password protected WMS-service

12735
14
02-22-2011 01:55 AM
ArneDahlman
New Contributor III
We need to add a password protected WMS-service.
Any one know if this is possible?

I don't find anything on this in the API-documentation. Also, there is no 'Token' property in WmsLayer class.
0 Kudos
14 Replies
DanielWalton
Occasional Contributor
You'll probably have to download the source code for the WmsLayer from CodePlex and add the security features yourself.
0 Kudos
ArneDahlman
New Contributor III
Thank you for the suggestion. We will consider this as the last way to solve the problem.

Does anyone know if it's possible to get arund this problem by republish the service via ArcGisServer?
I mean, make a mxd, add the WMS as a layer, publish it on ArcGisServer.

If anyone from ESRI is following this:
I am working for a Swedish agency.
A number of Swedish agencies and authorities have an agreement of geodata exchange, in accordance with the EC-directive, Inspire. OGC standards, I belive, is a key strategy.
So I think this issue will soon be wery important.
0 Kudos
DanielWalton
Occasional Contributor
Actually adapting the WmsLayer class would probably be easier than some other (more elegant) solutions. I doubt that republishing via MXD will work, since that would effectively disable the security on the WMS (I'm not sure about this, though). There are a number of ways to accomplish what you're asking for, but I think the best way would be to use a single authorization and authentication method to access both the WMS and ArcGis data.

One possible way to to this is to create a proxy handler for the WMS which would handle the security requirements, and secure access to this proxy with your normal method.

We (the forum users) could help with some suggestions if you could post some information about how the WMS is secured (simple password sent in each request, token-based, etc.) and how your Silverlight viewer and ArcGis data are secured.
0 Kudos
DaveRabrun
New Contributor
I'm currently dealing with a similar situation. I'm attempting to access a secured wms layer. 

I tried the below:

private void  LayerWithCredentials(ESRI.ArcGIS.Client.Toolkit.DataSources.WmsLayer layer)

{

    WebClient wmsRequest= new WebClient();

    wmsRequest.DownloadStringCompleted += (sender, args) =>

    {

        map.Layers.Insert(0, layer);

    };

    ICredentials creds = new NetworkCredential("username", "password");

    wmsRequest.Credentials = creds;

    wmsRequest.UseDefaultCredentials = true;

    wmsRequest.DownloadStringAsync(new Uri(layer.Url));

}


but the credentials aren't passed through.
0 Kudos
JenniferNery
Esri Regular Contributor
You need to supply Credentials to the WMS layer before it gets initialized or added to the map control.

          <esri:WmsLayer ID="AGSWMSLayer" 
                     Credentials="{StaticResource MyCredentials}"                               
                     Url="http://secured/MapServer/WMSServer"          
                     Initialized="WmsLayer_Initialized"/>


How do you secure the WMS service? Do you have Anonymous Authentication Disabled and either Basic or Windows Authentication Enabled? Also, can you check with Fiddler, if the web request to WMS server is followed by a 401-challenge?
0 Kudos
ArneDahlman
New Contributor III
Hi, thanks for the responses.

I don't see the Credentials property in the WmsLayer class.
I use version 2.1.0.446 of ESRI.ArcGIS.Client.Toolkit.DataSources.
Jennifer, what version are you using?


I ran a GetCapapilities request through my browser and checked the requests in fiddler and got the following sequence:

1. GetCapabilities request  -> 407 Response
Here I get prompted for user and password.

2. GetCapabilities request  -> 407 Response

3. GetCapabilities request  -> 401 Response

4. GetCapabilities request  -> 200 Response (and my result)
In this last request i se "Authorization: Basic" in the header.

Is this what you mean by a "401-challenge"?


The Silverlight viewer i develop is an internal application for local users on the lan only.
So far, there is no security on the local Services.
The WMS-service is on the internet, and is hosted by another athority.
0 Kudos
DaveRabrun
New Contributor
In the source code there is an #if directive that blocks the credentials propery for Silverlight. So I'm guessing they were only intending it to work with WPF.


#if !SILVERLIGHT
        private System.Net.ICredentials credentials;
        /// <summary>
        /// Gets or sets the network credentials that are sent to the host and used to authenticate the request.
        /// </summary>
        /// <value>The credentials used for authentication.</value>
        public System.Net.ICredentials Credentials
        {
            get { return credentials; }
            set
            {
                if (credentials != value)
                {
                    credentials = value;
                    OnPropertyChanged("Credentials");
                }
            }
        }
#endif
0 Kudos
JenniferNery
Esri Regular Contributor
Yes, that is correct. Credentials property is only for WPF because client authentication is handled by the browser in Silverlight.

Do you use a Proxy? I think you need to include the username and password in the proxy.config

    <!-- serverUrl options:
            url = location of the ArcGIS Server, either specific URL or stem
            matchAll = true to forward any request beginning with the url
            token = (optional) token to include for token secured services, usually a long-term token
            tokenUrl = (optional) token service for a Web site (url)
            timeout = (optional) short-term timeout for a token in minutes
            username = (optional) username for a token or http secured site
            password = (optional) password for a token or http secured site
            domain = (optional) domain for an http secured site           
    -->

<serverItem url="http://kml-samples.googlecode.com/svn/trunk"
matchAll="true" domain="mydomain" username="myusername" password="mypassword" />

Also when you define Authentication on the Proxy website, make sure that Anonymous Authentication is Disabled and either Basic or Windows Authentication enabled.
0 Kudos
ArneDahlman
New Contributor III
I guess you mean something like the SLProxyPage from the documentation.

I tried to use the SLProxyPage from the documentation, http://help.arcgis.com/en/webapi/silverlight/help/SLProxyPage.zip

I can't get it to work. I have tried both using it directly from visual studio and also deploying it as a web site on our IIS.
If I configure it for basic authentication, I get prompted for user/password, but this is only for our IIS, not the server hosting the WMS-service.
The proxy.config seems to be ignored in this case.

Maybe SLProxyPage only supports token-based authentication?


I have read the documentation
http://help.arcgis.com/en/webapi/silverlight/help/index.html#/Secure_services/016600000022000000/

and  I belive that it's the section "HTTP/Windows authentication" that applies here.

Then the solution seems to be to develop a new IHttpHandler or pherhaps to modify SLProxyPage.


Any other ideas?
0 Kudos