I typically like to include a bit of self-deprecation in my varied GeoNet posts and this will be no different. I have no idea what I am doing.
Short version: I have several services published to ArcGIS Server. Because these are potentially publicly available to anyone with knowledge of the service URL, I decided to secure certain services. Nonetheless, I want to be able to use these in web maps I am developing with the JS API and do so in a manner in which a user doesn't need to login to view the map.
After doing some reading, I have concluded (perhaps erroneously), that using tokens is the way to go.
In order to do so, I followed the steps at this useful site.
- I went to http://gisserver.domain.com:6080/arcgis/tokens (obviously, to my server...)
- I entered a user name, password, and selected HTTP Referer
- For the HTTP Referer, I entered the URL of the page from which the request is being made (the html page with the web map)
- I set expiration and format
- I generated the token
Once generated, I appended the generated token to the URL of the requested service (for example):
var heritage = new FeatureLayer({
url: "https://gisserver.domain.com:6443/arcgis/rest/services/ONHI/Heritage_EOs/MapServer/1?mnGTVoAhrbV0nEJOuR8G9Ps2noCClcwazQPsJ8spdOIBXpZnSCo_XW7kclwiM47MGfuOj4jvqdv9mGWgmj3snftaQ4sBehRiC2W9AqxrGvyaKECttAbp694lfOtXhi3nshOnoAQpeJCx2LWyJK2g6CfbxHwbZnw6sR3TmR7f0c-C0Ngv9Q0POHrM8ReqyCgb"
});
However, when I launch the page, I am still being prompted to enter the user name and password to access the service.
Again, allow me to repeat, I have no idea what I am doing. In all likelihood, I have gone about this completely wrong. Maybe there is a better way to do this; maybe I am making a really basic beginners error; maybe both of those are correct.
Regardless, I would like to solve this issue and your help is greatly appreciated.
