{"id":444,"date":"2014-06-09T16:26:00","date_gmt":"2014-06-09T16:26:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/webdev\/2014\/06\/09\/updating-the-mvc-facebook-api\/"},"modified":"2022-08-08T05:19:18","modified_gmt":"2022-08-08T12:19:18","slug":"updating-the-mvc-facebook-api","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/updating-the-mvc-facebook-api\/","title":{"rendered":"Updating the MVC Facebook API"},"content":{"rendered":"

Over the past several months Facebook made changes to their application development APIs that were incompatible with the MVC Facebook support.<\/p>\n

We have been working on updates while the Facebook API kept evolving, and on 4\/30\/2014 Facebook announced a two-year stability guarantee<\/a>. This was a fantastic announcement because this ensured a similar stability for ASP.NET MVC developers developing Facebook applications. We’ve fixed the Facebook package and renamed it to Microsoft.AspNet.Facebook<\/strong>. This package is now available on NuGet.<\/p>\n

Here<\/a>are the issues that we’ve fixed.<\/p>\n

If you’re new to the world of Facebook application development on MVC you can check out a Birthday application here<\/a>. Keep in mind this tutorial will be gradually updated so it may not be entirely accurate.<\/p>\n

The important new stuff<\/h3>\n

The original Microsoft.AspNet.Mvc.Facebook package and corresponding API’s at the time had no concept of optional or default permissions. This created friction with some of the updated prompt dialogs that Facebook released. To address this we’ve made the Facebook’s authorize filter more flexible by providing permission prompt hooks to control login dialog flow.<\/p>\n

FacebookAuthorizeFIlter<\/em> now exposes OnPermissionPrompt<\/em> and an OnDeniedPermissionPrompt<\/em> hooks. <\/strong>So what do these hooks do? Let’s go over each in detail.<\/p>\n

OnPermissionPrompt<\/h3>\n

Every time a prompt is about to be shown the OnPermissionPrompt <\/em>is invoked and passed a PermissionContext<\/em>. The hook enables you to modify the login flow by setting the context’s Result <\/em>property just like you’d do in an authorization filter.<\/p>\n

To utilize the OnPermissionPrompt<\/em> you can create a FacebookAuthorizeFilter<\/em>like so:<\/p>\n

