• Partha
  • 0 Points
  • Member since 2004

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
  • 0



I am integrating salesforce.com site with my AD using delegated authentication. I have created the web service and deployed in DMZ. I have configured salesforce.com to use my web service for authentication. Everything works fine now. My concern is about the security for the web service itself. How can I restrict the web service to be accessed only by salesforce.com. What are the best practice to implement security for this web service?



  • April 21, 2010
  • Like
  • 0



I am trying to implement delegated authentication for my salesforce account. I downloaded the sample code and started based on it. Below is what I have done so far.


1. I have contacted support  and activated delegated authentication for my test site

2. I created user@domain.com (not really the one that I created :-) ) and enabled delegated authentication for the profile.

3. I created a page gotosfdc.aspx (asp.net 2.0) that posts username and token to test.salesforce.com site. Please find the code below (hardcoded username and password for testing and removed all other logics)

<form  name="sfdc" runat="server" id="sfdc" action="test.asp">
<input type="hidden" name="un" runat="server" id="un" value='user@domain.com'/>
<input type="hidden" name="pw" runat="server" id="password" value='test'/>
<input type="hidden" name="startURL" runat="server" id="startURL"/>
<input type="hidden" name="logoutURL" runat="server" id="logoutURL"/>
<input type="hidden" name="ssoStartPage" runat="server" id="ssoStartPage"/>
<input type="hidden" name="jse" value="0"/>
<input type="hidden" name="rememberUn" value="1"/>
<script language="Javascript1.2">
   document.sfdc.jse.value = 1;


4. I created the web service (asp.net 2.0) that returns true when Authenticate method is called


 namespace samples.sforce.com
    /// <summary>
    /// This is about the simpliest implemention of the sforce authentication service you can write
    /// It simply trys to connect to your Active Directory server using the passed in credentials
    /// If there's a bad username/password combo it throws an exception and we return false
    /// otherwise the credentials are ok and we return true.
    /// Note that DirectoryEntry might not goto AD until we do something that actually requires it
    /// that's why we read a property from the created DirectoryEntry object.
    /// </summary>
    [System.Web.Services.WebService(Namespace = "http://microsoft.com/webservices/")]
    public class Service : System.Web.Services.WebService
                RequestNamespace = "urn:authentication.soap.sforce.com",
                ResponseElementName = "AuthenticateResult",
                ResponseNamespace = "urn:authentication.soap.sforce.com",
                Use = System.Web.Services.Description.SoapBindingUse.Literal,
                ParameterStyle = System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
        [return: System.Xml.Serialization.XmlElementAttribute("Authenticated")]
        public bool Authenticate(string username,
string password,
string sourceIp,
[System.Xml.Serialization.XmlAnyElementAttribute()] System.Xml.XmlElement[] Any)
            return true;


5. I enabled delegated authentication in the site and provided proper URL of web service. Web service is in internet.


I confirmed that my account is integrated with my web service. When I open test.salesforce.com and login with user@domain.com with any password, I am able to login to the site. So that part is fine


Now let me describe my issue.


When I open gotosfdc.aspx page it opens login page of test.salesforce.com site. It does not automatically login the user. No request is received by my web service.


Can any one let me know what could be the issue?


Thanks in advance

  • January 13, 2010
  • Like
  • 0