public class TokenValidationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
var token = actionContext.Request.Headers.GetValues("Token").First();
if (this.IsTokenValid(token))
{
base.OnActionExecuting(actionContext);
return;
}
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("Unauthorized User")
};
}
public bool IsTokenValid(string token)
{
using (var client = new WebClient())
{
var result =
client.DownloadString(
string.Format(
"https://graph.facebook.com/debug_token?input_token={0}&access_token={1}",
token,
YourFacebookApiKey));
var facebookToken = JObject.Parse(result);
return (bool)facebookToken["data"]["is_valid"];
}
}
}