noticed that api called checkUsernames in ArcGIS portal sharing rest api directory is allowed by all type of users.
is there way to secure or limit consuming this api "/portal/sharing/rest/community/checkUsernames"
Hi,
I had made this request few years ago, and I received the following update last week from support:
ENH-000139194 - Disable anonymous access to /sharing/rest/community/checkUsernames when portal is configured to disable self-signup
Status: Implemented (Learn More )
Version Implemented: 11.0
I am running 11.1 and I confirm it is now solved.
In the meantime, we had restricted access using a reverse proxy. Don't think there is another solution if you are running ArcGIS Enterprise < 11.0
Hope that helps,
Nicolas
Hi, thank you for you feedback
Currently I am using 11.0 disabled anonymous access and portal configured to disable self-signup, this issue is still there
Hi @ahmedbadr2,
It's strange: I just made the test on a 11.0 Portal for ArcGIS and it works.
As soon as "Allow users to create new built-in accounts." is disabled, I get "You do not have permissions to access this resource or perform this operation" when not logged on /portal/sharing/rest/community/checkUsernames.
Anonymous access can be enabled.
Did you try in an incognito Window ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.