function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Patrick ThaiPatrick Thai 

Confirm login and password within salesforce - Salesforce whitelist

In some part of our salesforce app, we require the user to confirm his password. We create a VF component that would call the following login() method (I think we pick this code from the web):
public static String buildSoapLogin(String username, String password){
        XmlStreamWriter w = new XmlStreamWriter();
        w.writeStartElement('', 'login', 'urn:partner.soap.sforce.com');
        w.writeNamespace('', 'urn:partner.soap.sforce.com');
        w.writeStartElement('', 'username', 'urn:partner.soap.sforce.com');
        w.writeCharacters(username);
        w.writeEndElement();
        w.writeStartElement('', 'password', 'urn:partner.soap.sforce.com');
        w.writeCharacters(password);
        w.writeEndElement();
        w.writeEndElement();
        String xmlOutput ='<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body>'
                    + w.getXmlString()
                    + '</Body></Envelope>';
        return xmlOutput;
    }
    
    public static Boolean login(String password) {
        HttpRequest request = new HttpRequest();
        String loginServer = (URL.getSalesforceBaseUrl().getHost().contains('cs') ? 'test' : 'login');
        request.setEndpoint('https://' + loginServer + '.salesforce.com/services/Soap/u/22.0');
        request.setMethod('POST');
        request.setHeader('Content-Type', 'text/xml;charset=UTF-8');
        request.setHeader('SOAPAction', '""');
        request.setBody(buildSoapLogin(UserInfo.getUserName(),password));
        
        if(Test.isRunningTest()) {
            if(password == 'password')
                return true;
            else
                return false;
        } else {
            return (new Http()).send(request).getBodyDocument().getRootElement()
              .getChildElement('Body','http://schemas.xmlsoap.org/soap/envelope/')
              .getChildElement('loginResponse','urn:partner.soap.sforce.com') != null;
        }
    }

To avoid needing the security token, we whitelisted all the ARIN, RIPE, APNIC IP addresses in the Network Access setup as described o, this Knowledge Article. But login may still fail. When checking the User login History we can read the following:
  • 2/3/2017 10:08:16 AM CET    Salesforce.com IP    Other Apex API    Failed: API security token required    N/A    test.salesforce.com
  • 2/3/2017 10:05:16 AM CET    136.146.210.252    Other Apex API    Success    N/A    test.salesforce.com    United States
The second IP addresse is part of the ARIN address ranges, so the login is succesful. But we don't know why the "Salesforce.com IP" case fails and we don't have any mean to know what is the actual IP address behind this label. Is there a hidden list of salesforce IP addresses?

 
Akshay Deshmukh1Akshay Deshmukh1
Hi Patrick,

Have you added IP range to user's profile? There is a related list on every profile called - "Login IP Ranges". Try adding whitelisted IP address overthere. It should solve your problem and it should not ask you security token. Let me know what happens.

Thanks,
Akshay
 
Patrick ThaiPatrick Thai
Hello Akshay,

Thanks for the reply. This related list is actually meant to define IP adresses from which the user with is allowed to log in (mostly for call centers). If I try to add a salesforce IP address, I get the message "The list of IP Ranges do not cover your current IP address ([X.X.X.X]). If you save this range, users with this profile will not be able to log in from your current IP address."

Users should still be able to connect from anywhere.