How to authenticate the user and restrict a Facebook app for just posting from server side?

I'm creating a game for iOS (and maybe Android) in Flash (with Adobe AIR) and I'm trying to integrate Facebook. I've read lots of similar questions but I still can't get a clear answer. With my app:

Users will be able to login using Facebook at client side. (done this, using facebook-actionscript-api)

Users, however, should NOT be able to post anything server side, to avoid abuse (such as 'I made 9999999 points' posts).

I have a server (ASP.NET 4.0) and my server should be able to post on behalf of the player. (such as 'I made 1234 points', after a validity checking)

How can I validate my Facebook user at server side, restrict user from publishing using my App at client side, and let my server publish posts for that user?

Is there any option to grant the publish rights just to the server? Would Facebook's server whitelist work? But how would I then make API calls for user from client side (or should I move all the logic to server side after getting a token?

Thanks, Can.


I say the best option is to assign a token for user and do the job server side.

Need Your Help

When I use the .NET WebClient DownloadFileAsync I randomly get zero length files returned

c# .net asynchronous async-await webclient

I'm trying to download files from my FTP server - multiples at the same time. When i use the DownloadFileAsync .. random files are returned with a byte[] Length of 0. I can 100% confirm the file ex...

Insert a pair of object into a map


I'm trying to insert some pair value into a map. May map is composed by an object and a vector of another object. i don't know why but the only way to make the code to compile is to declare the first