Sign Up ›
  • AngryBinary
  • NEWBIE
  • 5 Points
  • Member since 2006
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 3
    Questions
  • 3
    Replies
1 replies

SalesForce security enhancements

I'm hoping someone at SF can answer me this...
 
When SalesForce deploys their security enhancements, how will this impact third party apps that use session tokens acquired from the SalesForce site? Will our trusted IP ranges have to include our web server IP from which we serve any custom tabs, or will a valid session token always be valid irrespective of the IP that it is posted from?
 
Thanks
 
- Randall
0 replies

ActiveX / .NET

So, I've just developed a control in VS.NET. The original intention was to develop an ActiveX control, but upon discovering that ActiveX wasn't part of the new MS universe, I had hoped this would provide a viable alternative. And, to some degree, it has. However, there's one significant difference relating to security.
 
In order for users to use the .NET DLL control, they have to download and install a security policy file, and then restart their browser. I was really hoping I could get away with the old ActiveX "yellow bar" scheme that everyone has become familiar with. Is it possible to get that same behavior from a .NET control? Is the real deal ActiveX still possible in .NET? (I don't mind making some fundamental changes, I just don't know where to begin)
1 replies

Permissions in .NET Assembly

I'm having difficulty using a .NET control to access the API. The idea I've gotten so far is that a .NET control needs to explicitly request permission to do things like make cross-domain requests. The problem is, I haven't the foggiest idea how that is done. I've tried both creating an assembly level permissions declaration and creating/asserting a WebPermission object, here's what each looked like:
 
Imports DSGSalesForce.SalesForce
Imports System.Security.Permissions
Imports System.Net.WebPermission

<Assembly: System.Net.WebPermission(SecurityAction.RequestMinimum, Unrestricted:=True)> 
Public Class TelesalesForm : Implements ITelesalesForm
    Public m_colCampaigns As Collection
    Public DAO As New DataAccess
...
    Public WriteOnly Property SessionId() As String Implements ITelesalesForm.SessionId
        Set(ByVal value As String)
            DAO.Connect(value)
            m_colCampaigns = DAO.GetCampaignList()
        End Set
    End Property
...
End Class

 
Code:
Imports DSGSalesForce.SalesForce
Imports System.Security.Permissions
Imports System.Net.WebPermission

Public Class TelesalesForm : Implements ITelesalesForm
    Public m_colCampaigns As Collection
    Public DAO As New DataAccess
    Public urlRegEx As System.Text.RegularExpressions.Regex = New System.Text.RegularExpressions.Regex("http://www.salesforce.com/.*|http://na1-api.salesforce.com/.*")
    Public permissions As System.Net.WebPermission = New System.Net.WebPermission(Net.NetworkAccess.Connect, urlRegEx)
...
    Public WriteOnly Property SessionId() As String Implements ITelesalesForm.SessionId
        Set(ByVal value As String)
            permissions.Assert()
            DAO.Connect(value)
            m_colCampaigns = DAO.GetCampaignCollection()
        End Set
    End Property
...
End Class
 
The DAO.Connect method looks like:
Code:
    Public Sub Connect(ByVal sessionId As String) _
    Implements IDataAccess.Connect
        Dim oUserInfo As GetUserInfoResult
        Sf.SessionHeaderValue = New SessionHeader()
        Sf.SessionHeaderValue.sessionId = sessionId
        oUserInfo = Sf.getUserInfo()
        m_UserInfo.Id = oUserInfo.userId
        m_UserInfo.Name = oUserInfo.userFullName
    End Sub

 Both methods yield the same result, an error that is return via the javascript call to the SessionId property "Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0 ..." etc. As far as I can tell, this error is occuring at the call to "DAO.Connect" that occurs at the point when I try to set the sessionId via JavaScript.
To give a little more info, the VB project is a web control library, and the control class is a user control. The control's DLL and containing HTML page reside on a local IIS server, which is loaded in a frame from the SalesForce UI. The sessionId is passed via a query string and assigned to the control object. If I do not attempt to set this property and hit the web service, the control doesn't throw any other complaints. I'm new to web controls, and haven't very much experience with IIS either. Any help would be greatly appreciated!
 
