Community

ArcGIS Server 10.1: Get user information from secured MapService

753
8
11-21-2013 10:55 PM
MU
by
New Contributor III
‎11-21-2013 10:55 PM
Hi,

I've secured a MapService for a dedicated user within ArcGIS Server 10.1, so a valid login is needed to access the MapServices' data.

Is it possible to obtain the user's name within the REST API and if yes, how can this be achieved?

Kind regards!
Tags (2)
0 Kudos
8 Replies
nicogis
by MVP Frequent Contributor
MVP Frequent Contributor
‎11-22-2013 12:06 AM
using api administrator rest you can see permissions (roles) of service ( http://resources.arcgis.com/en/help/arcgis-rest-api/02r3/02r3000001tv000000.htm ) and then you see users in roles ...
0 Kudos
MU
by
New Contributor III
‎11-22-2013 02:29 AM
Thank you for your fast response!

Is it also possible without the REST Admin API?

My situation is the following: I'm within my business logic (REST operation) and need the current user.
0 Kudos
MU
by
New Contributor III
‎11-25-2013 03:19 AM
Any suggestions?
0 Kudos
LeoDonahue
by
Occasional Contributor III
‎11-25-2013 05:45 AM
My situation is the following: I'm within my business logic (REST operation) and need the current user.

Wouldn't this be handled by your web server?  Getting the current user of the session?
0 Kudos
MU
by
New Contributor III
‎11-25-2013 06:52 AM
Well, I'm using the users and roles from ArcGIS Server's built-in store, so the first login-level is already the ArcGIS Server and not any other web server.
0 Kudos
LeoDonahue
by
Occasional Contributor III
‎11-25-2013 07:39 AM
Authentication or Authorization... which one are you trying to do with the "current user"?

http://resources.arcgis.com/en/help/main/10.2/0154/0154000004w2000000.htm

Authentication is the process of verifying the identity of a user. In ArcGIS Server, this can be done by using either ArcGIS token-based authentication or web server authentication


http://resources.arcgis.com/en/help/main/10.1/0154/0154000005r6000000.htm

ArcGIS Server provides a proprietary token-based authentication  mechanism where users can authenticate themselves by providing a token  instead of a user name and password. An ArcGIS token is a string of encrypted information that contains the user's name, the token expiration time, and some proprietary information. To obtain a  token, a user provides a valid user name and password. ArcGIS Server  verifies the supplied credentials and issues a token. The user presents  this token whenever accessing a secured resource.


The user supplies the username/password to ArcGIS Sever to get a token...

Once you get a token, as long as it lives, you supply this to every request you make to the ArcGIS server.  If the username is encrypted, I hope we can't get the username from the token.

I believe that you need your web application to track this for you, if you want the current user.  How would you otherwise track the tokens that are active in your session?

Plus...

http://support.esri.com/en/knowledgebase/techarticles/detail/41466

For highest security, web-tier authentication is recommended.
0 Kudos
LeoDonahue
by
Occasional Contributor III
‎11-25-2013 08:03 AM
Plus...

Let's back up one level.  REST is a stateless protocol. 

So when you make a request to a REST endpoint, it doesn't remember who you are when you make another request, even a second later, unless you have a valid token for that web service endpoint that is not expired.  And you have to supply that token upon every request you make...

If you want your application to remember who is currently using your application, then you have to control that at the web server tier.
0 Kudos
MU
by
New Contributor III
‎11-25-2013 09:02 AM
Ah okay, I understand. Thanks a lot for your detailed explanation!
0 Kudos