Community
Select to view content in your preferred language

Consuming Secured SOE's in Silverlight 4

750
1
06-01-2011 09:04 AM
BrianMeyers
by
Occasional Contributor
‎06-01-2011 09:04 AM
According to Microsoft, Firefox does not pass the client Referer, we've noticed the same for Chrome. 

http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.headers(VS.95).aspx

When security is enabled a token is needed access the service.  The Referer is embedded in the token and used to authenicate.  If the referer does not match the value embedded in the token, an "invalid token" error is returned.  Since Firefox doesn't pass a referer it obviously won't match.  This effectively means that there is no way to support FireFox when the application consumes a secure service and the required token is embedded in the client. 

As a work around I use the ESRI proxy page to handle the server requests. This solution works because the request is server to server and avoids the client referer issue. The solution works well.

Now enter the SOE.  You guessed it, a secured SOE.  All of the ESRI samples I've seen of consuming SOE's in Silverlight are client side. This gets us back the referer problem.

Has anyone run into this?  If so, were you able come up with a solution? 

Any help would be appreciated.
0 Kudos
1 Reply
BrianMeyers
by
Occasional Contributor
‎06-21-2011 06:36 AM
Further testing shows that this is not a problem with Chrome, only Firefox.  I have this working now if anyone is interested.  The code is listed below. 

This line is the fix: 
WebRequest.RegisterPrefix("http://",System.Net.Browser.WebRequestCreator.ClientHttp);

namespace SilverlightApplication1
{
    public partial class MainPage : UserControl
    {
        public MainPage()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, RoutedEventArgs e)
        {
            string host = "<your host>";
            string token = "<ags token>";
            string lrsn = "1";

            string serviceUrl = String.Format("http://{0}/ArcGIS/rest/services/External/Parcel/MapServer/exts/ParcelRestSoe/GetReport?token={1}&LRSN={2}&f=json", host, token, lrsn);

            WebRequest.RegisterPrefix("http://", System.Net.Browser.WebRequestCreator.ClientHttp);
           
            WebClient client = new WebClient();
            client.OpenReadCompleted += new OpenReadCompletedEventHandler(OpenReadComplete);
            client.OpenReadAsync(new Uri(serviceUrl));
        }

        void OpenReadComplete(object sender, OpenReadCompletedEventArgs a)
        {
            if (a.Error == null)
            {
                DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(ParcelReport));
                ParcelReport report = (ParcelReport)serializer.ReadObject(a.Result);

                MessageBox.Show(report.Address1);
            }
            else
            {
                MessageBox.Show(a.Error.Message);
            }
        }
    }

    [DataContract]
    public class ParcelReport
    {
         ...
    }
}
0 Kudos