--Randall
1 replies

Permissions in .NET Assembly

I'm having difficulty using a .NET control to access the API. The idea I've gotten so far is that a .NET control needs to explicitly request permission to do things like make cross-domain requests. The problem is, I haven't the foggiest idea how that is done. I've tried both creating an assembly level permissions declaration and creating/asserting a WebPermission object, here's what each looked like:
 
Imports DSGSalesForce.SalesForce
Imports System.Security.Permissions
Imports System.Net.WebPermission

<Assembly: System.Net.WebPermission(SecurityAction.RequestMinimum, Unrestricted:=True)> 
Public Class TelesalesForm : Implements ITelesalesForm
    Public m_colCampaigns As Collection
    Public DAO As New DataAccess
...
    Public WriteOnly Property SessionId() As String Implements ITelesalesForm.SessionId
        Set(ByVal value As String)
            DAO.Connect(value)
            m_colCampaigns = DAO.GetCampaignList()
        End Set
    End Property
...
End Class

 
Code:
Imports DSGSalesForce.SalesForce
Imports System.Security.Permissions
Imports System.Net.WebPermission

Public Class TelesalesForm : Implements ITelesalesForm
    Public m_colCampaigns As Collection
    Public DAO As New DataAccess
    Public urlRegEx As System.Text.RegularExpressions.Regex = New System.Text.RegularExpressions.Regex("http://www.salesforce.com/.*|http://na1-api.salesforce.com/.*")
    Public permissions As System.Net.WebPermission = New System.Net.WebPermission(Net.NetworkAccess.Connect, urlRegEx)
...
    Public WriteOnly Property SessionId() As String Implements ITelesalesForm.SessionId
        Set(ByVal value As String)
            permissions.Assert()
            DAO.Connect(value)
            m_colCampaigns = DAO.GetCampaignCollection()
        End Set
    End Property
...
End Class
 
The DAO.Connect method looks like:
Code:
    Public Sub Connect(ByVal sessionId As String) _
    Implements IDataAccess.Connect
        Dim oUserInfo As GetUserInfoResult
        Sf.SessionHeaderValue = New SessionHeader()
        Sf.SessionHeaderValue.sessionId = sessionId
        oUserInfo = Sf.getUserInfo()
        m_UserInfo.Id = oUserInfo.userId
        m_UserInfo.Name = oUserInfo.userFullName
    End Sub

 Both methods yield the same result, an error that is return via the javascript call to the SessionId property "Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0 ..." etc. As far as I can tell, this error is occuring at the call to "DAO.Connect" that occurs at the point when I try to set the sessionId via JavaScript.
To give a little more info, the VB project is a web control library, and the control class is a user control. The control's DLL and containing HTML page reside on a local IIS server, which is loaded in a frame from the SalesForce UI. The sessionId is passed via a query string and assigned to the control object. If I do not attempt to set this property and hit the web service, the control doesn't throw any other complaints. I'm new to web controls, and haven't very much experience with IIS either. Any help would be greatly appreciated!
 
--Randall
31 replies

System.Exception {System.FormatException}

I made this sforce.query() call...
 

m_queryArray = oSFDCQuery.ExecuteQuery("select Support_Code__c, Name, CreatedByID, CreatedDate, Amount__c, Asset_Typ__c from Asset_Activity_Log__C where AccountID__c = '00130000005CZLD' ", oLogin);

With the "CreatedDate" in the query receive the following error...

"String was not recognized as a valid DateTime." as my inner exception

The Full Stack trace is as follows....

at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)

at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)

at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

at SFDCLibrary.Sforce.SforceService.query(String queryString)

at SFDCLibrary.SFDCQuery.ExecuteQuery(String strQuery, cLogin oLogin)

at LicenceDetails.GetActivityLog() in s:\Projects\2005\AssetManager\LicenceDetails.aspx.cs:line 102

Now when i do not have "CreatedDate" everything works fine. And the query worked fine up until this morning when i made the following change. Thru SFDC setup i adjusted my custom object. I had  field i changed from numeric(7,0) to a text field.  I downloaded a new WSDL and deployed it.

Any ideas or suggestions to what i might have done wrong?