Select to view content in your preferred language

Secure Portal REST API Check User Names

642
3
06-04-2023 04:24 AM
Status: Open
ahmedbadr2
Emerging Contributor

noticed that api called checkUsernames in ArcGIS portal sharing rest api directory is allowed by all type of users.

is there way to secure or limit consuming this api "/portal/sharing/rest/community/checkUsernames"

Tags (1)
3 Comments
NicolasGIS

Hi,

I had made this request few years ago, and I received the following update last week from support:


ENH-000139194 - Disable anonymous access to /sharing/rest/community/checkUsernames when portal is configured to disable self-signup

Status: Implemented (Learn More )
Version Implemented:  11.0

 

I am running 11.1 and I confirm it is now solved.

In the meantime, we had restricted access using a reverse proxy. Don't think there is another solution if you are running ArcGIS Enterprise < 11.0

Hope that helps,

 

Nicolas

ahmedbadr2

Hi, thank you for you feedback

Currently I am using 11.0 disabled anonymous access and portal configured to disable self-signup, this issue is still there

NicolasGIS

Hi @ahmedbadr2,

It's strange: I just made the test on a 11.0 Portal for ArcGIS and it works.

As soon as "Allow users to create new built-in accounts." is disabled, I get "You do not have permissions to access this resource or perform this operation" when not logged on /portal/sharing/rest/community/checkUsernames.

Anonymous access can be enabled.

Did you try in an incognito Window ?