Hi James,
I have encountered this situation in the past and found one way that the problem can be solved is by obtaining the dynamic token at the server and writing it to a Javascript variable in the page which can dynamically be used by appending it to your MapService URL's just like you have in your post.
For example; in your main default.aspx.cs page (or similar) you can use a function like the following to get a valid token:
protected const string TOKEN_URL_TEMPLATE = @"{0}://{1}/arcgis/tokens?request=gettoken&username={2}&Password={3}&clientid={4}&expiration={5}";
public string UserToken = "INVALID SSO TOKEN OR FAILED LOGIN.";
protected string getUserRoleToken(string username)
{
string s = "";
WebClient client = new WebClient();
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(bypassAllCertificateStuff);
string tokenRequestUrl = String.Format(TOKEN_URL_TEMPLATE, "https", ESRI_MAP_SERVER, username, "PASSWORD", "", 1440);//1440 is the token lifetime
// Add a user agent header in case the
// requested URI contains a query.
client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705;)");
Stream data = client.OpenRead(tokenRequestUrl);
StreamReader reader = new StreamReader(data);
s = reader.ReadToEnd();
data.Close();
reader.Close();
UserToken=s;
return s;
}
//This Method is needed to avoid errors when you are using a self-signed certificate
private static bool bypassAllCertificateStuff(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}
After generating a token, you can include it in your page:
<script type="text/javascript">
djConfig = {
parseOnLoad: true,
baseUrl:'./',
isDebug: false,
usePlainJson: true,
locale: 'en'
};
var userToken = '<% Response.Write(UserToken);%>';
</script>
___________________________________________________
Once you have done the above, you can utilise the userToken JS variable in your map service urls eg:
new esri.layers.ArcGISDynamicMapServiceLayer(<my Map Service> + "?token=" + userToken);
#################################
With all of that in place you have the beginnings of a framework that can request authentication directly from the web-page user and relay that to the server in a secure/third-party or federated way.
I Hope this helps
Kind Regards
Wayne Lee-Archer
Senior Consultant - Professional Services
ESRI Australia (ACT).