I can't find a solid document on this, and Esri support was just trying to fill in the gaps....
I have an application that I configured through our web appbuilder for arcgis on our organization site. I have since downloaded the code and pasted the requisite json from the web app into the config.json on my web server at https://mywebserver/webapp
my proxy is located here: https://mywebserver/DotNet/proxy.ashx
I have registered the application and have a clientid, and secret on agol.
clientid: clientid123
appsecret: appsecret123
I can successfully browse to the application at https://mywebserver/webapp without the proxy and get prompted to enter my agol creds and it works. I just would like to remove the agol popup and enforce my own iis security. To do this I need a proper configuration in my proxy and in my json.config. Can someone use the variables that I quoted above and tell me what my <ProxyConfig> tags in my proxy.config file, and what my "httpProxy" section should look like in my config.json?
I think that's all I need. 😉
Solved! Go to Solution.
Okay, my reply is long overdue. But I have reached resolution!
I attempted to follow the documentation for the DotNet proxy on GitHub by inspecting examples and also followed the instructions here : on the "Manage Apps" section on the docs.arcgis.com site
In actuality there are three workflows that I've found. Items one and two will necessitate a proxy if you are to utilize AGOL items and wish to employ your web server's security. Item three will not require a proxy, but might require you to keep the Web Appbuilder version in sync with the Github LocalLayer Widget. I also believe that item three will not have any 1's and 0's going to agol either during client sessions.
Here's the variables:
---------------------------------------------------------
1. The Proxy Config:
<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*"
mustMatch="true">
<serverUrls>
<serverUrl url="https://services.arcgisonline.com"
matchAll="true"/>
<serverUrl url="https://mysite.com"
matchAll="true"
/>
<serverUrl url="https://myorg.maps.arcgis.com/"
clientId="1111111111111111"
clientSecret="22222222222222222222222222222222"
oauth2Endpoint="https://myorg.maps.arcgis.com/sharing/oauth2/"
rateLimit="600"
rateLimitPeriod="60"
matchAll="true">
</serverUrl>
</serverUrls>
</ProxyConfig>
<!-- See https://github.com/Esri/resource-proxy for more information -->
--------------------------------------------------------------
2. The Json code to add at the end of your config.json
"httpProxy" : {
"useProxy" : true,
"url" : "https://mysite.com/DotNet/proxy.ashx",
"alwaysUseProxy" : false,
"rules" : [{
"urlPrefix" : "https://myorg.maps.arcgis.com/",
"proxyUrl" : "/DotNet/proxy.ashx"
}
]
}
-------------------------------------------------------------------------------------------------------------
3. The Requisite Configurable App Registration Information on AGOL
URL: https://mysite.com/mywebapp
API: JavaScript
App Type: browser
Purpose: Configurable
Redirect URI's: http://mysite.com, https://mysite.com
BUMP
Hi Alex,
The reason why you can see the agol popup(oAuth2 authentication dialog indeed) is because your webmap or some layers in the webmap is not shared to public. Otherwise no authentication dialog will appear.
To remove the oAuth2 authentication dialog, it means on every request to private resources in your deployed app(private webmap or private layers in webmap) have to come along with a valid token. This can be done by putting a proxy which has valid token in it in front of your deployed app, as long as the end users visit the deployed app through the proxy(indeed end users will not know the real url of the app), then no security challenge will occur to end user.
To achieve your goals, you need do following things:
By the way, you've mentioned proxy.config and <ProxyConfig> tags, I assume you're using the sample proxy file from esri’s github. This proxy file is just too simple for you to achieve above goals, more server code is needed.
Zhifang,
My only need is to remove the first popup for the agol map item authentication. There are no subsequent popups as this resides on my web server within my domain and I am using web auth tier security for the services referenced within.
I am in disagreement that there is much code needed server side. Otherwise why would you be able to register an application so easily with Esri? All I need to know is the json code to put in the end of my applications config.json and the proxy.config settings that will utilize the following variables:
clientid, appsecret, url: https://mywebserver/webapp
My proxy is located here: https://mywebserver/DotNet/proxy.ashx
I've provided the variables, I wonder if someone knows the answer...
