Trouble with secured services

RobertHupp · ‎11-26-2013

We are currently in the process of trying to secure our services in our organization and I am not understanding an error with a secure service I'm working with.
Going thru ArcGIS Server Manager I set the security settings for private and specify roles for the individual service. This of course removes the service from our REST services directory until I log in with my credentials, then I am able to see it. Using the secured service I am able to create a web map in AGOL which of course prompts me for my credentials at which time when entered displays the sercured service on the web map.

My problem or question is that when I use the service in a javascript application it prompts me for authorization but when I enter my credentials it does not allow me access to the secured service through the javascript application. I get an "Unable to access the authentication service". What am I missing? Why can't I access the service through the application?
Here is my code:

<script>
      dojo.require("esri.map");
      dojo.require("dojox.grid.DataGrid");
      dojo.require("dojo.data.ItemFileReadStore");
      dojo.require("esri.tasks.find");
      dojo.require("dijit.layout.BorderContainer");
      dojo.require("dijit.layout.ContentPane");
      dojo.require("dijit.form.Button");
      dojo.require("esri.dijit.Legend");
      dojo.require("esri.InfoTemplate");

      var map, center, zoom, grid;

      function init() {
        center = [-98.495, 29.42];
        zoom = 13;
        map = new esri.Map("map", {
          basemap: "streets",
          center: center,
          zoom: zoom
        });
        
  var transMapLayer = new esri.layers.ArcGISDynamicMapServiceLayer("http://services.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer", {
          id: "trans",
    minScale: "4500",
    opacity: "0.6"
    
        });
  

        var mainMapLayer = new esri.layers.ArcGISDynamicMapServiceLayer("http://mapservices2.bexar.org/arcgis/rest/services/GecoVector/ACA_locations_test/MapServer");
        map.addLayers([transMapLayer, mainMapLayer]);
        
        var legend = new esri.dijit.Legend({
          map: map,
          layerInfos: [{layer:mainMapLayer,title:"ACA Enrollment Assistance"}],
          arrangement: esri.dijit.Legend.ALIGN_RIGHT
        },"legendDiv");
        legend.startup();
        
        map.on("click", identifyPOI);
        dojo.connect(grid, "onRowClick", onRowClickHandler);
      };
      
      function identifyPOI(evt){
        var identify = new esri.tasks.IdentifyTask("http://mapservices2.bexar.org/arcgis/rest/services/GecoVector/ACA_locations_test/MapServer");
        var identifyParams = new esri.tasks.IdentifyParameters();
        identifyParams.geometry = evt.mapPoint;
        identifyParams.mapExtent = map.extent;
        identifyParams.returnGeometry = true;
        identifyParams.tolerance = 3;
        
        map.infoWindow.clearFeatures();
        
        identify.execute(identifyParams, function(results){
          map.infoWindow.setFeatures(dojo.map(results, function(result){
            var feature = result.feature;
            feature.setInfoTemplate(new esri.InfoTemplate( "Name", "<tr>Name:<td>${Name}</tr></td><br><tr>Address:<td>${Address}</tr></td><br><tr>Zip:<td>${ZIP}</tr></td>"));
            return feature;
          }));
          map.infoWindow.show(evt.mapPoint);
        });
      };
      
      function doFind() {
        var findTask = new esri.tasks.FindTask("http://mapservices2.bexar.org/arcgis/rest/services/GecoVector/ACA_locations_test/MapServer");
        findParams = new esri.tasks.FindParameters();
        findParams.returnGeometry = true;
        findParams.layerIds = [0];
        findParams.searchFields = [ "Name", "Address", "ZIP"];
        findParams.outSpatialReference = map.spatialReference;
        findParams.searchText = dojo.byId("ownerName").value;
        findTask.execute(findParams,showResults);
      };

      function showResults(results) {
        map.graphics.clear();
        var symbol = new esri.symbol.SimpleMarkerSymbol(esri.symbol.SimpleMarkerSymbol.STYLE_SQUARE, 25, new esri.symbol.SimpleLineSymbol(esri.symbol.SimpleLineSymbol.STYLE_SOLID, new dojo.Color([255, 0, 0]), 1), new dojo.Color([0, 255, 0, 0.25]));
        var items = dojo.map(results,function(result){
          var graphic = result.feature;
          graphic.setSymbol(symbol);
          map.graphics.add(graphic);
          return result.feature.attributes;
        });
        
        //Create data object to be used in store
        var data = {
          identifier: "OBJECTID",  //This field needs to have unique values
          label: "OBJECTID", //Name field for display. Not pertinent to a grid but may be used elsewhere.
          items: items
        };

         //Create data store and bind to grid.
        var store = new dojo.data.ItemFileReadStore({ data:data });
        grid = dijit.byId('grid');
        grid.setStore(store);

