Connect to Facebook in the background

Nov 13, 2009 at 6:30 AM

I want to create a web page in ASP.NET, much like a website's user profile page. The web page will have, along with many user controls related to profile information, a checkbox that would allow the user to share certain information from his profile on his Facebook account.

My question is - Is it possible for my web page to use already stored (somewhere in my database) user's Facebook login credentials when he clicks on the checkbox to connect to (and log into) Facebook in the background, so that when he clicks on Submit button, my web page is able to make API calls on his behalf to update his Facebook profile based on information on his profile page on my website?

Whatever I have been trying till now to make API calls on my web page redirects the user to Facebook's login.php page. If it's possible to use the user's Facebook login credentials on my web page to connect to Facebook in the background, that would be great. I don't want Facebook's login.php page to appear when a Facebook session needs to be established.

Nov 13, 2009 at 4:52 PM

Check out the documentation on acquiring the offline_access extended permission, which will give you a non-expiring session key (aka "infinite session key").  You save this session key and can then use it to make api calls later without the user logging in.

It is not without difficulties.  I am trying this and having a problem where the infinite session key is not being set immediately 100% of the time.

Nov 13, 2009 at 9:06 PM


Did you get this working?  I'm trying to do the same thing?


Nov 13, 2009 at 9:39 PM

you absolutely cannot store the facebook login credentials for users and pass them to FB.

it is against the terms & conditions, and besides I don;t believe FBConnect even provides a way to do it.

Patja is on the right track.  Using FBConnect FBML controls you can add controls to your pages that detect FB Session status and render either as login panels or simple "you are Connected" images.  Don't try to force it, just try to figure out the paradigm the FBC Developers expected you to work within... it might not be exactly what you imagined at first but what can you do?



Nov 16, 2009 at 4:09 AM

Thanks for the replies, guys. You cleared much of my doubts.

I'll try your suggestions and see if they work in my case. I'll also post the results after that.

Nov 18, 2009 at 11:32 AM


Get permanent SessionKey

(New Version of Facebook & FaceBook API)


Through the use of extended Permissions



This permission grants an application access to user data when the user is offline or doesn't have an active session. This permission can be obtained only through the fb:prompt-permission tag or the promptpermission attribute. Read more about session keys


Manual Method to get the Offline Session Key

Use the following URL with your API Key

  1. Register for the Facebook Developer App on your facebook profile.
  2. Create a new app Web App(By default) through your "Facebook Developer App". Change the Application Type to "Desktop App".
    Note down the API Key & Secret Key for you app.
  3. Authorize the app & authenticate the user and then get the permanent session_key.


Authenticating a Facebook application from another web application is not a simple task.  The user needs to first be logged into Facebook, then authorize your application to interact with the user's Facebook profile. In addition, in order to allow the application to interact with Facebook without having to redirect the user to a login for each new session, you will need an infinite session. There are also multiple other 'extended permissions' that Facebook requires to be approved individually. It is up to the client application to deal with these requirements. Here is some sample code demonstrating various authentication processes.


First, let's assume that the user has not done anything with your application yet. To check this we could do something like this:

One time Authotrize the application to let it access the users profile info infinitely.

Use the following link to ask the user for  "Allow Constant Authorization."

*api_key is the key of your application, you save in step 2.

Enter the user name & password to authenticate the user.
Click allow to let the application access your profile info & other details.

Next Page will say "success"
Copy the response URL and extract the session_key from it.
It will be of the  form "e008547690df35df64243591-2335652".
Verify that after "-" in the session key is your user_id (2335652).

This link will take the user to a page that will first ask them to login, and then requests permission for you application to interface with their Facebook profile. Once that happens, Facebook will redirect back to your callbackurl. Once back on your callback page, you will need to capture the values that Facebook has sent back to you.


  1. Now use this session_key (permanent/infinite session_key) for further querying from your application.
    Before this, change the application type of your facebook app back to "Web" (from "Desktop").
  2. Usage
    Now my application has the following things
    1. api_key
    2. secret_key
    3. user_id (part of session_key)
    4. session_key (permanent)
    5. call_id & sig (timehash & md5 hash - generate from your app)

With the help of above 6 keys, your application can directly communicate with the user's facebook profile, and extract the desired info.

To get the user (in context) profile info:


" uid, first_name, last_name, name, pic_small, pic_big, pic, affiliations, profile_update_time, timezone, religion, birthday, sex, hometown_location, meeting_sex, meeting_for, relationship_status, significant_other_id, political, current_location, activities, interests, is_app_user, music, tv, movies, books, quotes, about_me, hs_info, education_history, work_history, notes_count, wall_count, status FROM user WHERE uid IN (656513258)&session_key=e008547690df35df64243591-2335652&api_key=e77f1c7e6b1fa2d4d8495622bac2881a&v=1.0&call_id=8cc2c22a82768a4&sig=21850d21ac086498bddf894ea4b289a5"

This is a simple HTTP Request which will give the HttpResponse in XML format.
Use the FaceBookDevelopment Kit todo this or create your own methods, for the same.

Remember, you dont need to show the login page to the user again ever (unless the user unauthorizes the application himself from his profile)

-Abhinav Bhandawat

Nov 18, 2009 at 11:57 AM

Thanks for the tutorial, Abhinav. I'll see how I can use your suggestion in my project. :)

Jan 18, 2010 at 7:01 AM
Edited Jan 18, 2010 at 7:02 AM

Okay, so I was able to retrieve a infinite session keys of my website's users, and store them. Now, I want to use this session key to be able to make API calls on behalf of the users, say, updating their status messages. Any idea on how to do that? I searched quite a lot about it, with no luck.

Jan 18, 2010 at 1:22 PM

Search harder you must.

Jan 19, 2010 at 3:17 AM
patja wrote:

Search harder you must.

Thanks, patja. I'll test it out and reply back. :)


Jan 19, 2010 at 10:43 AM


It finally worked. Thanks. :)


Jan 20, 2010 at 3:48 PM

Awesome!  Glad it helped.