salesforce.com中的密钥验证
[英]Secret key authentication in salesforce.com
问题描述
Is there a good way to do secret key authentication for http queries from a salesforce app to my own web server? 
有什么好方法可以对从Salesforce应用到我自己的Web服务器的http查询进行密钥身份验证? In other words, I'd like to give each company that installs our application their own secret key. 换句话说,我想给每个安装我们的应用程序的公司自己的密钥。 Then each http call the app makes to our server (whether json or just a link to a hosted iframe) would look something like this: 然后,应用程序对我们的服务器进行的每个http调用(无论是json还是只是指向托管iframe的链接)都将如下所示:
groupid = groupid
param1 = value1
param2 = value2
signParam = signValue
Where signValue = md5("groupid=groupid,param1=value1,param2=value2,secretKey" 其中signValue = md5("groupid=groupid,param1=value1,param2=value2,secretKey"
Then when I receive the query, I calculate the signature as well to make sure it matches before I perform any actions on our web server. 然后,当我收到查询时,我还要计算签名以确保在我对Web服务器执行任何操作之前匹配它。 The problem is, I don't see how I can assign and store the secret key for each company that installs our app (that is, have them store the secret key in their installation). 问题是,我看不到如何为安装我们的应用程序的每个公司分配和存储密钥(也就是说,让他们在安装过程中存储密钥)。
Is there a good way to do this that I'm missing? 有没有一种好的方法可以做到这一点,我很想念? And if this isn't possible in salesforce, how else do you authenticate web queries before you perform actions in your own server? 如果在salesforce中无法做到这一点,那么在自己的服务器中执行操作之前,如何验证Web查询呢?
1 个解决方案
解决方案1
3 2009-05-13 16:24:43
Rather than trying to track it on the salesforce side, have the salesforce side send the users sessionId to your webservice, you can then use the API to validate that sessionId get details about the user, and check locally that the particular user/organization is licensed. 无需尝试在salesforce端对其进行跟踪,而是让Salesforce端将用户sessionId发送到您的Web服务,然后可以使用API验证sessionId获取有关用户的详细信息,并在本地检查特定用户/组织是否已获得许可。 There's some articles on the developerforce wiki about using this approach. developerforce Wiki上有一些有关使用这种方法的文章。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.