https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720790#M66899 <HTML><HEAD></HEAD><BODY><P>Dirk,</P><P></P><P>&nbsp; So the way I do this is add a serverUrl in the proxy.config for your ArcGIS Server services that are secure </P><P><SPAN>&lt;serverUrl url="</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fxxx.xxxx.com%2Farcgis%2Frest%2Fservices" rel="nofollow" target="_blank">https://xxx.xxxx.com/arcgis/rest/services</A><SPAN>" matchAll="true" username="your user name" password="your password"/&gt;</SPAN></P></BODY></HTML> Thu, 17 Mar 2016 16:27:58 GMT RobertScheitlin__GISP 2016-03-17T16:27:58Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720787#M66896 <HTML><HEAD></HEAD><BODY><P>We have the full stack of ArcGIS Server and Portal hosted on-premise. We've authored a map service that is secured. In Portal we created a web map that uses an ArcGIS Online basemap and the secured map service. We then wrote a simple JS application that serves the web map. It requires the user to enter credentials - we do not want users to enter credentials, yet the map service must remain secure.</P><P></P><P>Enter the proxy, download from <A href="https://github.com/Esri/resource-proxy/releases" title="https://github.com/Esri/resource-proxy/releases" rel="nofollow noopener noreferrer" target="_blank">Releases · Esri/resource-proxy · GitHub</A></P><P></P><P>Following the instructions here: <A href="https://developers.arcgis.com/javascript/jshelp/tutorial_sharing_maps_secure_layers.html" title="https://developers.arcgis.com/javascript/jshelp/tutorial_sharing_maps_secure_layers.html" rel="nofollow noopener noreferrer" target="_blank">Sharing maps with secure layers | Guide | ArcGIS API for JavaScript, <BR /></A></P><P>...adding the appropriate urlUtils and proxy.configs</P><P>Results in a 403 error.</P><P></P><P>The JS is here:</P><PRE class="lia-code-sample line-numbers language-none">urlUtils.addProxyRule({ <SPAN>&nbsp;&nbsp; urlPrefix: "</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fsubdomain.domain.com" target="_blank">https://subdomain.domain.com</A><SPAN>",</SPAN> &nbsp;&nbsp; proxyUrl: "proxy/proxy.ashx" }); <SPAN>arcgisUtils.arcgisUrl = "</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fsubdomain.domain.com%2Fportal%2Fsharing%2Fcontent%2Fitems" target="_blank">https://subdomain.domain.com/portal/sharing/content/items</A><SPAN>";</SPAN> arcgisUtils.createMap("&lt;WEB_MAP_ID&gt;","map").then(function(response){});</PRE><P></P><P>The content of the proxy.config has:</P><PRE class="lia-code-sample line-numbers language-none">&lt;serverUrl clientId="&lt;ClientID&gt;" clientSecret="&lt;Client_Secret" rateLimit="0" <SPAN>rateLimitPeriod="1" matchAll="true" url="</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fsubdomain.domain.com%2Farcgis%2Frest%2Fservices%2FMapService%2FMapServer" target="_blank">https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer</A><SPAN>"/&gt;</SPAN></PRE><P></P><P>As per the sample. Yet I still get the 403</P><P><SPAN style="color: #e23d39;"><SPAN>GET </SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fsubdomain.domain.com%2Fproxytest%2Fproxy%2Fproxy.ashx%3Fhttps%3A%2F%2Fsubdomain.domain%E2%80%A6d189aa97%3Ff%3Djson%26callback%3Ddojo.io.script.jsonp_dojoIoScript1._jsonpCallback" target="_blank">https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain…d189aa97?f=json&amp;callback=dojo.io.script.jsonp_dojoIoScript1._jsonpCallback</A><SPAN> 403 (Forbidden)</SPAN></SPAN></P><P></P><P><SPAN style="color: #303030;">Can anyone with experience in this realm help provide insight for me please. TIA</SPAN></P></BODY></HTML> Sun, 12 Dec 2021 06:50:22 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720787#M66896 DirkVandervoort 2021-12-12T06:50:22Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720788#M66897 <HTML><HEAD></HEAD><BODY><P>Dirk,</P><P></P><P>&nbsp; I always make my proxy.config serverUrl url less specific:</P><PRE __default_attr="javascript" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14581790082136076 jive_text_macro" data-renderedposition="86_8_1332_16" jivemacro_uid="_14581790082136076" modifiedtitle="true"><P><SPAN>&lt;serverUrl clientId="&lt;ClientID&gt;" clientSecret="&lt;Client_Secret&gt;" rateLimit="0" rateLimitPeriod="1" matchAll="true" url="</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fsubdomain.domain.com" rel="nofollow" target="_blank">https://subdomain.domain.com</A><SPAN>"/&gt;</SPAN></P></PRE><P></P><P>Also have to tested your proxy?