Connecting to secure map service within javascript app

930
6
Jump to solution
03-02-2020 07:16 AM
DarrylHilton
New Contributor III

Hi

I have read all kinds of help documentation on this subject but can't seem to find the best fit, or get any to work. I have written the javascript app below. The layer being used is secured as I would not want the contents being made available to everyone, except for people who are using the app. They will have already logged in to get this far so I just need the application to handle the logging in to get the map data back. (ie at the moment it asks for an ArcGIS server log in). I can find lots of information about accessing secure applications, but not specific layers within a javascript app...any help would be great.

<html>
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>DH Test Map</title>
    <style>
      html, body, #viewDiv {
        padding: 0;
        margin: 0;
        height: 100%;
        width: 100%;
      }
    </style>
 
 <link rel="stylesheet" href="https://js.arcgis.com/4.14/esri/themes/light/main.css">
 <script src="https://js.arcgis.com/4.14/"></script>
 
 
  <script>
    require([
    "esri/WebMap",
    "esri/views/MapView",
 "esri/layers/FeatureLayer",
 "esri/core/urlUtils",
 "esri/tasks/support/Query",
    ], function(WebMap, MapView, FeatureLayer, urlUtils, Query) {
 
 
     var urlObject = urlUtils.urlToObject(document.location.href);
  runValidaty(urlObject);
  
    var impactedPropertiesLayer = new FeatureLayer({
   url: "https://MYENTERPRISESERVER/server/rest/services/TEST/AffectedPropertiesSecure/MapServer/0",
   definitionExpression:expression,
   popupTemplate: { title: "{UPRN}", content: "{ImpactLevel_ID}"},
  });
  
  impactedPropertiesLayer.when(function() {
   return impactedPropertiesLayer.queryExtent();
   }).then(function(response) {
   view.goTo(response.extent);
  });

  var webmap = new WebMap({
   portalItem: {
     id: "1a409e5d6939452cbb27fee5f05a2140"
   }
  });

  var view = new MapView({
   container: "viewDiv",
   map: webmap,
   zoom: 6
  });
  

     
 webmap.add(impactedPropertiesLayer)

 var expression;
 function runValidaty(UrlPropertiesObj){
 expression ="";
 Object.keys(UrlPropertiesObj.query).forEach(function(key,index) {
 
 var objectValue = UrlPropertiesObj.query[key];
 if(objectValue){
 //first time round
 
 if(parseInt(objectValue)){
 expression += key + "="+objectValue+"";
  
 }else{
 expression += key + "='"+objectValue+"'";
 }
  
  
 var nextObj = Object.keys(UrlPropertiesObj.query)[index+ 1];
  if(UrlPropertiesObj.query[nextObj]){
  //yes there is a property in the next loop
  expression += "AND "
  }
  }
 
 });
 }
 

   
    });
  </script>
</head>
<body>
  <div id="viewDiv"></div>
</body>
</html>

0 Kudos
1 Solution

Accepted Solutions
DarrylHilton
New Contributor III

I got it this working using some of the elements in this documentation: https://support.esri.com/en/technical-article/000017029

In summary, rather than linking people around


I published a secure map service in ArcGIS Server
Hosted that service in Portal using my credentials
Limited use to that hosted service to the url of the ap accessing it
Made the hosted service public
Added the URL of the hosted service to my code

View solution in original post

0 Kudos
6 Replies
RobertScheitlin__GISP
MVP Esteemed Contributor

Darryl,

 You would setup and use a proxy as discussed in this thread.

https://community.esri.com/thread/236738-layer-is-using-proxy-when-set-to-visible-and-it-shouldnt-us... 

0 Kudos
DarrylHilton
New Contributor III

Do I need to go down the route of having my own proxy? The agol proxy option only seems relevant for premium services as it asks for me to select geocoding etc, where as this is just viewing a map service. 

seems this process could be an awful lot easier

0 Kudos
RobertScheitlin__GISP
MVP Esteemed Contributor

Yep, your own proxy if you are going to be storing credentials for your secured service.

0 Kudos
BenElan
Esri Contributor

This is actually now the preferred method for storing credentials: How To: Limit access to secured hosted services in ArcGIS Online for public-facing web applications 

We are trying to move away from the resource proxy. Storing credentials using the resource proxy for the purpose of bypassing authentication is against the Terms & Conditions. There was a little paragraph added to the github page

Ensure that you follow the Terms & Conditions of the Esri systems and software that you are working with. In general, it is not permitted to embed credentials in a resource proxy for the purpose of bypassing Named User authentication (i.e. the principle that each end-user must have their own unique login). This is true both when using a resource proxy with ArcGIS Online as well as for ArcGIS Server sites federated as part of an ArcGIS Enterprise deployment

DarrylHilton
New Contributor III

Hi, thanks for the reply, but I don't think that is answering my issue. I have a layer published with ArcGIS server (also available via Portal) (currently secured so only I can see it) which I need to use in some javascript I have written (above) not in a web map template from ArcGIS Online which those instructions seem to refer too

0 Kudos
DarrylHilton
New Contributor III

I got it this working using some of the elements in this documentation: https://support.esri.com/en/technical-article/000017029

In summary, rather than linking people around


I published a secure map service in ArcGIS Server
Hosted that service in Portal using my credentials
Limited use to that hosted service to the url of the ap accessing it
Made the hosted service public
Added the URL of the hosted service to my code

0 Kudos