rpowers and I talked this over during lunch today and here is what we are thinking.
1. We add an attribute for controller actions to handle authentication
2. We add an extension method to the controller to get an instance of the api object to make calls to facebook.
The code would look like this:
public class HomeController : Controller
private const string APIKEY = "xxxxxxx";
private const string SECRET = "yyyyyyy";
[FacebookAuthorization(IsFbml = true, ApiKey = APIKEY, Secret = SECRET)]
public ActionResult Index()
Api api = this.GetApi(APIKEY, SECRET);
var user = api.Users.GetLoggedInUser();
return Content("Hello, " + user.ToString());
(Note: you don't have to set the api key / secret if they are in the web.config)
The FacebookAuthorization attribute handles authenticating to facebook. So if a user is not logged in then the actionfilter intercepts the request, redirects to facebook and then your method is called after the user logs in. We added the extension
method to get the api object because we needed some way to attach it for use in your code. We talked about making base controllers to do this, but that didn't seem like the best approach. I like this approach because it seems the least invasive
to the rest of your code.
Actually I just looked at that code someone posted above. I guess our approach is pretty similar except you don't have to put the api object in any of the controllers' parameters.
Anyone dislike this approach? If so, how would like to see it work?