public class <\/span>CustomFacebookAuthorizeFilter <\/span>: <\/span>FacebookAuthorizeFilter <\/span>{ <\/span>public <\/span>CustomFacebookAuthorizeFilter(<\/span>FacebookConfiguration <\/span>config) : <\/span>base<\/span>(config) { } <\/span>protected override void <\/span>OnPermissionPrompt(<\/span>PermissionContext <\/span>context) { <\/span>\/\/ This sets context.Result to ShowPrompt(context) (default behavior) <\/span>base<\/span>.OnPermissionPrompt(context); } }<\/span><\/pre>\n
 <\/pre>\n
And then you can apply the filter the same way you’d apply a FacebookAuthorizeFilter<\/em>in the old world:<\/p>\n
GlobalFilters<\/span>.Filters.Add(<\/span>new <\/span>CustomFacebookAuthorizeFilter<\/span>(yourFacebookConfiguration));<\/span><\/pre>\n
The default behavior of the OnPermissionPrompt<\/em> hook is to set the PermissionContext<\/em>‘s result to a ShowPromptActionResult<\/em> by calling into the ShowPrompt<\/em> method. The source code of the OnPermissionPrompt<\/em>method looks like this:<\/p>\n
protected virtual void <\/span>OnPermissionPrompt(<\/span>PermissionContext <\/span>context) { context.Result = ShowPrompt(context); }<\/span><\/pre>\n
The ShowPrompt <\/em>method returns an action result that shows the permission prompt to the user. We can do more though; if we really wanted to, we could redirect the user to a different action every time a prompt was about to be shown by overriding the default signature as shown:<\/p>\n
protected override void <\/span>OnPermissionPrompt(<\/span>PermissionContext <\/span>context) { context.Result = <\/span>new <\/span>RedirectToRouteResult<\/span>( <\/span>new <\/span>RouteValueDictionary <\/span>{ { <\/span>\"controller\"<\/span>, <\/span>\"home\" <\/span>}, { <\/span>\"action\"<\/span>, <\/span>\"foo\" <\/span>} }); }<\/span><\/pre>\n
This would redirect us to the Home<\/em> controller’s action Foo<\/em>instead of prompting the user for permissions.<\/p>\n
Lastly we could modify the OnPermissionPrompt<\/em> method to ignore every prompt that’s shown via setting the PermissionContext<\/em>‘s Result<\/em>to be null:<\/p>\n
protected override void <\/span>OnPermissionPrompt(<\/span>PermissionContext <\/span>context) { context.Result = <\/span>null<\/span>; }<\/span><\/pre>\n
This would make it so we never prompt a user for permissions. This isn’t ideal but it is possible.<\/p>\n
OnDeniedPermissionPrompt<\/h4>\n
The OnDeniedPermissionPrompt<\/em> is invoked when we detect that a user has revoked, declined, or skipped permissions. This occurs instead of the OnPermissionPrompt<\/em> hook when there are denied permissions. Just like the OnPermissionPrompt<\/em> we can utilize this hook by creating a FacebookAuthorizeFilter<\/em>like so:<\/p>\n
public class <\/span>CustomFacebookAuthorizeFilter <\/span>: <\/span>FacebookAuthorizeFilter <\/span>{ <\/span>public <\/span>CustomFacebookAuthorizeFilter(<\/span>FacebookConfiguration <\/span>config) : <\/span>base<\/span>(config) { } <\/span>protected override void <\/span>OnDeniedPermissionPrompt(<\/span>PermissionContext <\/span>context) { <\/span>\/\/ Does nothing (default behavior to leave context.Result null) <\/span>base<\/span>.OnDeniedPermissionPrompt(context); } }<\/span><\/pre>\n
And then just like the OnPermissionPrompt<\/em> above you can apply the filter the same way you’d apply a FacebokAuthorizeFilter<\/em>in the old world:<\/p>\n
GlobalFilters<\/span>.Filters.Add(<\/span>new <\/span>CustomFacebookAuthorizeFilter<\/span>(yourFacebookConfiguration));<\/span><\/pre>\n
The default behavior of the OnDeniedPermissionPrompt<\/em> hook is to leave the passed in PermissionContext<\/em>’s Result <\/em>member null to ignore the “denied” permission prompt. The source code of the OnDeniedPermissionPrompt<\/em>method looks like this:<\/p>\n
protected virtual void <\/span>OnDeniedPermissionPrompt(<\/span>PermissionContext <\/span>context) { }<\/span><\/pre>\n
Here we’re doing nothing so the PermissionContext<\/em>‘s Result<\/em> member is null; this indicates that we do not want to show the permission prompt to the user. If we were to do the same thing as OnPermissionPrompt<\/em> and set the PermissionContext’<\/em>s Result <\/em>to be a ShowPromptActionResult <\/em>we’d infinite loop in our login dialogs; the reason why is because every time the method is invoked there would still be denied permissions.<\/p>\n
Like the OnPermissionPrompt <\/em>hook you can modify the login flow with the result that you return. For example, let’s say we wanted to redirect to a “skip” handling page if we detect a user has skipped permissions:<\/p>\n
protected override void <\/span>OnDeniedPermissionPrompt(<\/span>PermissionContext <\/span>context) { <\/span>if <\/span>(context.SkippedPermissions.Any()) { context.Result = <\/span>new <\/span>RedirectResult<\/span>(<\/span>\"http:\/\/www.contoso.com\/SomeUrlToHandleSkips\"<\/span>); } }<\/span><\/pre>\n
PermissionContext<\/h3>\n
In the previous sections I did not discuss the PermissionContext<\/em> object that is passed into both the OnPermissionPrompt<\/em> and OnDeniedPermissionPrompt<\/em> hooks. This object exposes a significant amount of information that enable developers to modify the login flow. Let’s examine what the PermissionContext<\/em>has to offer:<\/p>\n