Select to view content in your preferred language

Is there a way to restrict access to a public map service to apps hosted from the same domain?

722
4
Jump to solution
05-09-2024 09:53 AM
JonSwoveland
Frequent Contributor

Hi all. So, I have a client that has some map services hosted in their ArcGIS Enterprise that use data licensed from a 3rd party provider.   The terms-of-service allow this data to be used for publicly-accessible apps, but only apps hosted by the licensee.   

AFAIK, the only way my client can include these services in a publicly available web map is to make the service itself publicly available.  Of course, if they do this, users could then include those services in their own applications.

So, has anybody else run into this scenario and figured out a way to restrict the use of services to apps hosted by the same ArcGIS Enterprise (Portal)?

 

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Scott_Tansley
MVP Regular Contributor

A good start point would be this:

https://enterprise.arcgis.com/en/server/11.1/administer/windows/restricting-cross-domain-requests-to...

but there are some things that should be considered.  One it’s a global setting, so if you have services that are not subject to licensing restrictions then they will be affected as well.  

the other thing is that I think it only works with JSAPI based apps.  So native apps and Pro may not be limited, but it would be worth testing.

if you have a web application firewall then you may be able to create custom rules there, but this can often cause wider issues unless someone truly understands what is happening in terms of requests to the server.

another approach I think I’ve seen is to secure the web service.  Add it as an item into the portal with credentials.  Then add the item to the map application.  The app can be unsecured, and when it references the item the Enterprise Portal injects creds.  Sorry I haven’t got time to test this, and it was many years ago that I saw something like this so I may be wrong.  

I hope something above gets you close.

Scott Tansley
https://www.linkedin.com/in/scotttansley/

View solution in original post

4 Replies
Scott_Tansley
MVP Regular Contributor

A good start point would be this:

https://enterprise.arcgis.com/en/server/11.1/administer/windows/restricting-cross-domain-requests-to...

but there are some things that should be considered.  One it’s a global setting, so if you have services that are not subject to licensing restrictions then they will be affected as well.  

the other thing is that I think it only works with JSAPI based apps.  So native apps and Pro may not be limited, but it would be worth testing.

if you have a web application firewall then you may be able to create custom rules there, but this can often cause wider issues unless someone truly understands what is happening in terms of requests to the server.

another approach I think I’ve seen is to secure the web service.  Add it as an item into the portal with credentials.  Then add the item to the map application.  The app can be unsecured, and when it references the item the Enterprise Portal injects creds.  Sorry I haven’t got time to test this, and it was many years ago that I saw something like this so I may be wrong.  

I hope something above gets you close.

Scott Tansley
https://www.linkedin.com/in/scotttansley/
JonSwoveland
Frequent Contributor

Thanks Scott!

DavidCrosby
Esri Contributor

To follow on what Scott mentioned, once you add the secure service to ArcGIS Enterprise and store the credentials, chose to limit the use to a certain referrer, in this case the domain for your Portal.  https://enterprise.arcgis.com/en/portal/latest/use/limit-usage-of-secure-services.htm 

JonSwoveland
Frequent Contributor

Thanks for the tip!

0 Kudos