We're having the following situation:
a web site requires the user to log on (let's call the site NPP)
after the user logon, some links on the site open in new browser windows (let's call the links ECR-s)
an application uses a WebBrowser control to browse the site; if a logon is needed, the application simulates the user logon
if the user clicks on an ECR link, a new browser window opens, but instead of displaying the content, it displays the site login page.
How can we make the browser automatically login to the NPP site in that scenario?
The answer came from a guy on MSDN forums (RudeDog2).
I've used the information from
http://support.microsoft.com/kb/815714 and http://blogs.artinsoft.net/mrojas/archive/2008/09/18/newwindow2-events-in-the-c-webbrowsercontrol.aspx to implement the solution: now the new browser windows open in the same process and, consequently, they inherit the in-memory session cookie.
One caveat, though: the application must be built x86 (and not 'Any CPU'); if built 'Any CPU', either PDF files are not open in-browser, either 'invalid image' exceptions are raised.
Related
I have a little bit of problem with the authentication on Sitecore website. Basically there is a button on the navbar, and when user clicks on the button, it redirects the same user to Salesforce to log in (Implementation of SSO). Basically I am using Salesforce as a identity provider and Sitecore Website as a service provider. Now I have a question? When user is logged, how can I get the ID of that user.
Do users in Sitecore User Manager have the same ID as the users in Salesforce, or I can just get a email to identify the user?
P.S: Sorry if this is a really stupid question, but I am a begineer when it comes to making Sitecore websites and the SAML SSO. Thank you in advance
Stop with the Sitecore and Salesforce for a second, you'll need to cover some basics and click through the login process manually before you automate it.
You probably are using a "connected app" in Salesforce that includes OAuth2 config (consumer key also known as client id; a secret; a list of scopes telling what this app is allowed to do on behalf of this SF user; a list of allowed urls that can login using this consumer key and secret. Etc.) It might even have something about Canvas Apps at bottom of the page.
Next would be - who's logging in. A core Salesforce user or do you have Partner Community, Customer Community (recently rebranded to "Digital Experiences").
Open incognito window and go to https://openidconnect.herokuapp.com/
For login host leave as is if you have production user or test.salesforce.com if you go from sandbox (you can also use branded urls, mycompany--dev.my.salesforce.com etc). If you have a community user you'll have to change the url to whatever is the community base url, like https://dev-mycompany.cs123.force.com/mycommunity
Don't change anything else, click next, next, next. This will take you through OAuth2 "web server flow" (one of many ways to log in). You type the username/password to SF screen and go back to that herokuapp with "authorisation code". The app has few minutes to swap that code for actual final "access token" and couple other pieces of info. Final step in this wizard calls OpenId "userinfo" - returning some info about the user that logged in. That's where you could pull the email if needed (and if there are extra fields you'd like SF to return in this process that's configurable too)
Close that browser window. Check the "connected app" in SF. Open new incognito window, do same thing but this time put your url, consumer key and secret (you might have to edit the app in SF first to allow callbacks to https://openidconnect.herokuapp.com/callback).
So now you should have rough idea about whole login process. Your sitecore app probably does same thing, receives authorisation code and exchanges it for final token. At that point you have valid SF session ID you could use to call that "userinfo", run queries (if the app allowes API access, check the "scopes") etc.
I doubt the Sitecore developer created it all by hand, you probably have some Spring stuff like spring.security.oauth2.client... My Java days are long gone but if you get better at manual click-click-click through the flow you should be able to follow existing code?
It's a big topic and there are other ways to do it (other OAuth flows, sending info about the current user when you have external page embedded in SF as iframe, you'd need to read about "canvas apps")... but that's best guess based on info you provided. You might want to check some trailhead courses too like https://trailhead.salesforce.com/content/learn/projects/build-a-connected-app-for-api-integration/implement-the-oauth-20-web-server-authentication-flow
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm
https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm (Java but very hand-crafted raw HTTP, probably that Spring security is better)
While trying to use the query editor in developer console.
"SELECT ID FROM ACCOUNT"
It throws an erorr saying "This session is not valid for use with the REST API".
Any idea what excatly tthe issue here. Earlier it workerd fine.
The same problem when i click on "Open" dialog of developer console and select objects.
"CANNOT LOAD OBjects.This session is not valid for use with the REST API"
I ran into this same issue, where I could open Visualforce pages, Apex, etc but it would give me the error "This session is not valid for use with the REST API" any time I tried to use the Query Editor or create a new Trigger (which needs the object list) via the Developer Console. I tried every browser, flushing cookies, logging in as other users, etc with the same results.
