Facebook Connect

Nov 24, 2008 at 5:20 AM

I'm at step 8 of the authentication overview found here: http://tinyurl.com/5527og

In particular, the user has logged into facebook via Facebook Connect and their web session has been created.  How do I use the developer toolkit to retrieve the uid?

Nov 27, 2008 at 1:15 PM

You do not need to use the standard authentication things from Facebook, this is all implemented allready in the Facebook Developer Toolkit.

To establish a session, you just need the following things:
  1. Inherit your base page class from the facebook.web.CanvasIFramBasePage (for IFrame Pages) or from the facebook.web.CanvasFBMLBasePage (for FBML Pages)
  2. Add the Keys "APIKey" and "Secret" to your appSettings in the web.config with the data of your Facebook Application (Key and Secret can be found on the overview page of your application)
  3. For FBML Pages, add the "base.RequiresLogin = true" to the Page_PreInit(object sender, EventArgs e)
  4. If you override / use the Page_Load in your base class, don't forget to fire "base.Page_Load(sender, e);" somewhere in your Page_Load
After that, the toolkit checks by itself if the user is logged in and if he is in the facebook environment. Very easy and nice :)

Nov 28, 2008 at 6:16 AM
Hi Stops,

My impression was that inheriting from the IFrame or FBML base pages is intended for building facebook applications,  am I wrong?  I am building a site outside of facebook and would like to provide facebook authentication to my users via Facebook Connect.  If I am not building a facebook application, should I still inherit from one of the aforementioned base pages?

Nov 28, 2008 at 9:56 AM
Edited Nov 28, 2008 at 10:00 AM
Good morning :)

I'm sorry, then I misunderstood you.
In this case I think the best way would be to use the facebook.Components.FacebookService

With the following Code, you can initialize and establish a session:

facebook.Components.FacebookService fb = new facebook.Components.FacebookService();
fb.ApplicationKey = "YOUR APP KEY";
fb.Secret = "YOUR SECRET";

string sessionKey = Session["facebook_session_key"] as String;
long userId = Convert.ToInt64(Session["facebook_userId"]);
string authToken = Request.QueryString["auth_token"];

if (!String.IsNullOrEmpty(sessionKey))
 fb.SessionKey = sessionKey;
 fb.uid = userId;
else if (!String.IsNullOrEmpty(authToken))

 Session["facebook_session_key"] = fb.SessionKey;
 Session["facebook_userId"] = fb.uid;
 Session["facebook_session_expires"] = fb.SessionExpires;
 Response.Redirect(@"http://www.facebook.com/login.php?api_key=" + fb.ApplicationKey + @"&v=1.0");

After these steps, you can access to the fb.userid to get the current user ID (you can get any function or data out of the toolkit).
If you allready established a current session with facebook and don't want to redirect or something, you just can use the middle of the scribt above (just insert the authToken with the authentication token you got from the facebook login).

Edit: you have to use the top if you allready logged in correctly into facebook, just remove the redirect at the bottom. So at the first execution, you create a sessionkey with fb.CreateSession(authToken); and in the further requests you can just set the correct session key and user ID to access the FacebookService functions.

Hope this helps.

Nov 30, 2008 at 2:40 AM
Edited Nov 30, 2008 at 3:50 AM
Hi Stops,

Thanks for your help thus far, but I dont think that will work.  When using Facebook Connect, a cookie is created for the domain name of the application.  

"On the next request to the app server, cookies will be sent that contain signed session information. "

I don't see any reference to cookies in your code.  I am at step 8 of the Facebook Connect tutorial here: http://tinyurl.com/5527og

Has anyone worked with Facebook Connect and this toolkit?

Dec 2, 2008 at 2:14 AM
Step 8 has a link to "verify the signature", which is where you'll see information on the cookies used and how to verify them.  TheAPIKEY_user cookie would contain the user id.  It appears you have to process/verify the cookies, and propogate their values to the FacebookService.  It'd be nice to have this as part of the toolkit.
Dec 2, 2008 at 2:30 AM
Edited Dec 2, 2008 at 7:33 AM
Yeah you're right.  Actually this article does a good job explaining each cookie and how to get the user id, etc.

