Hi,
We have secured services and have to make them available to non-esri js applications. Currently we generate a token for each session and send that with each request, which is easy to find in the network traffic and subsequently be used by others.
Is there a way to have the application have authentication in such a way that the end user doesn't see any of the authentication?
We are using ArcGIS Server federated with ArcGIS Portal.
Cheers,
mark