+ Start a Discussion
logontokartiklogontokartik 

Invalid Session when trying to Integrate .NET to Salesforce

Hi,

We have built a .NET to Salesforce Integration, and .NET Client keeps sending Data to Salesforce via Custom Webservice written in Apex. (Endpoint is dynamically generated after Login call). 

 

We use the Partner WSDL to authenticate and dynamically generate the Endpoint URL. We store the Session ID and re-use it until it expires and then again relogin with credentials to get the New Session ID. 

 

The Integration was working fine for 3 months and all of sudden Salesforce Starting Rejecting the Sessions since last 1 week.

 

Not sure what has changed but this issue broke our integration and we are getting lot of complaints from users. 

 

Can you please shed some light on what might be the Issue?  I also have validated if "lock sessions to originating IP" is turned on and it is NOT. 

 

So we are now out of options. 

 

Thanks

Kartik.

Navatar_DbSupNavatar_DbSup

Hi,

 

The lifetime of an access token obtained by the above mechanisms is limited to the session timeout configured in Setup ? Security Controls ? Session Settings. When an access token expires, attempts to use it, then will result in an error response with a 401 HTTP status code and a JSON-encoded body of

[ { message: 'Session expired or invalid'

, errorCode: 'INVALID_SESSION_ID'

}
]
In this situation, the client application can use the refresh token to obtain a new access token. The refresh token represents the user's access grant to the application, and is valid until explicitly revoked by the user, via Setup ? My Personal Information ? Remote Access.

The client application obtains a new access token by POSTing another request (4) to https://login.salesforce.com/services/oauth2/token, this time with payload of the form:

grant_type=refresh_token&client_id=3MVG9lKcPoNINVBJGKrUKSXjJRTgKoeZx6OvJLXwLO8n80_OY.ydx0cQ24zGwBhRfa4YEWrFaNVVdI142EivZ&client_secret=7868057769520845245&refresh_token=5Aep861eWO5D.7wJBuW5aaARbbxQ8hssCnY1dw3qi59o1du7ob.lp23ba_3jMRnbFNT5R8X2GUKNA==

grant_type Set this to refresh_token.
client_id Your application's client identifier.
client_secret Your application's client secret (optional).
refresh_token The refresh token provided in the previous access grant.


On receipt of the access token, the client can repeat its request


For more Information :
http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com

 

Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved.