I have a 10.1 map service that I want to make secure. These are the steps that I took to secure it in ArcGIS Server Manager:
1. Created a role "PrivateServiceRole" 2. Created a user "PrivateServiceUser" 3. Granted "PrivateServiceRole" to "PrivateServiceUser" 4. Created a folder "PrivateService", checked "Require Encrypted Web Access", selected "Private, available only to selected users", added the role "PrivateServiceRole" to the Allowed roles list.
Here are the ArcGIS Server Security settings:
Configuration Settings User Store: ArcGIS Server Built-in Role Store: ArcGIS Server Built-in Authentication Tier GIS Server Authentication Mode: ArcGIS Tokens
Token Settings Lifespan of Short-lived Tokens: 60 minutes Lifespan of Long-lived Tokens: 1 day
I then viewed the service by logging in as "PrivateServiceUser" on the arcgis/rest/services page.
Is that all there is to it, or is there anything else that can be done to secure the map service?
For instance, in ArcGIS Server 10, I was able to go into IIS and set IP Address and Domain Restrictions and control which computers were able to access the page to get a token. With the Web Adaptor, that doesn't seem to be possible any more.
Is that all there is to it, or is there anything else that can be done to secure the map service?
Based on what you posted, you have restricted access to the web service. You can also implement some additional security measures, such as encrypting ArcGIS Server communication. Some resources: Securing ArcGIS Server communication - help documentation
Is that all there is to it, or is there anything else that can be done to secure the map service?
Based on what you posted, you have restricted access to the web service. You can also implement some additional security measures, such as encrypting ArcGIS Server communication. Some resources: Securing ArcGIS Server communication - help documentation