+ Start a Discussion

Apex Login from external web site

Hi,  I think I missing somthing basic(hopefully) and could use some help or suggestions.
I have a Custom Tab that links to my web site, I am passing a query string with the APEX API's Url, UserId, UserName, and SessionId.  (e.g. http://test.mysite.net/home.aspx?url={!API.Enterprise_Server_URL_90}&id={!User.Id}&username{!User.Username}&sessionid={!API.Session_ID}&Susername={!User.xxxUserName__c}&Spassword={!User.xxxPassword__c}   I want to call back into the APEX API from the web site to fetch and update SF data.
Issue: The {!User.Username} is null, why?  I don't really need it, I don't think (read on)
Problem:  I'd like to 'use' the logged in user's SF creditials.  I thought the {!API.Session_ID} was my ticket, but when I call SforceApi90.query("SELECT ...") I receive the error: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session 
Do I have to log back into SF to use APEX API from my web site?   If so, how do I log in with my customer's login credentials, not my user credentials?  If my customer is has already logged into SF, isn't there way to 'use' those SF login credentials to call the APEX API?  Or, is there a way to create a SessionHeader with the SessionID?
... never mind :)  I found it.
//Change the binding to the new endpoint
SforceApi90.Url = SFurl;

//Create a new session header object and set the session id to that returned by the login
SforceApi90.SessionHeaderValue = new SforceApi90.SessionHeader();
SforceApi90.SessionHeaderValue.sessionId = SFsessionId;
GetUserInfoResult userInfo = SforceApi90.getUserInfo();

//Get a list of contacts
List<Contact> contacts = new List<Contact>();
QueryResult qr = SforceApi90.query("Select Name, FirstName, LastName, Email from Contact");