Am I interpreting the documentation correctly if I read it as: "Referer header cannot be set FOR a silverlight application"?
Right. The developer can't set the Referer. This one is automatically set by the plugins but is depending on the browser, so is difficult to use.
That being said it's possible to access secured services from Silverlight:)
Likely your problem is coming from the way you generated the token.
You can either generate a short lived token (without client parameter in the web request getting the token) or a token associated to the current IP (by adding the parameter client=requestip in the web request).
Note that you don't have to give the IP address just the literal 'requestip'.
Hope that helps.
Thanks Dominique, I'll investigate the client=requestip option...I'm not sure where to begin but will search through the documentation. I'll report back with results or further questions. Thanks again for A. letting me know that it will work and B. offering a starting point for a solution.
Making the Token Service accessible from the Internet
As discussed above, ArcGIS Desktop, ArcGIS Explorer and Web ADF clients need access to the Token Service in order to request a token for secure services. When making an ArcGIS Server instance accessible of the Internet, you will need to change the URLs for accessing the Token Service so it can be found in the Internet.
When ArcGIS Server is installed, it stores the name of the machine in the URL for accessing the Tokens Service. In an intranet setting where that machine name can be resolved, this will work fine. However when you make that machine accessible over the Internet, the machine name will not be able to be resolved by your clients.
To fix this, you must change three web.config files in the rest, Services, and Tokens folder of your ArcGIS Server instance (<Web Root>\<ArcGIS Server Instance name>). Open each of these web.config files in a text editor and follow these steps:
Within the appSettings element find the element with the key: TokenServiceURL.
Change the value for this key from https://<machine name>/ArcGIS/tokens to https://<public domain name>/ArcGIS/tokens.
What is the version of your server?
When you use 'https://<webserver>/ArcGIS/Tokens/gettoken.html' do you see a check box 'IP Address of this request's origin' ?
Hi all,
For anyone that gets this issue after upgrading to 10.4.1, there is a new security setting that blocks GET token requests by default. We had to enable this again to get our proxy page working, via the ArcGIS admin page. For details, refer to http://server.arcgis.com/en/server/latest/administer/windows/enable-token-acquisition-through-an-htt...
