Select to view content in your preferred language

How to Avoid Server Log-In Prompt

1885
4
10-06-2017 09:08 AM
EricPhillips3
Occasional Contributor

Hi, 

In order to minimize log-in prompts for our users and avoid potentially having data not load due to authentication issues, I am looking to push data from GIS Server/Enterprise to AGOL and stream in Explorer without the additional log-in prompt from our Server/Enterprise. Is there a specific security combination in Server/Enterprise required for this or specific data types that work easier than others? Ie: windows domain user store, gis server build in role store, gis server authenitcation tier, gis token authentication mode in Server/Enterprise and/or Feature layers rather than rest services of a MapServer in AGOL?

0 Kudos
4 Replies
AlexanderNohe1
Honored Contributor

You can add the layer to your portal as an item and then add that item to your webmap.  That should create a utility service which then proxies your requests to your server appending the appropriate token information the the request.

0 Kudos
EricPhillips3
Occasional Contributor

Hi Alexander, 

Should this be from the <localhost> or outward facing service? From what I've seen, the <localhost> service can connect from the web and server manager login, while the outward facing service is unable to load as it tries to load via /sharing/proxy? and retrieves a status: 401 when hitting /arcgis/tokens (per the Error prompt).

While loading from <localhost>, I'm prompted with "credential required. you need to sign in to access the resource". Would you mind potentially sending me a message to discuss in more detail?

0 Kudos
AlexanderNohe1
Honored Contributor

Are you using <localhost> in your url to the service? i.e., localhost/portal/sharing

or are you merely obfuscating a link inside your internal network i.e., your link actually looks like: mymachine.example.com/portal/sharing ?

Are you able to connect to the service in an incognito tab (using the same link you place in a webmap)? 

I believe you should use the outward facing service if you want to view it while not on a VPN and as long as the service is not localhost.  Localhost would essentially resolve to the machine that you are using.  If you were on an iPhone, localhost would be the iPhone, not the webserver on your internal network.

If you use the "Add Item" menu from inside the "My Content" section of ArcGIS Online or Portal, it should prompt you for credentials once you save the item and then when you enter the credentials and add the layer to a webmap, you should not be prompted again.

I hope this helps!

EricPhillips3
Occasional Contributor

I do want to be able to access when not on a VPN.  To clarify, I'm using mymachine/arcgis/rest/services/SampleService/MapServer.  Each time I access this via desktop or mobile I am prompted for GIS Server credentials ane sometimes a security certificate alert (desktop alert attached. mobile alert says "cannot verify the identity of 'mymachine' "the server's certficate is invalid... Would you like to conenct anyway?" I press continue, and it connects). The credentials do not appear saved, ever. Is there a way to save the credentials of the feature layer? I believe the only time I've seen ability to save credentials is via FeatureServer instead of MapServer layer.

Accessing via incognito tab I am provided an error using the same mymachine/arcgis/rest/services/SampleService/MapServer URL. I never make it to the authentication prompt.I run into this issue under regular use of Chrome as well. I get a "The layer, layer_name, cannot be added to the map" when just trying to view the feature layer in AGOL via Chrome. In IE, I am merely prompted for authentication to the GIS Server. After I submit GIS Server credentials in IE, the layer loads.

When I try to access via the outward facing service, I'm prompted for windows authentication, which I submit. Then when I enter the GIS Server credentials afterwards, the GIS Server credentials do not authenticate and bring up the map service, despite the same credentials reaching the service directly via URL instead of the AGOL prompt. As I have been unsuccessful to access via this outward facing service, I am trying to come up with how to resolve.

For example, do all internal and external facing GIS Server URL's need to be added as trusted sites in AGOL?

0 Kudos