I found that our org has API white listing enabled (https://help.salesforce.com/HTViewHelpDoc?id=security_control_client_access.htm&language=en_US) which blocks the API calls access unless explicitly granted.
From the Salesforce Documentation
"Contact Salesforce to enable API Client Whitelisting. After it’s enabled, all client access is restricted until explicitly allowed by the administrator. This restriction might block access to applications that your users are already using. Before you enable this feature, you should configure and approve connected apps for any client applications you want users to continue using, or give the users a profile or permission set with “Use Any API Client” enabled."
So adding the "Use Any API Client" permission set to your user profile should fix the issue.
To do this via a Permission Set, you can go to Setup > Users > Permission Sets and create a new one. Add a System Permission of 'Use Any API Client'.
There may be a way to enable API access for the Developer Console via whitelisting or the app settings but I was not able to easily find a way. You would definitely want to test whatever functionality you are creating with a user that does not have that permission enabled.
This is happening because of connected app is not configured correctly.
On 'API (Enable OAuth Settings)' panel, move 'Access and manage your data (api)' option from left to right of Selected OAuth Scopes field and then save the setting.
Wait for few minute and then try. It should work.
Looks like just the session is expired. Did you try to close developer console, relogin to your SF sandbox and open developer console again?
Create a Permission Set, and add a System Permission of 'Use Any API Client'.
And associate this permission set to users. It will solve the problem.
i m sunil i have created a application that is written in visual studio in C language that i installed in my system , so it run as service .. but i want to put restriction to stop the service by popup a UI credential box , to stop seervice you need to fill the user name and password only then u can stop the services.. but the box is comming in back ground . so i am not able to see that popup box.i am using windows API ..CredUIPromptForCredentials().
can u please suggest that how to take that UI popUP in front so that user could able to pass the credentials. or any other API.
Thanks,
Sunil
you can check in which session the popup is running from the Taskbar. If it's in session 0 (the default session for system services)then you won't be able to see it. To get the UI in front you need run the popup with current desktop's loggedon user's session.
Read this article how you can invoke the process as user http://odetocode.com/blogs/scott/archive/2004/10/29/createprocessasuser.aspx
The code is in c# but you'll get the idea how it works.
I have a problem on my silverlight application.
I login in my application using my ID (assume x) (using Internet explore 8),
so assume i can see some reports which is releated to my ID.
Without closing the above browser in another Internet explore 8 in the same machine i am login into the
same application using another ID(assume y), so now i can see 2nd set of reports which is related to this ID.
Now If i refresh the report page of the first browser which is got logged with the ID (x), I am seeing the (y)
userid's report not the earlier.
How to fix this?
Thanks
In internet explorer choose "New Session" from the "File" menu. This will create a new IExplore.exe process tree which manages its own set of session level cookies. This should allow you to maintain two separate logins at the same time.
Sounds like you are using the ASP membership provider... if so that is limited to 1 session per browser/user on the same PC (same limitation if it was a web app).
Why are you trying to login 2 different users from the same machine? If it is for testing you can probably open two different browsers (IE and FireFox?) and get two session that way.
Update (based on comments below):
Option A. As you need multiple user logins on the same machine in the same browser type, you cannot use the asp membership provider and will have to replace that provider with a Silverlight-specific credential/login system.
Option B. The alternative is to change your application to allow selection of client from within the app (this would be my choice as you are misusing users as a convenience).
I'm building a silverlight applicate thats quite big, it also requires users to login. I'm trying to work how to show a login form (username & password) before the rest of the silverlight application is loaded. So the user will see username & password which they can start entering there information, while the rest of the application is downloaded. Can anyone provide info or examples of how to achieve this ?
The best way to do this is with the Javascript API for Silverlight because you can't use managed code until the XAP file has loaded. Here's the example from Microsoft: http://msdn.microsoft.com/en-us/library/cc903962(VS.95).aspx
As gabe points out you might be able to use the Javascript API to display a login screen as part of the standard splash screen operation in Silverlight. However I wouldn't recommend it. What happens if the user doesn't enter their details before the XAP has loaded?
I must admit I wonder whether this is really necessary. If you configure cache headers correctly on the XAP then subsequent visits to your application will should not have any significant download time.
Additionally if you use application library caching you can reduce the size of the XAP so that updates to the XAP will result in smaller downloads for existing clients.
Hence only first time users (or users that have cleared their cache or are returning after a long period) will see the splash screen for any extended period of time.