AccountController.cs

using System;
using System.Collections.Generic;
using System.Web.Mvc;
using System.Web.Security;
using Facebook;
using MyFacebookSite3434.Models;

namespace MyFacebookSite3434.Controllers
{
    public class AccountController : Controller
    {
        public ActionResult LogOn(string returnUrl)
        {
            var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current)
            {
                RedirectUri = GetOAuthCallbackUri()
            };
            var loginUri = oAuthClient.GetLoginUrl(new Dictionary<string, object> { { "state", returnUrl } });
            return Redirect(loginUri.AbsoluteUri);
        }

        public ActionResult OAuth(string code, string state)
        {
            FacebookOAuthResult oauthResult;
            
            if (!FacebookOAuthResult.TryParse(Request.Url, out oauthResult) ||
                !oauthResult.IsSuccess)
            {
                return RedirectToAction("Index", "Home");
            }

            var oAuthClient = new FacebookOAuthClient(FacebookApplication.Current)
            {
                RedirectUri = GetOAuthCallbackUri()
            };
            dynamic tokenResult = oAuthClient.ExchangeCodeForAccessToken(code);
            string accessToken = tokenResult.access_token;

            var expiresOn = DateTime.MaxValue;

            if (tokenResult.ContainsKey("expires"))
            {
                expiresOn = DateTimeConvertor.FromUnixTime(tokenResult.expires);
            }

            var fbClient = new FacebookClient(accessToken);
            dynamic me = fbClient.Get("me?fields=id,name");
            long facebookId = Convert.ToInt64(me.id);

            InMemoryUserStore.Add(new FacebookUser
            {
                AccessToken = accessToken,
                Expires = expiresOn,
                FacebookId = facebookId,
                Name = (string) me.name,
            });

            FormsAuthentication.SetAuthCookie(facebookId.ToString(), false);

            if (!Url.IsLocalUrl(state))
                return RedirectToAction("Index", "Home");

            return Redirect(state);
        }

        Uri GetOAuthCallbackUri()
        {
            if (Request.Url == null)
                throw new InvalidOperationException("Request.Url was null");

            var relativeUri = Url.Action("OAuth", "Account");
            return new Uri(Request.Url, relativeUri);
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }
    }
}

FacebookUser.cs

using System;

namespace MyFacebookSite3434.Models
{
    public class FacebookUser
    {
        public long FacebookId { get; set; }
        public string AccessToken { get; set; }
        public DateTime Expires { get; set; }
        public string Name { get; set; }
    }
}

InMemoryUserStore.cs

using System;
using System.Collections.Concurrent;
using System.Linq;

namespace MyFacebookSite3434.Models
{
    public class InMemoryUserStore
    {
        static readonly IDictionary<long, FacebookUser> users = new ConcurrentDictionary<long, FacebookUser>();

        public static void Add(FacebookUser user)
        {
            users[user.FacebookId] = user;
        }

        public static FacebookUser Get(long facebookId)
        {
            return users[facebookId];
        }
    }
}