- Salesforce Platform App Builder Certification Handbook
- Siddhesh Kabe
- 467字
- 2021-07-16 11:21:38
Authentication on Force.com
We can log in to Force.com from any standard web browser or third-party application. As a security measure, Salesforce tries to prevent unauthorized access to your account as it requires verification whenever you log in from a new IP address. The user is authenticated using the username, password, and the IP address of the system. The IP address where account is created is automatically white-listed for the user:
Every time the user logs in from a separate IP address, the application verifies the IP by sending an e-mail to the registered e-mail address in the personal profile. Alternatively, the system administrator can enable access by setting the trusted IP ranges. Users who log in from the white-listed IP ranges are not asked to validate their IP address or the security token.
Tip
The Force.com username is in the format of an e-mail address: xyz@abc.com; the username is unique across the global organization of Salesforce. If you already have a developer organization with abc@hotmail.com, you won't be able to create another one in with the same username. You can give a separate username (someone@something.com) and a valid e-mail (abc@hotmail.com) in this case.
Exercise – adding trusted IP addresses
Use the following steps to whitelist an IP address:
- Go to Setup | Administer | Security Controls | Network Access.
- Add your IP address to Trusted IP Ranges, as shown in the following screenshot:
If you are within a LAN network of your office, university, and so on, the IP address given by the ipconfig command in DOS will give you the internal network-specific IP. This IP address is not seen by Force.com; you need the public domain IP address to whitelist the address. To find your public domain IP address, you can visit http://www.whatismyip.com.
Whitelisting the IP address has its own pros and cons; the main benefit is that when logging in via the API, such as with Data Loader or the Force.com IDE, you aren't challenged to provide the security token. The disadvantage is that the security token challenge and IP address verification challenge are not enforced, thus lowering the security threshold of a malicious login attempt.
When you log in to Force.com from a third-party tool, such as the Force.com IDE, Outlook Edition, Data Loader, or the API, you need an additional security token along with a username and password. Every login user gets a security token tied to the password. We need to reset the security token the first time. It is automatically reset whenever the password is changed.
Exercise – resetting security tokens
Reset your security token in the new org.
To reset your security token, navigate to Your Name | My Settings | Personal | Reset My Security Token, as shown in the following screenshot, and click on Reset Security Token:
- 案例式C語(yǔ)言程序設(shè)計(jì)
- 零基礎(chǔ)學(xué)C++程序設(shè)計(jì)
- 密碼學(xué)原理與Java實(shí)現(xiàn)
- 控糖控脂健康餐
- Ext JS Data-driven Application Design
- PySide GUI Application Development(Second Edition)
- C語(yǔ)言課程設(shè)計(jì)
- C語(yǔ)言程序設(shè)計(jì)
- Web Development with MongoDB and Node(Third Edition)
- Access 2010數(shù)據(jù)庫(kù)應(yīng)用技術(shù)(第2版)
- 網(wǎng)絡(luò)數(shù)據(jù)采集技術(shù):Java網(wǎng)絡(luò)爬蟲(chóng)實(shí)戰(zhàn)
- Visual C++程序設(shè)計(jì)與項(xiàng)目實(shí)踐
- Python預(yù)測(cè)分析與機(jī)器學(xué)習(xí)
- Elasticsearch Blueprints
- MongoDB Cookbook