (or at least not labeled) with the corresponding v3.5 version.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Facebook does not support OpenID. Claimed Identifier is an OpenID term. Facebook uses OAuth 2.0, so you’re mixing up OpenID and OAuth.

    Facebook sends a different access token every time, which is normal for the OAuth protocol. You have to use the access token to query Facebook for the user id that is consistent on every visit.

    • 0