+ Start a Discussion
Mahesh Babu 3Mahesh Babu 3 

Encryption and Decryption for username and password

Hi All,

I have tried to pass user name and password for community site url, is look like the below.

https://Companyname-developer-edition.ap1.force.com/Support/login?un=+testuser@mm.com+&pw=+demo123@+&startURL=/apex/PartnerLandingPage

This is working fine but i want to encrypt the username and password while passing in url for security reasons and also want to decript username and password in salesforce side

In my site URL i am using the standard page, is 'login'. is this possible to decrypt the username and password from 'login' page

Over all my requirement is, we have one link in html code (external system). Link contains the above url. User can able to login to community by clicking the link without enter the credentials (Custom SSO). In this we want to make the user name and password in the form of encrypt or hide.

Please give me any solutions or work arounds for this
Best Answer chosen by Mahesh Babu 3
logontokartiklogontokartik
If you are using standard SiteLogin Page, you have a controller "SiteLoginController" behind that can do the decryption for you, you can maybe use any standard encryption algorithms and decrypt them in your controller.  Please take a look at the below for reference, hope this helps.

https://developer.salesforce.com/page/Authenticating_Users_on_Force.com_Sites

All Answers

logontokartiklogontokartik
If you are using standard SiteLogin Page, you have a controller "SiteLoginController" behind that can do the decryption for you, you can maybe use any standard encryption algorithms and decrypt them in your controller.  Please take a look at the below for reference, hope this helps.

https://developer.salesforce.com/page/Authenticating_Users_on_Force.com_Sites
This was selected as the best answer
Mahesh Babu 3Mahesh Babu 3
Thanks for you reply Kartik,

1) Present Idea: Without Coding
Now i am not using SiteLogin page, why because we r trying to acheive the custom SSO (No need user manual login) and that is why i am using Login page to directly enter to community with out enter credentials

2) Previous Idea: With Coding
In Previous i have tried some code to login custom SSO, is in below

Pasted this link in browser, link contains the username and password::
https://Companyname-developer-edition.ap1.force.com/Support?Uname='testuser@mm.com' &pwd='demo123@'
In fist time Landing page will call and next redirect to login page (User can't able to see this automated redirect)

Landing Page:
<apex:page id="communitiesLandingPage" controller="CommunitiesLandingController" action="{!forwardToCustomAuthPage}" title="{!$Label.site.site_login}">
</apex:page>

Landing Controller:
public with sharing class CommunitiesLandingController {
    public CommunitiesLandingController() {}
    //This method is used for invoke on page load.
    public PageReference forwardToStartPage() {
        return Network.communitiesLanding();
    }
    //This method is used for redirect in to login page
    public PageReference forwardToCustomAuthPage() {
        String username = Apexpages.currentpage().getparameters().get('Uname');
        String password = Apexpages.currentpage().getparameters().get('Pwd');
        String returnurl = '/sampleforsitelogin?Uname='+username+'&Pwd='+password;
        if(Apexpages.currentpage().getparameters().get('Uname') != null || Apexpages.currentpage().getparameters().get('Pwd') != null){
            return new PageReference(Site.getPrefix()+returnurl);   
        }
        else
        return new PageReference(Site.getPrefix()+'/sampleforsitelogin');
    }
}

Login Page:
<apex:page controller="sampleforsitelogincls" action="{!login}">
    <Apex:form >
        <apex:commandButton value="login" action="{!login}"/>
    </Apex:form>
</apex:page>
Login Controller:
global with sharing class sampleforsitelogincls {
    global static PageReference login() {
        String Username = Apexpages.currentPage().getParameters().get('Uname');
        String Password = Apexpages.currentPage().getParameters().get('Pwd');
        String startUrl = '/apex/CommunityHomePage';
        if(Apexpages.currentpage().getparameters().get('Uname') != null || Apexpages.currentpage().getparameters().get('Pwd') != null){            
            return Site.login(Username,Password,startUrl); 
        }
        else{
            return Site.login('testuser@sfdc.com','testpass@',startUrl);               
        }
    }       
}


If this code will work then i can try for decryption procedure, but i am getting problem with Site.login method. 
In login page my url look like: 
https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname='testuser@mm.com' &pwd='demo123@'
After execut the Site.Login methos the start URL will add to last place of above url is look like below
https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname='testuser@mm.com' &pwd='demo123@'/apex/CommunityHomePage  //this is Problem in this IDEA or procedure

Please give any solution for this problem, if this can acheive then i will go for encryption and decryption in this class

logontokartiklogontokartik
Can you try using the below for startUrl and see if it works. I am kind of confused when you say custom SSO, but try this and see if it works.

String startUrl = Page.CommunityHomePage.getUrl(); // This should give you URL for the Community home page


if(Apexpages.currentpage().getparameters().get('Uname') != null || Apexpages.currentpage().getparameters().get('Pwd') != null){           
            return Site.login(Username,Password,startUrl);
        }
        else{
            return Site.login('testuser@sfdc.com','testpass@',startUrl);              
        }


Mahesh Babu 3Mahesh Babu 3
Hi Kartik,

I have tried, but not helpfull for my scenario,

Problem Area:
https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname='testuser@mm.com' &pwd='demo123@'
After execut the Site.Login methos the start URL will add to last place of above url is look like below
https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname='testuser@mm.com'&pwd='demo123@'/apex/CommunityHomePage  //this is Problem in this IDEA or procedure

Need solution for below steps:
first fetch the username and password from first url
Next hide or remove the username and password from first url then after execute the Site.login() method

My problem is in second URL (Username and password place in between the community label and community home page)
Mahesh Babu 3Mahesh Babu 3
Hi Kartik,

My problem has solved with custom sitelogincontroller instead of login,

Old URL:: https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname='testuser@mm.com'&pwd='demo123@'/apex/CommunityHomePage

Updated URL:: https://Companyname-developer-edition.ap1.force.com/Support/sampleforsitelogin?Uname=+testuser@mm.com+&pwd=+demo123@+/apex/CommunityHomePage