Select to view content in your preferred language

Secured services and the proxy page -- please help!

1201
5
09-15-2011 01:10 PM
JamesWhisenhunt
Deactivated User
Hello all,

I am trying to consume some of my secured services.  I can so this without a problem by hard coding the token into my url as below:

new esri.layers.ArcGISDynamicMapServiceLayer(<my Map Service> + "?token=" + <my Token>);

This is a pain to keep replacing the token and anyone can view the page regardless of credentials. 

I have included these 2 lines of code into my html.

        esri.config.defaults.io.proxyUrl = "/proxy/proxy.ashx";
        esriConfig.defaults.io.alwaysUseProxy = true;

I assume that I call the maps service as normal; however, I have tried it several ways.  Whenever I launch my application I get returned in firebug:

"NetworkError: 403 Forbidden - http://maps.bgadd.org/proxy/proxy.ashx?http://maps.bgadd.org/esri_sde/rest/services/temp/BaseTest/Ma..."

Does anyone have any ides?  Any help is greatly appreciated.

James
0 Kudos
5 Replies
WayneLee-Archer
Occasional Contributor
Hi James,

I have encountered this situation in the past and found one way that the problem can be solved is by obtaining the dynamic token at the server and writing it to a Javascript variable in the page which can dynamically be used by appending it to your MapService URL's just like you have in your post.

For example; in your main default.aspx.cs page (or similar) you can use a function like the following to get a valid token:

protected const string TOKEN_URL_TEMPLATE = @"{0}://{1}/arcgis/tokens?request=gettoken&username={2}&Password={3}&clientid={4}&expiration={5}";
public string UserToken = "INVALID SSO TOKEN OR FAILED LOGIN.";

protected string getUserRoleToken(string username)
{
string s = "";


WebClient client = new WebClient();
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(bypassAllCertificateStuff);
string tokenRequestUrl = String.Format(TOKEN_URL_TEMPLATE, "https", ESRI_MAP_SERVER, username, "PASSWORD", "", 1440);//1440 is the token lifetime

// Add a user agent header in case the
// requested URI contains a query.
client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705;)");
Stream data = client.OpenRead(tokenRequestUrl);
StreamReader reader = new StreamReader(data);
s = reader.ReadToEnd();

data.Close();
reader.Close();
UserToken=s;
return s;
}


//This Method is needed to avoid errors when you are using a self-signed certificate
private static bool bypassAllCertificateStuff(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}


After generating a token, you can include it in your page:

<script type="text/javascript">
djConfig = {
parseOnLoad: true,
baseUrl:'./',
isDebug: false,
usePlainJson: true,
locale: 'en'
};

var userToken = '<% Response.Write(UserToken);%>';
</script>


___________________________________________________
Once you have done the above, you can utilise the userToken JS variable in your map service urls eg:

new esri.layers.ArcGISDynamicMapServiceLayer(<my Map Service> + "?token=" + userToken);


#################################

With all of that in place you have the beginnings of a framework that can request authentication directly from the web-page user and relay that to the server in a secure/third-party or federated way.

I Hope this helps

Kind Regards

Wayne Lee-Archer
Senior Consultant - Professional Services
ESRI Australia (ACT).
0 Kudos
JianHuang
Deactivated User
James,

JS API 2.5 will have a new widget called identity manager, which would solve the issue. Hope this helps.
0 Kudos
JamesWhisenhunt
Deactivated User
Thanks for the assistance; however, I'm just not getting it.  I think if you could help me access a token from my server it will put me in the right direction. 

How is this request formatted?  I am trying to use the following:

http://<MyServer>/ArcGIS/tokens?request=gettoken&username=<MyUser>&password=<MyPass>&clientid="http://<MyServer>&expiration=1440

As always your help is appreciated.
James
0 Kudos
nicogis
MVP Alum
Have you checked if web application proxy run Ok?
You can open web application proxy in VS and debug using parameter url seen in fliddler so you can see error.
0 Kudos
JamesWhisenhunt
Deactivated User
Thanks everyone for the help. 

My problem with requesting a token was I have a # sign in the password I was using.  I believe this is a HTML reserved character.

Does anyone know a work around other than changing passwords.

Thanks for the help,
James
0 Kudos