Authentication, user logins and Flex in a .NET framework

ionarawilson1 · ‎10-10-2012

Does anybody have any article, tutorial or link to instructions on how to integrate FLEX in a .NET environment, specially with respect to authentication? How do we create user logins (which the user could create his own login and password) with Flex in a .NET environment? I looked all over the web and can't find anything on this topic.

BenjaminMercier · ‎06-25-2013

Hi everybody,

I download the folder Aaron gently shared.
I follow indications here and on this thread: http://forums.arcgis.com/threads/25899-Login-Screen-for-the-Flexviewer?p=134959&viewfull=1#post13495..., especially what Phillip gave as install instructions:

Modify my index.mxml as explained (add the part of code to display the login form, validate functions and replace the localhost by my server name...)

Paste the ArcGIS_Security folder on my wwwroot

Give IIS_IUSRS read/write permissions in IIS Manager

Convert this folder in application (still in IIS Manager)

But I still have 'Internal Database Error'. I don't really know what I did wrong, if anybody could help me, it would be great.

FYI I'm working on ArcGIS Viewer for Flex 3.2 on source code.

Thanks in advance,

Ben

AaronNash1 · ‎07-01-2013

try copying the flex and security site to your webserver, I had similar issues when trying it on my local machine.

BenjaminMercier · ‎07-01-2013

Hello Aaron,

Thanks for your answer.
Indeed, my project is, for now, deployed on my local IIS machine and not in the IIS server of the entreprise. I hoped that it wasn't the problem because I have to finish to develop the application before deploying it on the webserver...
I'll come back on this threads in few weeks, when I'll be able to try it on the general web server.
Thanks you for the advise.

Last question, does anybody managed to mix this authentification with the security by tokens from ArcGIS Server? I mean that I'd like to put this double security and in the same time have only one form for authentification. For the moment if I put token security I have one form for the .NET component authentification and then the flex form authentifiction to be able to show the secured layer. Is it possible to do both in the same form at the beginning?

Benjamin

AaronNash1 · ‎07-01-2013

I have not done the anything with using OAuth, but I did change the way a user authenticates in the flexviewer by using pop-up manager for the login form. Does not use a webservice and allows me to have specific users for every website. Attached is a modified index.mxml file, the code for the popup, and an xml file for usernames and passwords.

Just replace the index.mxml file (or modify yours), add the data.xml file in the same location as the index.mxml, and copy the PasswordMode.mxml to the com\esri\viewer folder. A little easier than using a webservice

BenjaminMercier · ‎07-02-2013

Hi Aaron,

Thanks for this security advice. It works well, I guess I just have to create the TitleWindow_Close skinClass in com.esri.viewer to customize the opening PopUp in order to delete the close button, am I right?
This could be a great solution for authentification, but in another way, using a webservice for authentification should be better for me, it could permit me to associate a file config.xml which should be loaded with the user authentified. This can't be possible with your popup authentification except if I pass this config in URL.
But if I can 'mix' that popup with an arcgis Security token it could be enough for us, is that possible?

But indeed, for people who don't have the same needs as mine, it's a really easier way to be authentified in the application, so thanks you a lot.

Have you ever thought about SSL security??

Thanks for all your quick answers.
Ben

AaronNash1 · ‎07-02-2013

you are right, attached is the titlewindow_close skin, that removes the close button. I have never needed to do enhanced security using SSL. One of my colleagues created a new ArcServer instance and set it up on an internal port that was blocked to external traffic. That allowed him to serve up protected web services on our production webserver without having to enable security in ArcServer.

BenjaminMercier · ‎07-02-2013

I will manage with that, and wait to put my webservice and application on the webserver because I really would like to associate an authentified user to an specific config.xml without using URL parameters.
Thanks for your help and advises.

Ben

saurabhgupta2 · ‎09-09-2014

Hello Everyone

I have a complied version of flexviewer 3.6 . Can anyone suggest me how to put a logoin screen in that .

Regards

Saurabh

RobertScheitlin__GISP · ‎09-09-2014

Saurabh,

Adding the login screen requires a recompile of the Viewer source code after changes have been made so you can not use the compiled viewer for this.