We have the full stack of ArcGIS Server and Portal hosted on-premise. We've authored a map service that is secured. In Portal we created a web map that uses an ArcGIS Online basemap and the secured map service. We then wrote a simple JS application that serves the web map. It requires the user to enter credentials - we do not want users to enter credentials, yet the map service must remain secure.
Enter the proxy, download from Releases · Esri/resource-proxy · GitHub
Following the instructions here: Sharing maps with secure layers | Guide | ArcGIS API for JavaScript,
...adding the appropriate urlUtils and proxy.configs
Results in a 403 error.
The JS is here:
urlUtils.addProxyRule({ urlPrefix: "https://subdomain.domain.com", proxyUrl: "proxy/proxy.ashx" }); arcgisUtils.arcgisUrl = "https://subdomain.domain.com/portal/sharing/content/items"; arcgisUtils.createMap("<WEB_MAP_ID>","map").then(function(response){});
The content of the proxy.config has:
<serverUrl clientId="<ClientID>" clientSecret="<Client_Secret" rateLimit="0" rateLimitPeriod="1" matchAll="true" url="https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer"/>
As per the sample. Yet I still get the 403
GET https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain…d189aa97?f=json&cal... 403 (Forbidden)
Can anyone with experience in this realm help provide insight for me please. TIA
Dirk,
I always make my proxy.config serverUrl url less specific:
<serverUrl clientId="<ClientID>" clientSecret="<Client_Secret>" rateLimit="0" rateLimitPeriod="1" matchAll="true" url="https://subdomain.domain.com"/>
Also have to tested your proxy?
https://subdomain.domain.com/proxytest/proxy/proxy.ashx?ping
and
Hi Robert:
Getting closer... Thanks!
returns:
{"error":{"code":499,"message":"Token Required","details":[]}}
So my proxy is working and interrogating the map service and is seeing that it's secure...
...which raises the question: Why is the proxy not working to access the secure services behind the scenes?
I'm still trying to wrap my head around how this works with the ArcGIS Portal. I create a "generic" app which gives me a ClientID and ClientSecret. This is what gets registered in the proxy.config file. My question is: How is the security to the map service relate to the security of the generic app with its ClientID and ClientSecret?
What I'd really like to do is have a ClientID and ClientSecret for my Web map. Is there a way I can create that security? Or am I constrained to use the generic apps?
Hopefully you or someone else with more grey matter than I've got can help answer that question...
--Dirk
Dirk,
So the way I do this is add a serverUrl in the proxy.config for your ArcGIS Server services that are secure
<serverUrl url="https://xxx.xxxx.com/arcgis/rest/services" matchAll="true" username="your user name" password="your password"/>
Getting closer!
Robert: Are you using enterprise security? Or internal (AGS) security?
TIA
internal (AGS) security