function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Login error from remote app

I am logging in from a Flex app using the Flex/Air toolkit.  Last week I was getting a security sandbox violation and I have changed my endpoint to refer to a new place and now I am getting the following...

INVALID_LOGIN: Invalid username, password, security token; or user locked out.
<sf:LoginFault xsi:type="sf:LoginFault">
Invalid username, password, security token; or user locked out.

I have done all the obvious things like checking password and security token, but I cannot get in from my app - and neither can any of my users.

Anyone have any ideas?
One more piece of information, I can log in from the Apex Explorer 8 application using the same credentials, so I am not locked out.
Have you updated the wsdl?
Short answer, No.  In fact I never touch the wsdl as it is (presumably) wrapped up inside the Flex toolkit.

What I did do is make sure that I have the latest version of that toolkit.
Since I have no experience with the flex toolkit, I was just taking a shot. Sorry it didn't help.
Thanks for the thought
API Login requests must goto, if you know your specific instance ( etc), then you can send your login request there, but that'll only work for your login, so won't work for tools used by lots of different users.

What happens when you have your flex app send its request to ?
channel security error...

Api Server name =
_internalServerUrl =
set serverUrl: skip the policy file for sandboxType:remote and
login with creds
loading the policy file:
Your application must be running on a https server in order to use https to communicate with!
invoke login
intServerUrl is null
intServerUrl =
_invoke login
'752A96A9-C437-A22F-AAC0-1FE3DB157CA5' producer set destination to 'DefaultHTTPS'.
Method name is: login
'direct_http_channel' channel endpoint set to http://localhost/pm_server/pm/
'752A96A9-C437-A22F-AAC0-1FE3DB157CA5' producer sending message '9C77D321-52B6-46A2-C53C-1FE3DB152E56'
'direct_http_channel' channel sending message:
  body = "<se:Envelope xmlns:se=""><se:Header xmlns:sfns=""/><se:Body><login xmlns="" xmlns:ns1=""><username></username><password>***</password></login></se:Body></se:Envelope>"
  clientId = (null)
  contentType = "text/xml; charset=UTF-8"
  destination = "DefaultHTTPS"
  headers = (Object)#1
  httpHeaders = (Object)#2
    Accept = "text/xml"
    SOAPAction = """"
    X-Salesforce-No-500-SC = "true"
  messageId = "9C77D321-52B6-46A2-C53C-1FE3DB152E56"
  method = "POST"
  recordHeaders = false
  timestamp = 0
  timeToLive = 0
  url = ""
'752A96A9-C437-A22F-AAC0-1FE3DB157CA5' producer connected.
Method name is: login
Warning: Ignoring invalid <allow-access-from> tag for domain '' in policy file at

Warning: Ignoring invalid <allow-access-from> tag for domain '' in policy file at

Error: Ignoring policy file at due to meta-policy 'by-content-type'.

Error: Ignoring policy file at due to meta-policy 'by-content-type'.

*** Security Sandbox Violation ***
Connection to halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'752A96A9-C437-A22F-AAC0-1FE3DB157CA5' producer acknowledge of '9C77D321-52B6-46A2-C53C-1FE3DB152E56'.
'752A96A9-C437-A22F-AAC0-1FE3DB157CA5' producer fault for '9C77D321-52B6-46A2-C53C-1FE3DB152E56'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.

I've been speaking to Ron Hess and Dave Carroll at salesforce and there appears to be a bug.
from the log you posted it appears that the /services/crossdomain.xml policy file is being served with the wrong content-type from, i thought that had been fixed, i'll chase down what's going on with it today. Sorry for the ongoing troubles.
We just deployed a fix to to address the policy loading problems, sorry its taken so long to resolve this one. Please let me know if you're still having problems or not.
Thanks for the update, it does indeed appear to be fixed because I can successfully connect via www using the furryhappymonsters site.

I blogged about this issue here...

I'll post an update saying it has been resolved in case anyone follows that trail.