This project is read-only.

Using in "blocked Facebook" environment

Apr 13, 2011 at 9:17 AM


First of all, my own thanks for this project. It really makes life easier for .NET developers intimidated by Facebook's relative instability as an API platform.

I have been trying to use this library on an FB IFrame-hosted app that is also meant to be accessible as a standalone site (while still employing FB integration). The idea is that, for example, on Day-1 an FB user visits the app while inside FB and grants it the relevant permissions for profile access etc. Then on Day-2, the same user uses a PC that has no client access to Facebook (e.g. on a work computer where Facebook access is blocked) and visits the standalone site. It is desirable that the user be able to be authenticated using his FB credentials and employ any of the other API features (friends, photos etc.).

Two issues have emerged so far:

1) When visiting the standalone site (Day-2), in order to perform authentication, there is a momentary client-side redirection to FB and then back to the original site page. Obviously in a blocked-FB environment this redirection will fail. Is it possible to perform this step purely server-side, to bypass the block? If the user's token string has been saved from Day-1, is it possible to use it to instantiate the "Api" object?

2) From what I understand, the Canvas-class page is recommended when constructing an IFrame-hosted app, while the Socialpage-class is recommended for building standalone apps with FB integration. In this case, where the standalone app will be the exact same one that is IFrame-hosted, which page class should be employed? Or should I make a CanvasPage1 and a SocialPage1 for each logical Page1 in the application, and encapsulate the common functionality in user controls?

Thanks in advance for any help!

Apr 13, 2011 at 6:55 PM

Hi Dimitris,

If you want to authenicate the user without redirecting to Facebook, then you should prompt the "offline_access" permission. This would allow you to save the access token in a database and then retrieve it later. The redirection is necessary because only is supposed to read its cookies. Therefore, you should provide some sort of alternate login mechanism on your standalone site, which would allow you to identify the user and pick the correct access token from your database. There are some applications out there that can access the user's Facebook News Feed on behalf of them (such as a Windows Gadget or Live Messenger). If you notice, all these applications ask for the "offline_access" permission.

As for your second question, I'd recommend creating two seperate pages, then write your codes in App_Code or use User Controls or something like that so your codes can be re-used across the pages. It is also possible to merge the two by combining codes in the source, but it may take some time and some experiment to get it work perfectly.

Apr 13, 2011 at 10:28 PM

Thank you for the prompt help. I will follow your suggestions and post follow-ups if necessary.