Community
Select to view content in your preferred language

Secured services and the proxy page -- please help!

1205
5
09-15-2011 01:10 PM
JamesWhisenhunt
by
Deactivated User
‎09-15-2011 01:10 PM
Hello all,

I am trying to consume some of my secured services.  I can so this without a problem by hard coding the token into my url as below:

new esri.layers.ArcGISDynamicMapServiceLayer(<my Map Service> + "?token=" + <my Token>);

This is a pain to keep replacing the token and anyone can view the page regardless of credentials. 

I have included these 2 lines of code into my html.

        esri.config.defaults.io.proxyUrl = "/proxy/proxy.ashx";
        esriConfig.defaults.io.alwaysUseProxy = true;

I assume that I call the maps service as normal; however, I have tried it several ways.  Whenever I launch my application I get returned in firebug:

"NetworkError: 403 Forbidden - http://maps.bgadd.org/proxy/proxy.ashx?http://maps.bgadd.org/esri_sde/rest/services/temp/BaseTest/Ma..."

Does anyone have any ides?  Any help is greatly appreciated.

James
0 Kudos
5 Replies
WayneLee-Archer
by
Occasional Contributor
‎09-15-2011 08:24 PM
Hi James,

I have encountered this situation in the past and found one way that the problem can be solved is by obtaining the dynamic token at the server and writing it to a Javascript variable in the page which can dynamically be used by appending it to your MapService URL's just like you have in your post.

For example; in your main default.aspx.cs page (or similar) you can use a function like the following to get a valid token:

protected const string TOKEN_URL_TEMPLATE = @"{0}://{1}/arcgis/tokens?request=gettoken&username={2}&Password={3}&clientid={4}&expiration={5}";
public string UserToken = "INVALID SSO TOKEN OR FAILED LOGIN.";

protected string getUserRoleToken(string username)
{
string s = "";


WebClient client = new WebClient();
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(bypassAllCertificateStuff);
string tokenRequestUrl = String.Format(TOKEN_URL_TEMPLATE, "https", ESRI_MAP_SERVER, username, "PASSWORD", "", 1440);//1440 is the token lifetime

// Add a user agent header in case the
// requested URI contains a query.
client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705;)");
Stream data = client.OpenRead(tokenRequestUrl);
StreamReader reader = new StreamReader(data);
s = reader.ReadToEnd();

data.Close();
reader.Close();
UserToken=s;
return s;
}


//This Method is needed to avoid errors when you are using a self-signed certificate
private static bool bypassAllCertificateStuff(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}


After generating a token, you can include it in your page:

<script type="text/javascript">
djConfig = {
parseOnLoad: true,
baseUrl:'./',
isDebug: false,
usePlainJson: true,
locale: 'en'
};

var userToken = '<% Response.Write(UserToken);%>';
</script>


___________________________________________________
Once you have done the above, you can utilise the userToken JS variable in your map service urls eg:

new esri.layers.ArcGISDynamicMapServiceLayer(<my Map Service> + "?token=" + userToken);


#################################

With all of that in place you have the beginnings of a framework that can request authentication directly from the web-page user and relay that to the server in a secure/third-party or federated way.

I Hope this helps

Kind Regards

Wayne Lee-Archer
Senior Consultant - Professional Services
ESRI Australia (ACT).
0 Kudos
JianHuang
by
Deactivated User
‎09-19-2011 10:09 AM
James,

JS API 2.5 will have a new widget called identity manager, which would solve the issue. Hope this helps.
0 Kudos
JamesWhisenhunt
by
Deactivated User
‎09-21-2011 12:27 PM
Thanks for the assistance; however, I'm just not getting it.  I think if you could help me access a token from my server it will put me in the right direction. 

How is this request formatted?  I am trying to use the following:

http://<MyServer>/ArcGIS/tokens?request=gettoken&username=<MyUser>&password=<MyPass>&clientid="http://<MyServer>&expiration=1440

As always your help is appreciated.
James
0 Kudos
nicogis
by MVP Alum
MVP Alum
‎09-22-2011 08:48 AM
Have you checked if web application proxy run Ok?
You can open web application proxy in VS and debug using parameter url seen in fliddler so you can see error.
0 Kudos
JamesWhisenhunt
by
Deactivated User
‎09-22-2011 01:19 PM
Thanks everyone for the help. 

My problem with requesting a token was I have a # sign in the password I was using.  I believe this is a HTML reserved character.

Does anyone know a work around other than changing passwords.

Thanks for the help,
James
0 Kudos