Select to view content in your preferred language

javascript Print Secured Service

05-27-2014 08:36 AM
Occasional Contributor II
This seems to be a popular question, but with few answers.

I have a intranet website that uses one secured service in a directory called Secure. All services in this directory have been secured and show up as map services using a proxy as anticipated.  The problem comes with the printing.

I have followed the directions as described on this website:

I have put the secured ExportWebMapSecure service in the Secure directory mentioned above. (I have also tried it in my customized public utilities, with no more success.)

It doesn't work. 

Couple of questions:
1) What is the proper way to call the proxy for the print.js?  I have tried two ways:

              urlPrefix: "http://server_for_gis/arcgis/rest/services/Secure",
              proxyUrl: "http://server_for_web/apps/gis/Proxy/proxy.ashx"

B: = "http://server_for_web/apps/gis/Proxy/proxy.ashx";

2) If I were to test the  service directly using JSON,  how do I include the proxy?  On this page:
It doesn't mention the proxy. It only has the token. So it's not very helpful to test the proxy.

"operationalLayers": [
  "id" : "mytheme",
                "opacity": 1,
                "visibility": true,
                "url": "http://server_for_gis/arcgis/rest/services/Secure/mytheme/MapServer"

3)  The error message I get right now is this. Even when there isn't any secured services being called.

http://server_for_web/apps/gis/Proxy/proxy.ashx?http://server_for_gis/arcgis/rest/services/Secure/ExportWebMapSecure/GPServer/Export%20Web%20Map?f=json status: 500"

This is using the following in my print.js:
              urlPrefix: "http://server_for_gis/arcgis/rest/services/Secure",
              proxyUrl: "http://server_for_web/apps/gis/Proxy/proxy.ashx"

4) Should the ExportWebMap be in the Secure directory?

Thank you in advance for any clarification you can make. 

0 Kudos
7 Replies
MVP Alum
0 Kudos
Occasional Contributor II
I wonder also.  FYI for others, here's the message:

A custom print service with saved credentials created from the Export Web Map task fails to print individual feature layers from a secured map service.

This is unfortunate, if this is the case.
0 Kudos
Occasional Contributor II
I wonder if anyone can answer some of the other questions so I could continue to do some testing. (#1, 2, and 4)

0 Kudos
Occasional Contributor II
FYI, the updated url is:

Been several months, but no apparent action.

0 Kudos
MVP Emeritus

Hi Dorothy....long time no talk.  As you mentioned, there are many with questions re: printing secure services with Javascript.   I was able to solve this issue a while back if my html was on the same server/website and I had my proxy set up.  My issue came about because an html will now located on a "remove" webserver.  It took some head scratching and a bit of time with a tech support analyst, but I finally got mine to work.  I may try to type this up as a blog entry, but for now, I wanted to get this out there for others to try.  If it works for you, please mark as solved...if not and it's all on one server, email me direct (same old email) and we can talk.  Hopefully with all my buzz words in my response, others can find it.  My guess is the solution will work for both JS and Flex (with the appropriate proxy).  My response:

A Fix for printing secure services from remote machine.  This solves errors such as

  • - XMLHttpRequest cannot load
  • - No  'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://<yourServer>' is therefore not allowed access

My simple understanding and explanation of the solution: Basically I needed to reference a proxy in the two locations (IIS servers).  The secured services need to have the proxy (as an iis app) on the IIS server with the ArcGIS Server web adapters (i.e., within my AGS site);  The print service on the other hand needs to have the proxy (as an iis app) on the iis server where the web site is hosted.  The JS/HTML file needs to reference them both in their own way.

My setup:

  • - ArcGIS Server 10.2.2  (my guess is this will work for other versions too)
    • Web adaptors on separate server (IIS), one for public services, one for secure. 
    • Proxy setup on IIS machine with web adaptors and working. 
    • Default Print Service is running as non-secure/public (default).  I have added custom templates to the folder and restarted the service. 
    • I have all working on with my JavaScript (HTML file) web site if it is running on the same IIS site mention above.  I even have a query and zoom on a secure FeatureLayer
  • - Problem: when same HTML file is copied to a different web site or IIS server, I get CORS and Access-Control errors.

That is, when attempting to print a map that contains secure services from a remote web server,   using the ArcGIS Server "Export Web Map Task" service (default or custom), if you get an error re: CORS or "No 'Access-Control-Allow-Origin' header is present", try the following:

(This assumes: that you already have a proxy setup and working to access your secure services. In my case, it is located in the IIS site where my web adapters are located.)

NOTE: Remote machine refers to the website IIS server

  1. On the remote machine, set-up (copy) a new proxy in the IIS site where the web site is located (this may be the “c:\inetpub\wwwroot” folder or a different location if multiple websites).          
    1. This can be a “blank” proxy folder.  For my testing purposes, I called the folder “printProxy”.  I am using the old esri proxy format, but I assume the latest esri proxy version would also work.  I have  attached a zipped copy of the folder for those that need it.
    2. If you already have a proxy on this machine, you might be able to skip this portion, and just reference the existing proxy (I haven’t tested this)
  2. Using IIS Manager, right click on the “printProxy” folder and select “Convert to Application”
  3. In the JS html document (shown using AMD), add  the red text to the appropriate location

require ( [….,



function (… ,


… ) {

These are case sensitive.  Make sure to include the comma where needed and to match the order of the entry between the require and function sections.   I can elaborate on the other require/function I have in my code if needed.

Then add (I add it after    parser.parse();    )


                urlPrefix: "https://<youGISiisServer>/<yourWebAdaptor>"",

                proxyUrl: "https://<youGISiisServer>/<yourProxyFolderOnThatMachine>/proxy.ashx"});


  // Proxy and CORS options for printing secure services from remote machines = "http://<remoteIISMachine>/printProxy/proxy.ashx"; = false; = false; 

Make sure to change the references to your own machines and web adaptor.  In the sample above, the  urlUtils.addProxyRule points to the proxy on you ArcGIS Server IIS machine.  The points to the print proxy on your non-ArcGIS Server (i.e. remote) web site.

I hope this helps you and/or others.  Let me know if somethings doesn't make sense.  It would be nice to make the steps a bit easier to read.

0 Kudos
Occasional Contributor

The NIM does mention it is fixed in 10.3, but there are a few other issues that will still be encountered if you want to print to a secure service. I'm using an older version of the proxy and there is a small issue there as well (not sure if fixed in latest .NET proxy) although a small change there, and/or change the timeout settings for the service to be less than token time if custom print.

Here is a summary of a few workarounds: Printing with ArcGIS for Server 10.3 - Spatial Times 

New Contributor II

This is my solution for working on ArcGIS Enterprise portal when dealing directly with JSON.

I had a published a geoprocessing service coded in python that directly access the generateToken service to create a short-term token for the particular secure service layer.



https://<portal domain>/portal/sharing/rest/generateToken


The parameter for the generateToken service looks like this

params = {
    'username': <username>,
    'password': <password>,
    'client': 'referer',
    'referer': <secure service layer URL>,
    'expiration': 1


When you execute a http request, you should get back a token. You need to do this for every secure service layer that you want to include into your operationalLayer


Then, in your operationLayer section, for each layer definition object, add parameter

token: <generateToken>


One thing to keep in mind is that there is a character limit on how long you can make you Web_Map_as_JSON.

So I don't imagine you can add a lot of layer with this method due to the long token string.

0 Kudos