        //Zoom back to the initial map extent
        map.centerAndZoom(center, zoom);
      }

      //Zoom to the parcel when the user clicks a row
      function onRowClickHandler(evt){
        var clickedTaxLotId = grid.getItem(evt.rowIndex).OBJECTID;
        var selectedTaxLot;
        var distance = 100;

        dojo.forEach(map.graphics.graphics,function(graphic){
          if((graphic.attributes) && graphic.attributes.OBJECTID === clickedTaxLotId){
            selectedTaxLot = graphic.geometry;
            return;
          }
        });
        var newExtent = new esri.geometry.Extent({
          "xmin": selectedTaxLot.x - distance,
          "ymin": selectedTaxLot.y - distance,
          "xmax": selectedTaxLot.x + distance,
          "ymax": selectedTaxLot.y + distance,
          "spatialReference": {
            "wkid": 102100
          }
        });
        map.setExtent(newExtent);
      };
      
      dojo.ready(init);
    </script>

Here is the error:
[ATTACH=CONFIG]29368[/ATTACH]

Any help or direction would be greatly appreciated!

MattLane · ‎11-26-2013

Have you looked at the network response in your browsers developer tools? You should be able to see where the request went and what response was returned. That might help you narrow it down.

RobertHupp · ‎11-26-2013

Wen debugging in IE i get "esri.config.defaults.io.proxyUrl is not set"
Not exactly sure how to set it

JeffPace · ‎11-26-2013

in your init

esri.config.defaults.io.proxyUrl = 'proxy.jsp'; //path to your proxy page

https://developers.arcgis.com/en/javascript/jshelp/ags_proxy.html

RobertHupp · ‎11-27-2013

So I setup a .js proxy page with this for my serverUrls

String[] serverUrls = {
  
  "http://mapservices2.bexar.org/arcgis/rest/services/GecoVector/ACA_locations_test/MapServer,6Wnaymc5p0BnZVFsFpP1bj8V_oEgDj2UrmoX6NyNQZLT4wAYB6JAY-0CopPPSCZioQfpp1rCvgZ_Q00tFKxhJNdGSp55V5z2E4Y41x1MFc0."
};

which is my secured service with a token generated from http://myserver/arcgis/tokens/

I am using an http referrer which I enter as http://localhost/ACA_test/index.html (I'm testing locally)
In the example above the token format is JSON. I've also tried html, neither of which work

In my javascript app I set the proxy as follows

esri.config.defaults.io.proxyUrl = "proxy.jsp";

When I test in Firefox I am prompted for username and password
and when entered I get an "405 Method not allowed" error in red: POST proxy.jsp?http//myserver/arcgis/tokens.

I want users to access the application without having to enter credentials, I just want to secure the service in the REST directory. I have followed the examples for setting up the proxy page and read through all the forums on the topic and I just can't seem to figure it out.
Please help!

JeffPace · ‎11-27-2013

Hope this helps. These are my two methods, for initializing security with or without credentials (they are called depending on whether they log in internally or externally elsewhere in my application)

                           function initSecurity() {
//alert('in initSecurity');
                                serverInfo = new ServerInfo();
                                serverInfo.server = 'https://www.mymanatee.org';
                                serverInfo.tokenServiceUrl = 'https://www.mymanatee.org/arcgis/tokens/generateToken';
                                serverInfo.shortLivedTokenValidity = 720;
                                esri.id.registerServers([serverInfo]);
                                this.serverInfo = serverInfo;
                                this.hcCred = hcCred;
                                //  dojo.subscribe(esri.id, "onTokenChange", function (){alert("changed");});
                            }
                            ;

                            function initPredefinedSecurity() {
//alert('in initPredefinedSecurity');
                                var idBase = new IdentityManagerBase();
                                serverInfo = {
                                    "server": "https://www.mymanatee.org",
                                    "tokenServiceUrl": "https://www.mymanatee.org/arcgis/tokens/generateToken",
                                    "currentVersion": 10.5,
                                    "shortLivedTokenValidity": 720
                                };
                                var def = idBase.generateToken(serverInfo, {"username": <username>, "password": <password>});

                                def.addCallback(function(tokenInfo) {
                                    hcToken = "&token=" + tokenInfo.token;
                                    this.hcToken = hcToken;
                                    //                alert(hcToken);
                                });
                            }
                            ;

RobertHupp · ‎11-27-2013

So no proxy required with this method?

JeffPace · ‎11-27-2013

you always need a proxy, that is just how i hardcode credentials

RobertHupp · ‎11-27-2013

I apologize Jeff and thank you for your help, but do I need to hardcode the credentials? Can't the proxy take care of that for me? Do I have my proxy set up properly?

JeffPace · ‎12-02-2013

If the application handles logging in, then it needs credentials some how, either with a token or hardcoded credentials.