+ Start a Discussion
sh-at-youseesh-at-yousee 

Question about Site.login

Hi all,

 

I have a VF Page called SiteLogin which includes a component called SiteLogin.

 

The component is tied to a controller named SiteLoginController.

 

Now, when I type in my username and password in the form (component) and hit the login button all is well and I'm logged in.

 

I've tried to build a bit further on this controller so that in the constructor of the controller checks the URL parameters. If a username and password is found the login method is called. This also works as intended but I get the following error message back:

 

 

Error:This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'

 

 

In the form-tag of the SiteLogin Component forceSSL is set to true. As a bit of additional info I can mention that Setup --> Develop --> Site --> Login Settings --> Require Non-Secure Connections (HTTP) is unchecked.

 

The same goes for Setup --> Security Controls --> Seesion Settings --> Require secure connections (HTTPS). So, this is also unchecked.

 

Checking either one of them didn't solve the problem for me.

 

If someone can tell me why (and how to go around this error) I would really appreciate it.

 

Thanks.

 

/Søren Nødskov Hansen

Best Answer chosen by Admin (Salesforce Developers) 
sh-at-youseesh-at-yousee

Problem solved so I figured I'd post an update in case someone was looking at implementing a similar solution.

 

The solution actually was right there in front of me for a long time - it just needed a tiny bit of adjustment here and there.

 

When I realized that it wasn't possible to set forceSSL in the controller using Apex I turned to using JavaScript in the VF Page. Not the most elegant solution but it works.

 

Anyway, I created some JS for fetching URL parameters and added the following JS to the very bottom of my VF Page (just before the </apex:page> tag):

 

 

<script type="text/javascript">
var un = getURLParameter('un');
var pw = getURLParameter('pw');
if(un != null && pw != null) {
document.getElementById('loginPage:SiteTemplate:loginForm:username').value = un;
document.getElementById('loginPage:SiteTemplate:loginForm:password').value = pw;
document.getElementById('loginPage:SiteTemplate:loginForm:loginButton').click();
}
</script>

 

The method getURLParameter( String ) is the JS used for fetching URL GET request parameters. I've put that in separate file and stored it as a Static Resource in my org.

 

The original layout of the SiteLogin Page included the use of a separate component which had the actual login form. That posed some issues when accessing the form fields using JS so I ended up putting it into one VF Page whch solved the problem for me. However, that might not be an issue but just me (or my code).

 

One final note. Use button click() and not form submit() in your JS - submitting the form didn't work for me but clicking the button works like a charm.

 

/Søren Nødskov Hansen

 

All Answers

sh-at-youseesh-at-yousee

Just a quick update.

 

Instead of calling Site.login from the constructor of the controller, I tried to invoke the form using some JS. However, it's not working as I would expect it to.

 

Here's the JS I've written:

 

 

  <script type="text/javascript">
    if(getURLParameter('un') != null && getURLParameter('pw') != null) {
      getElementById('loginPage:SiteTemplate:siteLogin:loginComponent:loginForm:username').value = getURLParameter('un');
      getElementById('loginPage:SiteTemplate:siteLogin:loginComponent:loginForm:password').value = getURLParameter('pw');
      alert('click click');
      getElementById('loginPage:SiteTemplate:siteLogin:loginComponent:loginForm:loginButton').click();
    } else {
      alert('no no');
    }
  </script>

 

 

The getURLParameter is a JS function located in a static resource which seems to work fine. The script above is placed in the SiteLogin Page at the very bottom - just above the tag </apex:page> which is the final tag on that page.

 

When looking in the component SiteLogin the username and password fields have id "username" and "password". However, when looking at the source code of the final page it seems the IDs are the ones you see in my JS above.

 

Any ideas on how to fix the above so that I'm actually being logged in is much appreciated.

 

Thanks.

 

/Søren Nødskov Hansen

Pradeep_NavatarPradeep_Navatar

If you are using Site.login(Email, Passwd, showpage), then in this case you have to write forceSSL = true with <apex:form forceSSL="true">. There is no need to check any checkbox in remote site setting.

sh-at-youseesh-at-yousee

Thanks for your input, Predeep.

 

I already have forceSSL=true in my form. However, my problem is not when people are using that form - that works fine.

 

The issue is, that when username and password has been provided in the request (i.e. as parameters in the URL) like so:

 

http://myportal.mydomain.com/SiteLogin?un=myusername&pw=mypassword

 

Then, in the constructor for the SiteLoginController, I have code that fetches the username and password from the URL and calls another method in the controller named siteLogin. The siteLogin method simply calls Site.login(username, password, startUrl) and returns a PageReference.

 

So, basically, the form is never used in the use case above. Which is probably why I get that error message and I'm now looking for a way to get around that error message.

 

/Søren Nødskov Hansen

sh-at-youseesh-at-yousee

Is there no one who can help me with this?

 

Basically, I guess you could boil my question down to if it is possible to set forceSSL=true within the controller using Apex instead of in the form in the VisualForce Page?

 

Thanks.

 

/Søren Nødskov Hansen

sh-at-youseesh-at-yousee

Problem solved so I figured I'd post an update in case someone was looking at implementing a similar solution.

 

The solution actually was right there in front of me for a long time - it just needed a tiny bit of adjustment here and there.

 

When I realized that it wasn't possible to set forceSSL in the controller using Apex I turned to using JavaScript in the VF Page. Not the most elegant solution but it works.

 

Anyway, I created some JS for fetching URL parameters and added the following JS to the very bottom of my VF Page (just before the </apex:page> tag):

 

 

<script type="text/javascript">
var un = getURLParameter('un');
var pw = getURLParameter('pw');
if(un != null && pw != null) {
document.getElementById('loginPage:SiteTemplate:loginForm:username').value = un;
document.getElementById('loginPage:SiteTemplate:loginForm:password').value = pw;
document.getElementById('loginPage:SiteTemplate:loginForm:loginButton').click();
}
</script>

 

The method getURLParameter( String ) is the JS used for fetching URL GET request parameters. I've put that in separate file and stored it as a Static Resource in my org.

 

The original layout of the SiteLogin Page included the use of a separate component which had the actual login form. That posed some issues when accessing the form fields using JS so I ended up putting it into one VF Page whch solved the problem for me. However, that might not be an issue but just me (or my code).

 

One final note. Use button click() and not form submit() in your JS - submitting the form didn't work for me but clicking the button works like a charm.

 

/Søren Nødskov Hansen

 

This was selected as the best answer
newto_salesforcenewto_salesforce

Hi,

 

I have an issue with sitelogin page. After creating a new site and assigning Active Site Home Page=SiteLogin. After this I have tried to create couple of new users by using Manage Users option. I have made my site Enabled for Customer Portal. When I click on my new site URL and give the user credentials and hit submit button I am getting an error "Error:Your login attempt has failed. Make sure the username and password are correct".

 

Can you please help me in solving my problem.

 

Thanks

Prashanth