Canvas authentication for c# asp.net and general principles

I am trying to find the general principles of using the Facebook C# SDK to write a canvas application.

My approach is as follows. I have a master page which I attempt to authorise on the oninit page. All is well. The first time round we are not authorized and the second time round we are. When I post back it all goes wrong. I would have expected the authorization / cookies / session item / viewstate item to hang around and my authorizer item to remain authorised.

This appears not to be the case.

Should I only check this authorization once and then stick this auth token in memory? then when I want to get information / post information, pass this auth token in manually?

Is the general principle that when I want to post / get I create a new instance of facebookapp and pass in the auth token?

Here is the code i was using.

Can I get some general principles specific to c#, asp.net, codeplex SDK dlls

Many thanks Spiggers

public partial class facebook : System.Web.UI.MasterPage
{
    protected FacebookApp fbApp;
    protected CanvasAuthorizer authorizer;
    protected FacebookSettings oSettings = new FacebookSettings();

    protected override void OnInit(EventArgs e) {

            //not sure that we need this, or indeed if this works
            //HttpContext.Current.开发者_StackOverflow中文版Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

            oSettings.AppId = Config.Facebook.FacebookApplicationID;
            oSettings.AppSecret = Config.Facebook.FacebookSecret;
            fbApp = new FacebookApp(oSettings);
            authorizer = new CanvasAuthorizer(fbApp);

            if (!authorizer.IsAuthorized()) // postbacks always fail this, to it reposts itself and the postback event does not fire!!!
            {
                string scope = "publish_stream,email,user_birthday";
                var url = Common.Facebook.Authorization.AuthURL(Config.Facebook.FacebookApplicationID, Config.Facebook.RedirectURL, scope);
                var content = CanvasUrlBuilder.GetCanvasRedirectHtml(url);
                Response.ContentType = "text/html";
                Response.Write(content);
                Response.End();
            }
            base.OnInit(e);
        }
     }