- Salesforce Platform App Builder Certification Handbook
- Siddhesh Kabe
- 467字
- 2021-07-16 11:21:38
Authentication on Force.com
We can log in to Force.com from any standard web browser or third-party application. As a security measure, Salesforce tries to prevent unauthorized access to your account as it requires verification whenever you log in from a new IP address. The user is authenticated using the username, password, and the IP address of the system. The IP address where account is created is automatically white-listed for the user:
Every time the user logs in from a separate IP address, the application verifies the IP by sending an e-mail to the registered e-mail address in the personal profile. Alternatively, the system administrator can enable access by setting the trusted IP ranges. Users who log in from the white-listed IP ranges are not asked to validate their IP address or the security token.
Tip
The Force.com username is in the format of an e-mail address: xyz@abc.com; the username is unique across the global organization of Salesforce. If you already have a developer organization with abc@hotmail.com, you won't be able to create another one in with the same username. You can give a separate username (someone@something.com) and a valid e-mail (abc@hotmail.com) in this case.
Exercise – adding trusted IP addresses
Use the following steps to whitelist an IP address:
- Go to Setup | Administer | Security Controls | Network Access.
- Add your IP address to Trusted IP Ranges, as shown in the following screenshot:
If you are within a LAN network of your office, university, and so on, the IP address given by the ipconfig command in DOS will give you the internal network-specific IP. This IP address is not seen by Force.com; you need the public domain IP address to whitelist the address. To find your public domain IP address, you can visit http://www.whatismyip.com.
Whitelisting the IP address has its own pros and cons; the main benefit is that when logging in via the API, such as with Data Loader or the Force.com IDE, you aren't challenged to provide the security token. The disadvantage is that the security token challenge and IP address verification challenge are not enforced, thus lowering the security threshold of a malicious login attempt.
When you log in to Force.com from a third-party tool, such as the Force.com IDE, Outlook Edition, Data Loader, or the API, you need an additional security token along with a username and password. Every login user gets a security token tied to the password. We need to reset the security token the first time. It is automatically reset whenever the password is changed.
Exercise – resetting security tokens
Reset your security token in the new org.
To reset your security token, navigate to Your Name | My Settings | Personal | Reset My Security Token, as shown in the following screenshot, and click on Reset Security Token:
- Instant Testing with CasperJS
- Visual C++程序設計學習筆記
- Java 開發從入門到精通(第2版)
- Linux C/C++服務器開發實踐
- Learning Data Mining with Python
- INSTANT Weka How-to
- Animate CC二維動畫設計與制作(微課版)
- Instant QlikView 11 Application Development
- SQL Server 2016數據庫應用與開發習題解答與上機指導
- HTML5+CSS3網頁設計
- C#程序設計
- Elasticsearch Essentials
- 百萬在線:大型游戲服務端開發
- H5頁面設計與制作(全彩慕課版·第2版)
- 開源網絡地圖可視化:基于Leaflet的在線地圖開發