+ Start a Discussion
R SchraderR Schrader 

Using a login() callout for a session ID and an iframe

A customer would like to expose a single custom Visualforce page built on a Site in an iframe on their own website. To access the data they wish to expose requires the end User to be an authenticated Portal user.

 

They would like to have the log in component be a part of the parent frame which is supported by ASP.NET and C#. They do NOT want to log in inside the iframe.

 

I understand how the SOAP call goes out to the SFDC login server and gets the endpoint and sessionId with the Portal Users credentials.

 

My question is in two parts:

 

1. How to construct the src attribute of the iframe tag in the parent frame. My guess is something like this:

 

http://companyName.na#.force.com/apex/pageName?sid=mySessionVar

 

2. Is using the SessionID exposing my customer to any uneccessary security risks?

LVSLVS
Have you considered using SSO or Connected Apps instead of using the login() method? It is typically used for logins by other systems/interfaces.

~LVS