function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Mr. BeginnerMr. Beginner 

Site.Login() at custom webservice

Hi All,


I have created my first web-service which is supposed to check whether username/password are valid for customer portal user. No redirections are needed, just return something according the result. Here's my code:



webservice  static Auth validateLogin(String username, String password){
       Auth a = new Auth();
        String startUrl = '';
               startUrl += '?orgId=XXXXX&portalId=YYYYY&loginType=3';
               startUrl += '&startUrl=';
               startUrl += '&loginUrl=';
               startUrl += '&useSecure=true';
               startUrl += '&un=' + username;
               startUrl += '&pw='+ password;

     PageReference p = Site.login(username, password, startUrl);
      if (p == null){
          a.result = username+password+startUrl;
          a.result = password+username;
       return a;




I can login to my portal from the link in the startURL if I input it in my browser and use the 'normal' way, but somehow my pageReference p is always NULL. The object gets returned to my php code and I have double checked all my strings like 1000 times. Why does it let me in using the normal login form, but not with a webservice? Is it the path of startUrl?


Do you guys have any direction for me?


the documentation specifically says not to include http/https protocol in teh startUrl argument of site.login().  start with removing that.  i should also note that this feature wasn't designed to be exposed as a webservice, but rather via a visualforce page controller, so there may be security in place to prevent that.  start with implementing per the documentation, and see if that works.  if it doesn't, you may want to open a case with support.



Note:  Do not include
http:// or https:// in
the startURL.



also, you may want to just return a string instead of your class object.  the API doesn't do non-primitives too well when defining custom webservices, and since all you really need to return is a concatenated string, you should really just return a string.

Mr. BeginnerMr. Beginner

Thank you for the help, however this did not solve the problem. I opened a case with Support.


Maybe There's a way to call apex controller from the webservice, so I wouldnt need to use Site.login() inside the webservice itself?






Site.login() is designed to be used from a Site, from a controller on a Site page. It's not designed to be used in a webservice call.

You would generally create a controller, link to a public page, and somewhere in that controller have



Pagereference p = Site.login(un, pw [, startUrl] );



This should then perform the login action.


The startUrl should not have the un and pw inside, and generally I'd leave this out completely.


Also once the login action is performed, nothing else on that controller will execute, as the context then gets transferred to the newly logged-in user.


When you create a new Site, salesforce will create this login controller automatically as an example for you, so you should see how it works in a bit more detail if you create a new Site.


Hope this helps