Authenticating a web app to access web maps in Portal

10-23-2015 11:15 AM
New Contributor III

I am developing a web application to authenticate users outside of Portal. Once authenticated in the web app, the user should have access to Portal-based web maps within the custom web application. The only role Portal will play is hosting the web maps. Is it possible to set up a token such that the application itself is permitted access to the given resources within Portal, without requiring a separate Portal login?

0 Kudos
2 Replies
by Anonymous User
Not applicable

Portal for ArcGIS resources can be published to "everyone" (behind the firewall), or private (subset of personnel behind the firewall). If it is published to everyone, no authentication is required so long as they are part of the network. If the content is published as private, it requires a Named User login. To create an app that circumvents the Named User login to a "private" map, would be against the license agreement. It sounds like you just need ensure the web maps are correctly published to everyone (or those using the app will need to login).

New Contributor III

Perhaps my original post was unclear.  I was trying to authenticate users through my own web application, and after they had successfully authenticated, I wanted to allow them to access secure Portal resources through a map that I configured with the JavaScript API.  I didn't want the user to be prompted to log in twice, and I didn't want them to have individual Portal accounts.

I now have this working.  ESRI's application authentication pattern provides this functionality (ArcGIS Security and Authentication.)  The web app authenticates using a proxy (Esri/resource-proxy).  This allows the registered web application to login to Portal using a single application user and password without requiring each user to have an account on the ESRI Portal. This can be done without the proxy, but the proxy simplifies the security and token exchange.

While there are many articles mentioning application authentication, proxies, tokens, and the JavaScript API, there isn't a clear tutorial on how to combine them, which was the impetus for my original post.  Here are the basic steps required with some links to useful tips. It's not comprehensive, but maybe it will help someone else who is trying to sort it out.

  1. Set up your web application on your web server (this is your custom web site)
  2. Add and register your app in ArcGIS Online or Portal (Add items—Portal for ArcGIS (10.3 and 10.3.1) | ArcGIS for Server ). Use the URL of the new web site created in the previous step. Note the appId and appSecret.
  3. Set up the proxy on the same web server as the application (Esri/resource-proxy · GitHub ). Use the appId and appSecret from previous step.
  4. Configure the proxy using your server's settings (Esri/resource-proxy · GitHub )
  5. Write the JavaScript to display the map and access the secure resources after authenticating (Using the proxy | Guide | ArcGIS API for JavaScript )