function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
SenyorsSenyors 

"Access is Denied" Errors through Custom URL Tab

I have just completed a custom .NET application that "talks" to SalesForce.com and runs perfectly fine when browsed outside of SalesForce.com. However, when I try to access the same application through a SalesForce.com custom tab, I get an "Access is denied" error each time I try to click into a field, make a pulldown selection, click a button, etc. Note that the app does "work" in SalesForce.com, but naturally all of the error messages are quite annoying and need to be taken care of.

 

Since the app works fine outside of SalesForce.com, I'm presuming that the issue is with the app misbehaving in whatever frame mechanism SalesForce.com forces it through. I also suspect that it's an AJAX issue (yes, the .NET app I've created leverages AJAX 1.0), and that the SalesForce.com frame displaying my app is somehow interferring with the AJAX mechanism. Finally, I've noticed that the app works fine even within SalesForce.com when viewed in Firefox--the problem only manifests itself in IE 7.

 

If someone has experienced this sort of issue before, please let me know!

 

Scott M. Huelsman

HSA Applications Development

608-443-4339

mary.annjoymary.annjoy
Hi,
I need some help for a custom app I'm creating for my support site. I use Salesforce for asking my customers to log into Salesforce and redirect them to my custom app on my site. I want to know how do you maintain session or authenticate the user on your site. This is in case somebody just types in the URL of my site. Is there any kind of API that Salesforce provides?
 
Thanks..
SenyorsSenyors

Mary,

Yes, Sales Force provides pretty much everything you need to connect to your SalesForce.com data through your own app and manipulate your data in whatever manner you wish. We just built a custom app using .NET and Visual Studio 2005, and the whole thing went pretty smoothly (apart from the current issue I'm having, which I think is Ajax-related).

You may want to review the content found at http://wiki.apexdevnet.com/index.php/API#Getting_Started. Good luck with your own custom app.  :smileyhappy:

Scott
mary.annjoymary.annjoy
Thank you very much. I did go through the link. But I'm confused about how to handle the logout from within my custom app. Can you help me?
 
Thanks.
SenyorsSenyors
Do you want your folks to log in through SalesForce.com first, find your custom app and then send them to it (essentially using SalesForce.com to verify their credentials)? If that's the case, then I'm not sure how best to maintain state after the redirect.
 
To get around this issue, we built a log-in directly into our custom app that verifies SalesForce.com credentials (and merely make the app available via a custom tab in SalesForce.com). This way, we don't have any issues with maintaining state or redirection; everything is self-contained within the custom app.
 
I'm not exactly sure about what you're trying to accomplish, so if I'm off-target here, just let me know and we'll try again.  :smileywink:
mary.annjoymary.annjoy

Hi,

In our case, the user comes to corporate site, from there he's redirected to Salesforce for logging in and from salesforce he has to click on a link which redirects him to our custom app(which is external to Salesforce). I maintain state seperately within our app. I read that Salesforce doesn't provide a log out facility in their API, but the user is logged out automatically after a time period set by the administrator in Salesforce. I was wondering how can I keep track of that?

 

Thanks.
SenyorsSenyors

I could be wrong, but it seems to me that by logging folks in via SalesForce.com and then attempting to pass them on to your custom app, the best you can do is pass along some sort of parameter to your custom app indicating that the user has indeed logged into SalesForce.com. Perhaps it's possible to pass along a session ID from SalesForce.com, have your app go back to the appropriate SalesForce.com server and verify that that session ID exists, and go from there. But I really wouldn't know how to generate the session ID to pass to your custom app in the first place.

Hence, my recommendation would be to embed a login directly into your custom app. This gets around the problem you're having, and certainly is a more secure way of handling things. It also allows you to make your custom app available outside of SalesForce.com and still ensure that unauthorized visitors can't get into the app.

Good luck with your project!
mary.annjoymary.annjoy
The Session id is appended to the URL for redirection to our app. I read about Self Service feature. Is that what you mean by saying 'to embed the login into our custom logo'? This is the link.
 The article describes how to customize the tabs and fields that would be visible to users, but there is no information regarding how to add our custom pages.
 
Thanks.
SenyorsSenyors

Thanks for sharing the link you sent. I think the disconnect we're having here is that I was unaware you could bring SalesForce.com content directly into a custom app--our solution was built totally from scratch and doesn't utilize any SalesForce.com content. Rather, we built an initial login page that leverages the Sales Force API to connect to the database associated with our corporate account and we draw data from that connection to support our app--we're not utilizing any actual SalesForce.com content.

I think the bottom line is that we've taken a completely different approach, so I don't think I can be of any help with your project. If you get things figured-out, please update this thread so the rest of us can learn from your success.  :smileyhappy:
mary.annjoymary.annjoy
My users are also Self service users and I'm using an external application. I found out that using GetUserInfo() for Sellf service users does not return any info about the user like username,which I need. Can you help?
 
Thanks.
BecklesBeckles

Scott,

  I have the same issue with Access Denied and IE.  I was able to fix it on my development environement pointing to local host via this sites instructions:

http://weblogs.asp.net/bleroy/archive/2007/01/31/how-to-work-around-the-quot-access-denied-quot-cross-domain-frame-issue-in-asp-net-ajax-1-0.aspx

However, now that I have it in production the Access Denied error is back.  Did you ever find a solution for your errors?
SenyorsSenyors

From what I can gather, there is no fix--trying to use AJAX through a frameset hosted on different servers invokes the security issue and there's no way around it. I decided to take a low-tech route and simply build a new page that contains a hyperlink and some simple instructions; folks click on the appropriate SalesForce.com tab, click the link and open our custom application within a new browser instance. This works for us because our app doesn't require a login through SalesForce.com anyway--that functionality is already built into the app. In fact, we plan to recommend that folks bypass SalesForce.com altogether if all they want to do is work with our app.

For the record, I got absolutely no help from SalesForce.com itself. You would think that someone would have posted some sort of warning about using .NET AJAX through a custom SalesForce.com tab somewhere.

Good luck with your own project.