Facebook Connect actually isn't too difficult, there's just a lack of documentation.

Put the necessary javascript from here: 

Validate the cookies match the signature provided by facebook to prevent hacking, see:
for an explanation on how to get started

Create an api object (Facebook.API.FacebookAPI)
On the api object, set the application key and secret Facebook provides you when you create your app.
Set api.SessionKey and api.UserId from the cookies created for you from facebook connect.

Once that is done, you can start making calls to facebook:
Facebook.Entity.User user = api.GetUserInfo();   //will get you started with the authenticated person
Dec 4, 2008 at 8:48 AM
Hi Everyboby,

I use the same code as Stops. It works perfectly expect when I access to the page with the canvas url.
when y access to my page via http://apps.facebook.com/FbCmaTest/ this code doesn't  find any facebook session variables
Session["facebook_session_key"] as String and Request.QueryString["auth_token"] return me null even if I'm connected.
But if I launch my page with the url http://mydomain.com/FbCmaTest/ it's ok .

Can someone help me?

Dec 4, 2008 at 9:44 AM
Good Morning,

Is it possible that you use a FBML Page and not a IFramed page? I think that you do not have the correct session settings if you use a FBML Page (because it is rendered @ facebook.com and not on your own side).

Perhaps you have to use the global application cache to store this informations (in case of a FBML Page), but I don't really know (until now i never used a FBML page.. :)

Dec 4, 2008 at 10:02 AM
Hi stops,

The application is already configured in FBML mode and I render the page with fbml.

But even if it's rendered in Facebook the behind code is interpreted by my server isn't it?

Dec 4, 2008 at 10:37 AM
Hi Lolo,

Yes, that's true. It is rendered by your server, correct. But the connection made to your server is from Facebook and not from the Client Computer self, so you do not have any Session state available (just the session opened from the Facebook server).

Because if a user requests a FBML Page, he connects to http://apps.facebook.com/anyapp/. Now the Facebook Server know that this is a FBML Page and requests the page from your server (so the connection is made from the Facebook server self).

So the best way would be that you use the HttpContext.Current.Cache with cache keys similar to API.uid + "_fb_sessionid" or something like this. To store the UserID, you could try to get this into the Viewstate (bit I don't know if this is working with fbml).

Does anybody reads this thread and allready used FBML pages with server side code (where the API was fully integrated)?

Sorry for not giving a better answer, but for me it is difficult to say how it will react as I never used FBML Pages until now.. :)

Dec 4, 2008 at 2:53 PM
Hi Stops,

thanks for this explanation. I find another way to resolve this problem. Instead of using the FacebookService component I use a page which inherits from CanvasFBMLBasePage.
I use 



base.ApiKey = ConfigurationManager.AppSettings["ApiKey"];



base.Secret = ConfigurationManager.AppSettings["Secret"];



base.Page_Init(sender, e);



But when I call the API.uid property it always return me 0.

have you any explain?


Dec 4, 2008 at 3:23 PM
Hi Lolo,

Do you use the following code in your Page:

protected void Page_PreInit(object sender, EventArgs e)
 base.RequireLogin = true;

(the base of the Page must be the CanvasFBMLBasePage)

This ensures that the user is logged in allready.

Dec 4, 2008 at 5:22 PM
Hi Stops,

I just put it on my code an it solve the problem. Thanks.
I just already have it in my profile tab.
Because using requirelogin = true generate an fb:redirect into the page which is not allowed in the profile tab.

Dec 4, 2008 at 5:25 PM
Hi Lolo,

What happens if you just change RequireLogin to false? Because in the Profile tab it should be allways logged in (otherwise you should not be able to see the Profile Tab).

But this is a point where I really have no experience, so I'm sorry for not giving any better answer.

Jun 10, 2009 at 7:56 AM

Is there a way to get the authtoken without hitting that login.php page?  I much prefer the javascript lightbox login method with facebook connect, is there a way I can just reload the page in js and retrieve my authtoken from a cookie variable or something?