Using Facebook for authentication only

May 19, 2008 at 8:23 PM
I'm trying to support Facebook as an authentication mechanism much like we would OpenId - all I need to do is verify that a particular user exists. If we have the userid in the system already, I would just authenticate and redirect using FormsAuthentication; if we don't have the user already, I would seamlessly create a local account and ideally pull in additional information like name, etc from the user info.

I expected this to be very simple to do programmatically. I would just redirect to their login page and get back an auth_token, which I would in turn pass to auth.getSession, and so on. The challenge I've run into (as discussed here previously: is that many classes are either protected or have protected constructors. Given that my code obviously exists outside of the Facebook.NET assembly, I don't have access to this (that is, without going in and recompiling all of this myself and maintaining it accordingly).

In an ideal case, the fbApplication control on my page would just see the auth_token in the querystring and create a session for me automatically. At worst case, I would like to be able to re-use the same logic that already exists to do this.

Any thoughts on how I can attack this problem within FB.NET? Am I missing an obvious control/mode/class that I could use for this?