Community
Select to view content in your preferred language

Secured hosted services approach in ArcGIS Online to disable access to the underlying REST service

158
0
01-27-2025 07:28 PM
GDA3000
by
Emerging Contributor
‎01-27-2025 07:28 PM

Hi community and future-readers, 

I'm here because ArcGIS Enterprise is not an option at this time.

Starting a discussion on to ArcGIS Online secure hosted feature services to confirm expected behaviour and best practices - or have I found a loop hole for disabling access to underlying REST services for publicly shared services. See below for my two questions to start the discussion. 

First, following the steps in this esri technical resource results in the expected;

a Content Item I can share to my ArcGIS Online Organsiation 
a feature layer ("second" - as per link above) I can share publicly and add to application that users don't require logins to see the features.
a feature service hosted on ArcGIS Online Utility Server - which has REST Services Directory disabled.

Note: I see the same behaviour when the feature layer ("original") is a feature layer view. 

Question one: What are the steps for not storing logins on publicly shared web layers ("second")
I first tried creating the item from the URL of the feature layer ("original") without using logins, but no luck with configuring the newly created item to make users sign-in with their own logins.

So following the steps for storing logins, I then tried updating the user name and password on the Content Item of the Feature Layer (second) to be blank. I'm yet to test if this works as I don't want to share test data publicly, but it would be helpful to understand the behaviour of opening a secure service in arcgis.com to see if it prompts logins or if the blank password is the passed values to the authentication provider. 

What may I be missing in my work steps? 

Question two: Is hosting on utility server considered a best practice for hiding ArcGIS Online Organisational urls?

Is anyone else utilising secure hosted feature services for the same requirements; to both share data publicly (no viewer licenses needed) and utilise the security functionality offered in ArcGIS Online to minimise data loss. It is advantageous that the endpoint is utility/server.

Putting it all together, here's the functional and technical diagram: 

GDA3000_0-1738034547163.png


Thankyou for your time, 
GDA3000

 

0 Kudos
0 Replies