Invalid Signature - HELP

Aug 8, 2008 at 1:11 PM
Hey there.

I spend most of my day adjusting my app to the 2.0 version. My Problem is that I can successfully connect to Facebook but all following requests fail due to an "Invalid Signature" error. This probably means that there is some diversity in the way the signature string is build or hashed.

This call initital call works:

POST: method=facebook.auth.getSession&auth_token=784cb7274d3ebaaf5f9b8c5dca52cef7&session_key=&api_key=MYAPIKEY&v=1.0&call_id=8cac775abc2afe0&sig=014780ea0c4789b7ff817e1cededab74

This is what gets generated on the next call (getInfo):
POST: method=facebook.users.getInfo&uids=SOMEUSERID&fields=first_name%2c+last_name%2c+name%2c+pic_small%2c+pic_big%2c+pic_square%2c+pic%2c+affiliations%2c+profile_update_time%2c+timezone%2c+religion%2c+birthday%2c+sex%2c+hometown_location%2c+meeting_sex%2c+meeting_for%2c+relationship_status%2c+significant_other_id%2c+political%2c+current_location%2c+activities%2c+interests%2c+is_app_user%2c+music%2c+tv%2c+movies%2c+books%2c+quotes%2c+about_me%2c+hs_info%2c+education_history%2c+work_history%2c+notes_count%2c+wall_count%2c+status&session_key=f64b3e311419540323c6eb41-597334294&api_key=MYAPIKEY&v=1.0&call_id=8cac775e5264e90&sig=f43a8e7f62f6397f7c200d3684256538

The call returns with an incorrect signature XML response...

This what I use for testing (and what used to work with the old API:
public override bool Connect()
var fs = new facebook.Components.FacebookService();
fs.ApplicationKey = VendorAppID;
fs.Secret = VendorSecret;

var sessionKey = HttpContext.Current.Session["facebook_session_key"] as String;
var userId = HttpContext.Current.Session["facebook_userId"] as String;
var authToken = HttpContext.Current.Request.QueryString["auth_token"];

if ( !String.IsNullOrEmpty(sessionKey) || !String.IsNullOrEmpty(authToken) )
if (!String.IsNullOrEmpty(sessionKey))
fs.SessionKey = sessionKey;
fs.UserId = int.Parse(userId);

else if (!String.IsNullOrEmpty(authToken))
fs.CreateSession(authToken); // WORKS!
HttpContext.Current.Session["facebook_session_key"] = fs.SessionKey;
HttpContext.Current.Session["facebook_userId"] = fs.UserId;
HttpContext.Current.Session["facebook_session_expires"] = fs.SessionExpires;

//... all subsequent calls fail with incorrect signature
// Example call for testing (doesn´t make sense because I already have the userid
// but it shows that even calls without params fail

var usrID = fs.users.getLoggedInUser();

// Needs to login
return false;

return true;

Maybe someone here already experiences this issue. I need to fix this fast and would appreciate any hints and tips.
Aug 8, 2008 at 5:53 PM
does the same thing happen if you use the facebook.API class instead of facebook.Components.Service?
Aug 9, 2008 at 2:12 PM
No, actually it works that way. Strange.

I initially set up facebook.Components.Service and then reuse it (store it in the app memory) on subsequent requests.
What seems to be happening is that the Service "looses" it´s AppSecret key and because of that it produces an invalid signature.

The exact same source code worked (still does work) pretty well with the old version. Any hints on why this is happening?

Aug 19, 2008 at 2:30 PM
Hi Elmar,

I have downlooad the latest source code and builded it with VC# 2008.

I am not able to import the following namespaces from the facebook.dll, facebook.web.dll's generated

Imports Facebook.Entity
Imports Facebook.WebControls

Am I missing something here?

Please help me.
Aug 19, 2008 at 3:04 PM
Have you been able to successfully build the source? Do you have Linq2XSD installed?
Building and using the modified source works quite well for me (apart from not being able to post profile messages).

Aug 19, 2008 at 6:48 PM
Hi El,

I dont have VS 2008 installed in my system.

But I have framework 3.5 installed already inorder to get support for LINQ.

Here the 2 dlls that I am referenced in my project

1. facebook.dll
2. facebook.web.dll
3. Microsoft.Xml.Schema.Linq.dll

Also, I didn't get any sort of error while building the sourcecode.

Any reason still why I am not able to reference the Facebook.Entity namespace ?

Aug 19, 2008 at 6:51 PM
Can you please share your Facebooktoolkit source code with me?

If you can email me, that would be a great help.

My project has been struck because of the new platform changes.

Aug 20, 2008 at 12:42 AM
I had the same problem (Invalid Signature).

You need to add

        _fbService.API.IsDesktopApplication = false;

before creating the session.