How to control security on offline layers?

2835
5
07-30-2015 01:14 PM
PaulHaakma
Regular Contributor

Hi all.

Am looking for some direction on how to control secure login on offline layers - how would or does this work?

E.g. We have a secured service, user logs in whilst online, the app generates a local copy for offline use. The app closes. Then, at a later time, the user opens up the app (with no network access) - at this point, how can or should we handle login access?

Thanks,

-Paul

0 Kudos
5 Replies
ThomasColson
MVP Frequent Contributor

I don't have an answer to your question, but I sure am interested in how you're enabling offline data. The documentation assumes the App Builder is graduate of a 4-year computer science degree. Perhaps, with your reply, I'll figure it out, as I have the same requirement (restrict access to offline).

0 Kudos
PatrickWild3
New Contributor III

Hi Thomas,

See my post 'Deploy Local Offline Data'. I've posted code there that will successfully copy prebuilt .geodatabase to the local AppPlayer Data folder. Unfortunately, I haven't figured out how to copy to device data folder locations, nor does this seem to work on device AppPlayers. So, I guess I have the same question for Paul as you. kWhere do you write your .geodatabase, Paul?

Regarding Paul's question, I would see this as a moot point. The user shouldn't be required to authenticate as the data is local, on their device. Or am I missing something?

Also, I agree the App Studio documentation is a bit 'light', and doesn't really explain how to accomplish much at all, it is a beta release after all. You can Check out ArcGIS Runtime SDK for Qt QML API: Main Page​ for some reference, it's the same QML, but different...

PW

PaulHaakma
Regular Contributor

Hi Patrick

I guess there are two different methods depending on whether you want to deploy 'prebuilt' geodatabase files or download them from within the app. Both are possible. The 'Local Geodatabase Editing' sample app was enough to get us going on creating and downloading an offline geodatabase from a feature service. Regarding deploying existing files, I have successfully copied files to Windows, Android and iOS (using iTunes) devices which the app then picks up and uses, whether using AppPlayer or native. I define some paths using variables such as:

readonly property string apppath:  AppFramework.userHomeFolder.filePath("myAppFolder")

readonly property string gdbpath:  apppath + "/gdb/my.geodatabase"

When I get to the point in my code where I am working with the Geodatabase object, I would then use:

Geodatabase{

path: gdbFolder.fileExists(gdbpath) ? gdbpath:  geodatabaseSyncTask.geodatabasePath

}

So if there is a file called "my.geodatabase" in that folder it uses it, else it's ready for the synctask to generate (see the sample app for the rest of the necessary code).

Regarding the original question - whether the user 'should' be required to log in when there is already a local copy is certainly a developer choice dependant on your own security needs. You're right, many apps would be content to assume that if the user is able to access the device then they should be allowed access to the app, but the question is around what if you did want that extra level of security? I'd be interested to know how anyone else would handle this within the AppStudio/Arcgis QML runtime world...

0 Kudos
PatrickWild3
New Contributor III

Hi Paul,

I am wondering how you implemented the secure login to access the feature services to create an offline geodatabase?

The Local Geodatabase Editing sample also got me going along with a User Credentials dialog that was passed along to me. Everthing works inside my domain but fails on external network.

I seem to be having issues with the ServiceInfoTask as I can access my Feature Service on an external network but "Getting service info" does not complete.

When I run the User Credentials sample with my own services off our network I almost see the opposite, 'Successfully connected to the Service info task" but see "qml: Layer create error: Authentication required." in teh console. This sample seem to also work on our network.

Do you have any ideas? Would you be able to provide samples as to how you create the secure login for the Local Geodatabase Editing sample?

Thanks,

PW

0 Kudos
PaulHaakma
Regular Contributor

Hi Patrick

Sounds like you're having difficulty accessing a secure service at all, is a bit hard to help without knowing more about your situation. Some suggestions to look at might include:

Does the 'Local Geodatabase Editing' sample app, using the Esri sample services work fine (inside/outside of your domain/network)?

Is there a proxy setup to consider on your network? (see my separate query re proxy)  How to detect if a network proxy is being used?   Although your issue might be the other way around, if you're having difficulty accessing your network from externally.

I'm using a sign in to Portal and haven't played around much connecting to Arcgis Server directly, in my case, once successfully signed in to Portal then the Identity Manager takes over and controls the token access for all the layers.

If still stuck, you might need to get someone from the appstudio team involved and share some code with them to look at...?

Feel free to email me direct if you want to continue conversation - paul@gpsit.co.nz

0 Kudos