Using token based secured services

YimanSong · ‎09-04-2013

New to JS

How do I embed credentials in order to use a secured service? Can anyone provide samples on how to use IdentityManagerBase?

KenBurcham · ‎09-05-2013

What I tend to do is just append the token to the end of my service urls:

http: // data.yourdomain.com/arcgis/rest/services/SomeMapService/MapServer/0?token=AREALLYLONGSTRING

This works fine, but with the down-side that said url (and token) will be available to view from the client. However, when I generate my token, I use the http referrer method, which means the token is useless unless coming from my own server folder. But as John said above, the proxy method works great, too (and is required when doing things like feature editing).

ken.

View solution in original post

JohnGravois · ‎09-04-2013

if you want to enable users to access secure services without signing in, one valid approach is to use a proxy to hide the credentials or token.

YimanSong · ‎09-05-2013

if you want to enable users to access secure services without signing in, one valid approach is to use a proxy to hide the credentials or token.

How does token work, if it doesn't require proxy?

KenBurcham · ‎09-05-2013

What I tend to do is just append the token to the end of my service urls:

http: // data.yourdomain.com/arcgis/rest/services/SomeMapService/MapServer/0?token=AREALLYLONGSTRING

This works fine, but with the down-side that said url (and token) will be available to view from the client. However, when I generate my token, I use the http referrer method, which means the token is useless unless coming from my own server folder. But as John said above, the proxy method works great, too (and is required when doing things like feature editing).

ken.