IWA Portal with secured feature service getting 401 unauthorized error

758
3
04-14-2020 12:02 PM
Nagendra_babuPasupuleti
New Contributor

Hi 

in our organization, we have developed a web application using Angular(7) and ArcGIS JS API(4.11). We were using API for authentication to log in to our application.

it was all working fine until we haven't turned on the IWA on the enterprise portal (10.7.1). After turning on the IWA enterprise portal we are getting 401 unauthorized error while accessing the secured feature services.

 

This is the code we are using for login

 

 const [Portal, OAuthInfo, esriId] = await loadModules([

 

      'esri/portal/Portal',

      'esri/identity/OAuthInfo',

      'esri/identity/IdentityManager'

    ]);

 

var info = new OAuthInfo({

appId: "<Registered App ID>",

popup: false,

portalUrl: "<Enterprise URL>"

});

esriId.registerOAuthInfos([info]);

return esriId.checkSignInStatus(info.portalUrl + "/sharing");

 

When IWA is turned on the user will get a popup asking for login creds and he gets authenticated using the domain login and I can see the access token getting generated.

but I am not able to access data from secured service.

 

we have not done any specific implementation to support IWA (Windows Authentication, web-tier on IIS) login in our app. As far as I understood the ArcGIS JS API’s IdentityManager should be able to take care of every case like IWA, non-IWA.

 

do we need to do any changes to support IWA? Are we missing anything?

 

When I turn off the IWA everything works fine.

 

The feature service is secured and is created with credentials stored in it on the same portal to which the user has access. This is the code we were using to load data feature service

 

const [Request] = await loadModules([

      'esri/request'

    ]);

query["f"] = "json";

//query has all the query parameters

return Request("<Secured Feature Service URl>" + "/query", { query });

 

interestingly what I have seen is, there is no token in calls to feature service. In the non-IWA case, once there is a token all the subsequent requests to the feature server will have that token.

I have not used any proxy.

I tried passing the token that I am getting after successful login into headers like X-Esri-Authorization header, Authorization header and as query parameter token to subsequent requests No Success. Screenshots for error and network details.

What happening here in our app is we have guards for every URL to check the sign-in status. After a successful login, the user will be redirected to the home page when his sign-in status is checked. The first two error calls are from check sign-in status which has token in it and the third error call is to the feature service.

 

 

 

 

Not sure if I have to implement anything that is specific to handle IWA in the code for the login. Any help would be appreciated.

Thanks

0 Kudos
3 Replies
Nagendra_babuPasupuleti
New Contributor

This is only happening when the portal and secured rest services are on different servers. In my case, angular and portal is on Server A, rest services are hosted on Server B and secured rest service URL's are created in portal on Server A.

0 Kudos
by Anonymous User
Not applicable

Hi Nagendra,

Can you please let us know the fix , if you've found a fix. My Server is federated to portal (10.8) .

Br

Saurabh

0 Kudos
RLee
by
New Contributor

Any updates on the possible solution?

It seems to be ok if we use portal_url:port_number/arcgis, but when we use portal_url/portal, which we should be using, it returns the 401 error.

Thanks!

0 Kudos