So this is really weird.
I am working on an app that is to be embedded into a mobile site and an android app. Authenticating access to the app is done in another system and we really don't want to ask users to sign in again to access the map app with a different set of creds. The solution to this we see is to proxy the requests and store a token in the proxy config. This 'should' keep our services secured but allow access to the services for the app.
Its a pretty simple app. Grey bas map, single point layer, home button, locate button, and a third button that activates the point draw tool. when a point is placed on the map it fires off a gp tool that locates the nearest points, returns the x and y data, this data is then projected and rendered on the map.
Prior to securing the services and the implementing the proxy rules in the page everything was working great. The proxy is working as expected when I go to: http://<MY PROXY>/proxy.ashx?https://<MT SERVER / WEB ADAPTOR>/rest/services/RTK/?f=pjson i receive
{
"currentVersion": 10.22,
"folders": [],
"services": [
{
"name": "*********",
"type": "GPServer"
},
{
"name": "#######",
"type": "FeatureServer"
},
{
"name": "#######",
"type": "MapServer"
}
]
}
which is the correct list of the services as expected.
now for the weird part. When i launch my page sometimes the point data shows up. if i refresh i will typically get no points and in FireBug i get
Reload the page to get source for: https://<MY PROXY>/proxy.ashx?https://<MY SERVER/ Web ADAPTOR>
/services/<FOLDER>/<SERVICE NAME>/FeatureServer/0/query?f=json&where
=1%3D1&returnGeometry=true&spatialRel=esriSpatialRelIntersects&outFields=network_id_number%2Cname%2Cdescription
%2Cmain_location_latitude_cleaned%2Cmain_location_longitude_cleaned%2Cobjectid%2Cregion&outSR=102100
If i refresh the page i can get the points to load but when i execute my GP tool i always get this error and refresh doe snot help since the graphics are burnt up in the process of reloading the page.
i get the same results in Chrome and IE.
On the server side their are no errors and the debug logs show that everything on the back end is working correctly. Installing Fiddler now to see if that can shed some light on the issue.
here is my proxy config (configured for testing from the dev env and from the web server)
<ProxyConfig allowedReferers = "http://<URL TO PAGE>/TowerMap/,*" mustMatch = "false">
<serverUrls>
<serverUrl
url = "https://
<MY SERVER/ Web ADAPTOR>
/rest/services/<ROOT FOLDER FOR SERVICES>"matchAll = "true"
accessToken="<PRETTY TOKEN>"/>
</serverUrls>
</ProxyConfig>
here is how i am building my proxy rules (intending to proxy all requests to my GIS server)
//set proxy rules
UrlUtils.addProxyRule(
{
urlPrefix: "https://
<MY SERVER/ Web ADAPTOR>
/rest/services",proxyUrl: "https://
<MY PROXY>
/proxy.ashx"});
Let me know if there is anything else i can provide. I will report back if Fiddler sheds any light.
For any Esri folk reading this this is currently logged as Esri Case #01574648 and the last i heard from the analyst was
"I did some testing this morning trying to configure your application folder with my proxy folder which got the same error as you got, and I even tried to use my own secured map service which turns out the same result."
Ok, so i think we have figured out the issue.
i am trying to proxy SSL requests to map services and this pretty much just blows up the security chain.
So my question has now changed to:
Would setting up a reverse proxy on my web server work to proxy SSL requests?