You need to sign in to do that
Don't have an account?
"Access is Denied" Errors through Custom URL Tab
I have just completed a custom .NET application that "talks" to SalesForce.com and runs perfectly fine when browsed outside of SalesForce.com. However, when I try to access the same application through a SalesForce.com custom tab, I get an "Access is denied" error each time I try to click into a field, make a pulldown selection, click a button, etc. Note that the app does "work" in SalesForce.com, but naturally all of the error messages are quite annoying and need to be taken care of.
Since the app works fine outside of SalesForce.com, I'm presuming that the issue is with the app misbehaving in whatever frame mechanism SalesForce.com forces it through. I also suspect that it's an AJAX issue (yes, the .NET app I've created leverages AJAX 1.0), and that the SalesForce.com frame displaying my app is somehow interferring with the AJAX mechanism. Finally, I've noticed that the app works fine even within SalesForce.com when viewed in Firefox--the problem only manifests itself in IE 7.
If someone has experienced this sort of issue before, please let me know!
Scott M. Huelsman
HSA Applications Development
608-443-4339
Mary,
Yes, Sales Force provides pretty much everything you need to connect to your SalesForce.com data through your own app and manipulate your data in whatever manner you wish. We just built a custom app using .NET and Visual Studio 2005, and the whole thing went pretty smoothly (apart from the current issue I'm having, which I think is Ajax-related).
You may want to review the content found at http://wiki.apexdevnet.com/index.php/API#Getting_Started. Good luck with your own custom app. :smileyhappy:
Scott
Hi,
In our case, the user comes to corporate site, from there he's redirected to Salesforce for logging in and from salesforce he has to click on a link which redirects him to our custom app(which is external to Salesforce). I maintain state seperately within our app. I read that Salesforce doesn't provide a log out facility in their API, but the user is logged out automatically after a time period set by the administrator in Salesforce. I was wondering how can I keep track of that?
Thanks.
I could be wrong, but it seems to me that by logging folks in via SalesForce.com and then attempting to pass them on to your custom app, the best you can do is pass along some sort of parameter to your custom app indicating that the user has indeed logged into SalesForce.com. Perhaps it's possible to pass along a session ID from SalesForce.com, have your app go back to the appropriate SalesForce.com server and verify that that session ID exists, and go from there. But I really wouldn't know how to generate the session ID to pass to your custom app in the first place.
Hence, my recommendation would be to embed a login directly into your custom app. This gets around the problem you're having, and certainly is a more secure way of handling things. It also allows you to make your custom app available outside of SalesForce.com and still ensure that unauthorized visitors can't get into the app.
Good luck with your project!
Thanks for sharing the link you sent. I think the disconnect we're having here is that I was unaware you could bring SalesForce.com content directly into a custom app--our solution was built totally from scratch and doesn't utilize any SalesForce.com content. Rather, we built an initial login page that leverages the Sales Force API to connect to the database associated with our corporate account and we draw data from that connection to support our app--we're not utilizing any actual SalesForce.com content.
I think the bottom line is that we've taken a completely different approach, so I don't think I can be of any help with your project. If you get things figured-out, please update this thread so the rest of us can learn from your success. :smileyhappy:
Scott,
I have the same issue with Access Denied and IE. I was able to fix it on my development environement pointing to local host via this sites instructions:
http://weblogs.asp.net/bleroy/archive/2007/01/31/how-to-work-around-the-quot-access-denied-quot-cross-domain-frame-issue-in-asp-net-ajax-1-0.aspx
However, now that I have it in production the Access Denied error is back. Did you ever find a solution for your errors?
From what I can gather, there is no fix--trying to use AJAX through a frameset hosted on different servers invokes the security issue and there's no way around it. I decided to take a low-tech route and simply build a new page that contains a hyperlink and some simple instructions; folks click on the appropriate SalesForce.com tab, click the link and open our custom application within a new browser instance. This works for us because our app doesn't require a login through SalesForce.com anyway--that functionality is already built into the app. In fact, we plan to recommend that folks bypass SalesForce.com altogether if all they want to do is work with our app.
For the record, I got absolutely no help from SalesForce.com itself. You would think that someone would have posted some sort of warning about using .NET AJAX through a custom SalesForce.com tab somewhere.
Good luck with your own project.