Allow Access

Sep 10, 2008 at 10:21 PM
I am getting stumped at every turn, this been made ridiculously difficult by the facebook developers.  My application requires a user to allow authorization and add it to their profile only if they wish to display it to their visitors.  There is no reason for visitors to allow access because there is no active interaction with a visitor on a personal level.  It is a photo browsing application, so there is no need for a visitor to allow access in order to browse their friend's photo gallery.

According to facebook's instructions, you add a requirelogin=1 to a link if you require the 'allow access' thing.  So when the profile is updated of the person who has allowed access, my link is "...main.aspx?profileowner=1234" requirelogin=0> on the profile page.  This does nothing.  I have also set requirelogin=false in my master page, still no difference.  The Allow Access page pops up every time.

My users need the choice of just to browse, or to add it to their profile and personalize the settings to point to their own (external) photo gallery.

Can anyone please assist with this?  It would be good to add to my tutorial I posted about in another thread if it doesn't over-complicate my 'hello world' sample.
Sep 15, 2008 at 3:02 AM
Once again, this one comes back to hacking the FDT API.  What happens is that when you have a master page inheriting CanvasFBMLMasterPage, it is instantiated and all the login etc. occurs before you get to decide what happens at instantiation.  The problem is that RequireLogin is True by default so you can never avoid the Allow Access page.  For specific types of applications where you don't want Allow Access to appear for visitors to an app installed in someone else's profile, you can re-compile Facebook.Web with this hack to CanvasFBMLMasterPage:

bool _requireLogin = false; //true;


Oct 29, 2008 at 12:55 AM
I can't agree with you more about FDT API.  I'm thinking your hack is in 2.0 and not in 1.6 or 1.7, yes?
Oct 29, 2008 at 3:59 PM
Just FYI, what Facebook is looking for is a link that looks like this: "...main.aspx?profileowner=1234&requirelogin=1" (requirelogin is disabled by default). It sounds like the FDT is forcing the requirelogin by default, though. I guess that makes sense, since until the new redesign, Facebook required login for everything, and we just must not have changed it since then.

I'll try and look into this and see if we can make an easy fix for 2.0.
Oct 30, 2008 at 9:58 AM
@seansms, this hack is for 2.0.

@jschuster, my fix was simply to default 'requirelogin' to false as in my post above.  The requirelogin flag can then be set upon loadup of the app according to the requirements of the app, so it's up to the developer how they want the behaviour to work.  My sample in the other thread pretty-much has this working utilising the above hack, I need to complete that app sometime to clarify things.  I have developed my SmugFoto application based around this - if you add the app then login is required.  If you are a visitor just browsing a friend's SmugFoto galleries you are not confronted with "Allow Access", you just click off the profile link and you're browsing your friend's photos.
Oct 30, 2008 at 4:46 PM
Now that I've looked into this a bit more, you make a good point. I'll change both of those so that the default is RequireLogin = false.

I figured out the problem you were having as well. RequireLogin gets checked in the master page's Page_Init method, so you need to set it  before that point. That means either inheriting from the master page and setting RequireLogin in that new master page's Page_Init method, or setting it in the Page_PreInit method of each page that you want to differ from the default.

As for the CanvasFBMLBasePage, RequireLogin gets checked in the Page_Init method, so I would think that if you inherit from that class, your class can either set RequireLogin in its own Page_Init or Page_PreInit methods (or any other methods in the page cycle that happen before that point).
Oct 31, 2008 at 8:40 PM
I handle the login process at the master page because I think it's easier and there's no way of ever bypassing that process.  But it would probably work the same from a page.

I'm handling the initialize event at the master page and simply have the following code if I want the 'Allow Access' button to show or if I want profile access because the user has already added the application:


this.RequireLogin = true;
this.Page_Init(null, null);