Accessing secured services

LisaArnold · ‎05-10-2013

I am using ArcGIS Viewer for Flex 3.1 with secured services. The viewer connects to the secured ArcGIS Server 10.1 services, but when the site loads the user is prompted to login to the service. I am securing the application using IIS authentication, so I don't want the user to be challenged for both the IIS application security and the secured service security. When I generated the token I specified the HTTP referer as the domain of my web server. I then included the generated token with the address of my map service in the config.xml file. I thought that doing this would mean the user would not be challenged to access the secured service because the token is passed through from the config.xml file. Is this not the case? How can I make it so the user is not prompted to login when accessing the application? If they were to access the services directory they would of course have to login there.

JillHalchin · ‎05-15-2013

Lisa,
Not sure if your situation is quite the same one I have to deal with, but this sounds familiar. How do you have security set on the app itself, not just the services? I had a problem with users getting a challenge until I learned this:
In IIS Manager, go to the folder that contains the Flex app, disable anonymous authentication and enable Windows Authentication on the app. This will allow anyone on the network or domain to open the app, but users will get a message for each layer they are not allowed to see. They can dismiss the message box and still see any layers that might be open for everyone.
Hope this helps,

Jill Halchin
Southeast Archeological Center
National Park Service

LisaArnold · ‎05-15-2013

Hi Jill,

Thanks for your response. I am using Windows Authentication on the app with Anonymous Authentication disabled. Our situation isn't quite the same in this case, although you did give me an idea of how to handle security for various user levels on a different site.

Thank you.