Hi Alex,
Registering an app in ArcGIS Online or Portal is mainly for oAuth2 authentication purpose, as soon as you got the Client ID and Client Secret, you have to exchange a valid token for your private resources by yourself. ArcGIS Online Authentication | ArcGIS for Developers
How the "proxy" part in config.json file works can be found here: Use proxy—Web AppBuilder for ArcGIS | ArcGIS. For your scenario, I think you have to write some server code in your proxy file to identify the requests to private resources and append valid token (it's your responsibility to get a valid token, also needs server code) to those requests at least. In "proxy" part of config.json file, you may want to set some rules to reduce the unnecessary request passing to your proxy.
Hope this helps.
Thank you Zhifang, but my services are using Web Tier authentication (Not GIS Tier with Tokens), as I have mentioned in the first post. The application sits on my web server. Thus the only thing that I would need to remove is the ArcGIS item popup. I have looked at the use proxy link that you have provided. I was just curious what the code in the proxy config would look like given my variables. I guess you don't know that. 😉
Alex,
Are you using the .NET proxy from github? If so you'll find info on the various options for configuring your proxy in the readme.
resource-proxy/README.md at master · Esri/resource-proxy · GitHub
I would also like a little more clarity on the tags required in the config.json and proxy if someone can provide it? Possibly an example of each showing application level authentication?
This is what I'm using and it's probably not correct-
proxy-
<serverUrl url="http://adacountyitgis.maps.arcgis.com/"
oauth2Endpoint="https://www.arcgis.com/sharing/oauth2"
clientId="*****************"
clientSecret="***********************************"
rateLimit="600"
rateLimitPeriod="60"
matchAll="true">
</serverUrl>
json-
"wabVersion":"1.1","isWebTier":false,"httpProxy":{"useProxy":true,"alwaysUseProxy":false,"url":"http://arcg.is/1vh66cC","rules":[{
"urlPrefix": "http://adacountyitgis.maps.arcgis.com/",
"proxyUrl": "http://mywebserver/proxy4/proxy.ashx"
}]},"appId":"************************"}
If anyone could tell me what is missing, what should be removed or changed, it would be appreciated.
Thanks,
Ryan
Alex, I share your frustration, it seems like it should be fairly simple.
Would someone be able to answer whether the scenario below is possible, and if so, how with the minimum of fuss? (my apologies for the lousy presentation).
I have already achieved it *except* that a sign-in screen is popping up, and if all users are being forced to sign in, I might as well just send them straight to ArcGIS Online!
Btw the web server is not public-facing.
Okay, my reply is long overdue. But I have reached resolution!
I attempted to follow the documentation for the DotNet proxy on GitHub by inspecting examples and also followed the instructions here : on the "Manage Apps" section on the docs.arcgis.com site
In actuality there are three workflows that I've found. Items one and two will necessitate a proxy if you are to utilize AGOL items and wish to employ your web server's security. Item three will not require a proxy, but might require you to keep the Web Appbuilder version in sync with the Github LocalLayer Widget. I also believe that item three will not have any 1's and 0's going to agol either during client sessions.
Here's the variables:
---------------------------------------------------------
1. The Proxy Config:
<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*"
mustMatch="true">
<serverUrls>
<serverUrl url="https://services.arcgisonline.com"
matchAll="true"/>
<serverUrl url="https://mysite.com"
matchAll="true"
/>
<serverUrl url="https://myorg.maps.arcgis.com/"
clientId="1111111111111111"
clientSecret="22222222222222222222222222222222"
oauth2Endpoint="https://myorg.maps.arcgis.com/sharing/oauth2/"
rateLimit="600"
rateLimitPeriod="60"
matchAll="true">
</serverUrl>
</serverUrls>
</ProxyConfig>
<!-- See https://github.com/Esri/resource-proxy for more information -->
--------------------------------------------------------------
2. The Json code to add at the end of your config.json
"httpProxy" : {
"useProxy" : true,
"url" : "https://mysite.com/DotNet/proxy.ashx",
"alwaysUseProxy" : false,
"rules" : [{
"urlPrefix" : "https://myorg.maps.arcgis.com/",
"proxyUrl" : "/DotNet/proxy.ashx"
}
]
}
-------------------------------------------------------------------------------------------------------------
3. The Requisite Configurable App Registration Information on AGOL
URL: https://mysite.com/mywebapp
API: JavaScript
App Type: browser
Purpose: Configurable
Redirect URI's: http://mysite.com, https://mysite.com