https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758722#M28785 <HTML><HEAD></HEAD><BODY><SPAN>Authentication or Authorization... which one are you trying to do with the "current user"?</SPAN><BR /><BR /><A href="http://resources.arcgis.com/en/help/main/10.2/0154/0154000004w2000000.htm">http://resources.arcgis.com/en/help/main/10.2/0154/0154000004w2000000.htm</A><BR /><BR /><BLOCKQUOTE class="jive-quote">Authentication is the process of verifying the identity of a user. In ArcGIS Server, this can be done by using either ArcGIS token-based authentication or web server authentication</BLOCKQUOTE><BR /><BR /><A href="http://resources.arcgis.com/en/help/main/10.1/0154/0154000005r6000000.htm">http://resources.arcgis.com/en/help/main/10.1/0154/0154000005r6000000.htm</A><BR /><BR /><BLOCKQUOTE class="jive-quote">ArcGIS Server provides a proprietary token-based authentication&nbsp; mechanism where users can authenticate themselves by providing a token&nbsp; instead of a user name and password. An ArcGIS token is a string of <SPAN style="text-decoration:underline;"> encrypted information that contains the user's name</SPAN>, the token expiration time, and some proprietary information. To obtain a&nbsp; token, a user provides a valid user name and password. ArcGIS Server&nbsp; verifies the supplied credentials and issues a token. <STRONG style="text-decoration: underline;">The user presents&nbsp; this token whenever accessing a secured resource</STRONG>.</BLOCKQUOTE><BR /><BR /><SPAN>The user supplies the username/password to ArcGIS Sever to get a token...</SPAN><BR /><BR /><SPAN>Once you get a token, as long as it lives, you supply this to every request you make to the ArcGIS server.&nbsp; If the username is encrypted, I hope we can't get the username from the token.</SPAN><BR /><BR /><SPAN>I believe that you need your web application to track this for you, if you want the current user.&nbsp; How would you otherwise track the tokens that are active in your session?</SPAN><BR /><BR /><SPAN>Plus...</SPAN><BR /><BR /><A href="http://support.esri.com/en/knowledgebase/techarticles/detail/41466">http://support.esri.com/en/knowledgebase/techarticles/detail/41466</A><BR /><BR /><BLOCKQUOTE class="jive-quote">For highest security, web-tier authentication is recommended.</BLOCKQUOTE></BODY></HTML> Mon, 25 Nov 2013 15:39:35 GMT LeoDonahue 2013-11-25T15:39:35Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758716#M28779 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>I've secured a MapService for a dedicated user within ArcGIS Server 10.1, so a valid login is needed to access the MapServices' data.</SPAN><BR /><BR /><SPAN>Is it possible to obtain the user's name within the REST API and if yes, how can this be achieved?</SPAN><BR /><BR /><SPAN>Kind regards!</SPAN></BODY></HTML> Fri, 22 Nov 2013 06:55:53 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758716#M28779 MU 2013-11-22T06:55:53Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758717#M28780 <HTML><HEAD></HEAD><BODY><SPAN>using api administrator rest you can see permissions (roles) of service ( </SPAN><A href="http://resources.arcgis.com/en/help/arcgis-rest-api/02r3/02r3000001tv000000.htm">http://resources.arcgis.com/en/help/arcgis-rest-api/02r3/02r3000001tv000000.htm</A><SPAN> ) and then you see users in roles ...</SPAN></BODY></HTML> Fri, 22 Nov 2013 08:06:12 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758717#M28780 nicogis 2013-11-22T08:06:12Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758718#M28781 <HTML><HEAD></HEAD><BODY><SPAN>Thank you for your fast response!</SPAN><BR /><BR /><SPAN>Is it also possible without the REST Admin API?</SPAN><BR /><BR /><SPAN>My situation is the following: I'm within my business logic (REST operation) and need the current user.</SPAN></BODY></HTML> Fri, 22 Nov 2013 10:29:39 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758718#M28781 MU 2013-11-22T10:29:39Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758719#M28782 <HTML><HEAD></HEAD><BODY><SPAN>Any suggestions?</SPAN></BODY></HTML> Mon, 25 Nov 2013 11:19:50 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758719#M28782 MU 2013-11-25T11:19:50Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758720#M28783 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">My situation is the following: I'm within my business logic (REST operation) and need the current user.