topic Re: Token Authentication Help in ArcGIS Enterprise Questions

Token Authentication Help

KristenJones1 — Fri, 01 Mar 2013 17:40:33 GMT

I am trying to secure a feature service by using Tokens with my Javascript API application. The documentation seems a little lax with the new token setup for 10.1 and I am having problems with connecting to my REST services.

For example in admin to generate the token, it asks for the HTTP referer:.. does it have to be the exact page, the Domain, can it be just the domain or Domain and folder, hoes it HAVE to be HTTPS or can HTTP work? In teh admin you can enter any # of Days but the drop down to create the token only has 1 year max.

Access to test the token without pulling my hair trying to figure it out. You use to be able to include the token in the URL

http://resources.esri.com/help/9.3/arcgisserver/apis/javascript/arcgis/help/jshelp_start.htm#jshelp/ags_security.htm

for (non working example from the help) : http://premium.arcgisonline.com/Server/rest/services/ESRI_StreetMap_World_2D/MapServer?token=5fFo4%2fI4Tv8IGSqSYbpUNORRD%2fYxXMSPopt9CMknpXIjEVqYGm3uuQnU

However I can't get this to access using my REST URL and the Token. To test, when I generate the Token, In the HTTP referer: I am using the URL of my ArcGIS server, 1 year and HTML format. but I try going to the URL in a browser. IT automatically redirects to the REST login page.

Can anyone shed some light?

Thanks
Jason

Re: Token Authentication Help

PaulBelew — Mon, 04 Mar 2013 10:14:53 GMT

Hi!
We have this working ASP.NET code:
string sTokenUrl = "http://" + url.Host + "/gishpgen8/tokens/generateToken?";
        sTokenUrl = WebUtilities.setParameter(sTokenUrl, "username", "*");
        sTokenUrl = WebUtilities.setParameter(sTokenUrl, "password", "*");
        sTokenUrl = WebUtilities.setParameter(sTokenUrl, "clientrequestid", "ip." + sClientIP);
sTokenUrl += "&f=json";
string sJson = WebUtilities.loadJson(sTokenUrl);
Newtonsoft.Json.Linq.JObject jobj = Newtonsoft.Json.Linq.JObject.Parse(sJson);
if (jobj["token"] == null || jobj["token"].ToString() == "")
{
   lblError.Text = "*";
          HttpCookie cookie = new HttpCookie("ur");
          cookie.Value = sTokenUrl;
          cookie.Expires = DateTime.Now.AddMinutes(nMinutes);
          cookie.Path = "/";
          Response.Cookies.Add(cookie); // Add it to the header
        }
    else
    {
     HttpCookie cookie = new HttpCookie("agstoken");
     cookie.Value = jobj["token"].ToString().Substring(0, 43) + ".";
     cookie.Expires = DateTime.Now.AddMinutes(nMinutes);
     cookie.Path = "/";
     Response.Cookies.Add(cookie); // Add it to the header
     FormsAuthentication.RedirectFromLoginPage(txtLogin.Text, false);
     lblError.Text = "";

          cookie = new HttpCookie("ipp");
          cookie.Value = sClientIP;
          cookie.Expires = DateTime.Now.AddMinutes(nMinutes);
          cookie.Path = "/";
          Response.Cookies.Add(cookie); // Add it to the header

          cookie = new HttpCookie("ur");
          cookie.Value = sTokenUrl;
          cookie.Expires = DateTime.Now.AddMinutes(nMinutes);
          cookie.Path = "/";
          Response.Cookies.Add(cookie); // Add it to the header
}

Re: Token Authentication Help

KristenJones1 — Mon, 04 Mar 2013 12:20:32 GMT

That for the help, I see you are dynamically requesting the token (I actually don't need to do this) how are you sending it to the GIS server to authenticate it? In other words, what are you submitting to the REST to get the resource service?

I can't get http://www.ourdomain.org:6080/arcgis/rest/services/CustomMap/FeatureServer?token=xxxxxxxxxxxxxxxxxxxxxx to work

Hover over to see the URL... the forum is hiding the full link exmaple

Re: Token Authentication Help

KristenJones1 — Mon, 04 Mar 2013 12:35:21 GMT

If it helps, I tested the "Request Ip" to generate a token and it works, so the problem is what exactly to enter in the HTTP Referer. I need to use this type of Client authentication NOT Ip based

Re: Token Authentication Help

PaulBelew — Mon, 04 Mar 2013 12:38:51 GMT

what are you submitting to the REST to get the resource service?

I'm setting three cookies that are attached to each request: "agstoken", "ipp", "ur".
May be last two cookies are optional. But this configuration works for me.
I only copied situation after standard login from standard page: server/rest/login.

Re: Token Authentication Help

PaulHastings1 — Fri, 08 Mar 2013 10:12:33 GMT

from flex i've never been able to get referrer to work, only one of the IP flavors (our app settled on request-IP). only seems to work via plain HTTP calls & then the referrer value didn't seem to matter anyway.