Simple security settings in Server 10.1

466
7
11-18-2012 09:53 PM
JudyTroutwine
Occasional Contributor
I am using ArcGIS Server 10.1 on Windows Server 2008 R2 with the Web Adaptor for IIS.  I want to start with a simple Anonymous Authentication.  Are there any examples of how to do this?  Can this be done with the default ArcGIS Server security configuration shown below?  Are tokens necessary?  The Configuration Settings edit wizard does not seem to allow not using them.


User Store: ArcGIS Server Built-in
Role Store: ArcGIS Server Built-in
Authentication Tier: GIS Server
Authentication Mode: ArcGIS Tokens
Tags (2)
0 Kudos
7 Replies
KevinGooss
Occasional Contributor
I would think that anonymous is the default. therefore you should just be able to access the service without doing anything special.
At 10.0 ags security was off by default. You had to turn it on then open permissions to services you wanted to be accessed anonymously.
At 10.1, ags security is on by default but all services are created with anon access allowed by default. so you have to specifically lock down the ones you want security.

something of a paradigm shift.
0 Kudos
JeffSmith
Esri Contributor
You shouldn't need to make any changes.  The Anonymous Authentication is enabled by default when you install the Web Adaptor for IIS.  The ArcGIS Server built-in users and roles will work fine with this.  Just make sure you have the security settings for your services set to 'Public, available to everyone' and you should be good to go.  An easy way to verify this is with the opened padlock icon next to your services and folders in Server Manager.
0 Kudos
DerekLaw
Esri Esteemed Contributor
Hi Judy,

I am using ArcGIS Server 10.1 on Windows Server 2008 R2 with the Web Adaptor for IIS. I want to start with a simple Anonymous Authentication.  Are there any examples of how to do this?  Can this be done with the default ArcGIS Server security configuration shown below?  Are tokens necessary?


Just to add onto what Kevin and Jeff posted, below are some help docs on the topic:


Restricting access to GIS web services

Editing permissions in Manager



Hope this helps,
0 Kudos
JudyTroutwine
Occasional Contributor
I am glad to know that Anonymous is enabled by default.  However, I can see my test application from outside the machine but still not from outside the network.  The individual services have been set to public.  I did also set folder permissions for the Server Account for data folders, the argisserver folders, and the wwwroot application folder. 

I had a similar problem in 10.0 which was resolved by specifying the arcgis server connection URL in ArcCatalog to include the domain path as well as the machine name.  I did the same in 10.1 but no resolution yet.

The rest services directory is also not visible from outside the network.

I must still be missing something.
0 Kudos
KevinGooss
Occasional Contributor
Have you tried it using the ip instead of the machine name? Sounds more like a DNS/networking issue rather than ags.
are you able to ping through to the machines you are trying to access?
did you install the web adapter or are you working over port 6080?
if you did install the adapter did you register your ags server with it using the machine name, ip or both?
0 Kudos
MathewCoyle
Frequent Contributor
Can you access the default IIS splash screen of the server from outside your domain?
0 Kudos
JudyTroutwine
Occasional Contributor
I have installed the web adaptor and can see the services in the associated server connection in ArcCatalog.

  I can ping the machine with the IP address, and can also see the IIS splash screen.  However, the rest services directory is not accessible.  Using the machine path URL, the IIS splash screen does not appear. 

  Do I have one or two problems here?
0 Kudos