</BLOCKQUOTE><BR /><SPAN>Wouldn't this be handled by your web server?&nbsp; Getting the current user of the session?</SPAN></BODY></HTML> Mon, 25 Nov 2013 13:45:47 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758720#M28783 LeoDonahue 2013-11-25T13:45:47Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758721#M28784 <HTML><HEAD></HEAD><BODY><SPAN>Well, I'm using the users and roles from ArcGIS Server's built-in store, so the first login-level is already the ArcGIS Server and not any other web server.</SPAN></BODY></HTML> Mon, 25 Nov 2013 14:52:49 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758721#M28784 MU 2013-11-25T14:52:49Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758722#M28785 <HTML><HEAD></HEAD><BODY><SPAN>Authentication or Authorization... which one are you trying to do with the "current user"?</SPAN><BR /><BR /><A href="http://resources.arcgis.com/en/help/main/10.2/0154/0154000004w2000000.htm">http://resources.arcgis.com/en/help/main/10.2/0154/0154000004w2000000.htm</A><BR /><BR /><BLOCKQUOTE class="jive-quote">Authentication is the process of verifying the identity of a user. In ArcGIS Server, this can be done by using either ArcGIS token-based authentication or web server authentication</BLOCKQUOTE><BR /><BR /><A href="http://resources.arcgis.com/en/help/main/10.1/0154/0154000005r6000000.htm">http://resources.arcgis.com/en/help/main/10.1/0154/0154000005r6000000.htm</A><BR /><BR /><BLOCKQUOTE class="jive-quote">ArcGIS Server provides a proprietary token-based authentication&nbsp; mechanism where users can authenticate themselves by providing a token&nbsp; instead of a user name and password. An ArcGIS token is a string of <SPAN style="text-decoration:underline;"> encrypted information that contains the user's name</SPAN>, the token expiration time, and some proprietary information. To obtain a&nbsp; token, a user provides a valid user name and password. ArcGIS Server&nbsp; verifies the supplied credentials and issues a token. <STRONG style="text-decoration: underline;">The user presents&nbsp; this token whenever accessing a secured resource</STRONG>.</BLOCKQUOTE><BR /><BR /><SPAN>The user supplies the username/password to ArcGIS Sever to get a token...</SPAN><BR /><BR /><SPAN>Once you get a token, as long as it lives, you supply this to every request you make to the ArcGIS server.&nbsp; If the username is encrypted, I hope we can't get the username from the token.</SPAN><BR /><BR /><SPAN>I believe that you need your web application to track this for you, if you want the current user.&nbsp; How would you otherwise track the tokens that are active in your session?</SPAN><BR /><BR /><SPAN>Plus...</SPAN><BR /><BR /><A href="http://support.esri.com/en/knowledgebase/techarticles/detail/41466">http://support.esri.com/en/knowledgebase/techarticles/detail/41466</A><BR /><BR /><BLOCKQUOTE class="jive-quote">For highest security, web-tier authentication is recommended.</BLOCKQUOTE></BODY></HTML> Mon, 25 Nov 2013 15:39:35 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758722#M28785 LeoDonahue 2013-11-25T15:39:35Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758723#M28786 <HTML><HEAD></HEAD><BODY><SPAN>Plus...</SPAN><BR /><BR /><SPAN>Let's back up one level.&nbsp; REST is a stateless protocol.&nbsp; </SPAN><BR /><BR /><SPAN>So when you make a request to a REST endpoint, it doesn't remember who you are when you make another request, even a second later, unless you have a valid token for that web service endpoint that is not expired.&nbsp; And you have to supply that token upon every request you make...</SPAN><BR /><BR /><SPAN>If you want your application to remember who is currently using your application, then you have to control that at the web server tier.</SPAN></BODY></HTML> Mon, 25 Nov 2013 16:03:40 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758723#M28786 LeoDonahue 2013-11-25T16:03:40Z https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758724#M28787 <HTML><HEAD></HEAD><BODY><SPAN>Ah okay, I understand. Thanks a lot for your detailed explanation!</SPAN></BODY></HTML> Mon, 25 Nov 2013 17:02:42 GMT https://community.esri.com/t5/arcgis-enterprise-questions/arcgis-server-10-1-get-user-information-from/m-p/758724#M28787 MU 2013-11-25T17:02:42Z