</P><P><A href="https://subdomain.domain.com/proxytest/proxy/proxy.ashx?ping" title="https://subdomain.domain.com/proxytest/proxy/proxy.ashx?ping">https://subdomain.domain.com/proxytest/proxy/proxy.ashx?ping</A> </P><P>and</P><P><A href="https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer?f=json" title="https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer?f=json">https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/services/MapService/Map…</A> </P></BODY></HTML> Thu, 17 Mar 2016 01:45:36 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720788#M66897 RobertScheitlin__GISP 2016-03-17T01:45:36Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720789#M66898 <HTML><HEAD></HEAD><BODY><P>Hi Robert:</P><P></P><P>Getting closer... Thanks!</P><P></P><P><A href="https://webadaptor.power360web.com/proxytest/proxy/proxy.ashx?https://webadaptor.power360web.com/arcgis/rest/services/SampleWorldCities/MapServer?f=json" title="https://webadaptor.power360web.com/proxytest/proxy/proxy.ashx?https://webadaptor.power360web.com/arcgis/rest/services/SampleWorldCities/MapServer?f=json">https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/services/Sa…</A> </P><P></P><P>returns:</P><P>{"error":{"code":499,"message":"Token Required","details":[]}}</P><P></P><P>So my proxy is working and interrogating the map service and is seeing that it's secure...</P><P></P><P>...which raises the question: Why is the proxy not working to access the secure services behind the scenes?</P><P></P><P>I'm still trying to wrap my head around how this works with the ArcGIS Portal. I create a "generic" app which gives me a ClientID and ClientSecret. This is what gets registered in the proxy.config file. My question is: How is the security to the map service relate to the security of the generic app with its ClientID and ClientSecret?</P><P></P><P>What I'd really like to do is have a ClientID and ClientSecret for my Web map. Is there a way I can create that security? Or am I constrained to use the generic apps?</P><P></P><P>Hopefully you or someone else with more grey matter than I've got can help answer that question...</P><P></P><P>--Dirk</P></BODY></HTML> Thu, 17 Mar 2016 15:26:20 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720789#M66898 DirkVandervoort 2016-03-17T15:26:20Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720790#M66899 <HTML><HEAD></HEAD><BODY><P>Dirk,</P><P></P><P>&nbsp; So the way I do this is add a serverUrl in the proxy.config for your ArcGIS Server services that are secure </P><P><SPAN>&lt;serverUrl url="</SPAN><A class="jive-link-external-small" href="https://community.esri.com/external-link.jspa?url=https%3A%2F%2Fxxx.xxxx.com%2Farcgis%2Frest%2Fservices" rel="nofollow" target="_blank">https://xxx.xxxx.com/arcgis/rest/services</A><SPAN>" matchAll="true" username="your user name" password="your password"/&gt;</SPAN></P></BODY></HTML> Thu, 17 Mar 2016 16:27:58 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720790#M66899 RobertScheitlin__GISP 2016-03-17T16:27:58Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720791#M66900 <HTML><HEAD></HEAD><BODY><P>Getting closer!</P><P></P><P>Robert: Are you using enterprise security? Or internal (AGS) security?</P><P></P><P>TIA</P></BODY></HTML> Thu, 17 Mar 2016 20:24:00 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720791#M66900 DirkVandervoort 2016-03-17T20:24:00Z https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720792#M66901 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #3d3d3d; font-family: arial, helvetica, 'helvetica neue', verdana, sans-serif; font-size: 14px;"> internal (AGS) security</SPAN></P></BODY></HTML> Thu, 17 Mar 2016 20:25:22 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/serve-a-js-map-app-through-a-proxy-that-publishes/m-p/720792#M66901 RobertScheitlin__GISP 2016-03-17T20:25:22Z