FV 3.0 Disable Secure Service Login

SimonRoss_User · ‎07-01-2012

I've already posted this to an existing post (http://forums.arcgis.com/threads/54640-FV-3.0-and-Login) but thought I'd open separately so there's no confusion.

Just started working with FV 3.0 and having some issues with the new login popup for secured services.

Our existing applications (FV 2.5) are secured via an ASP form control. Credentials for the secure services are built into the proxy page. Currently with the new secure services login this causes a separate challenge for authentication. Ideally I'd just like to disable the new secure services challenge but can't seem to make this happen in the flexviewer source code. I've tried removing the IdentityManager.instance.enabled = true but this makes no difference. I still get the popup appear. Any ideas on how to customize the viewer to remove this?
Thanks

HeatherGonzago · ‎07-05-2012

Hi Simon,
Could you try one thing for me please? It looks like there may be a slight typo in the source that may be causing the issue with proxies not being honored for layers.

Go to line 495 of MapManager.mxml and change

From:
layerObject.proxyURL = m_configData.proxyUrl;

To:
layerObject.proxyUrl = m_configData.proxyUrl;

Could you please try this out and let me know if this takes care of the problem? If not, then there may be something more that we are missing.

Thanks again,
Heather

View solution in original post

DasaPaddock · ‎07-02-2012

If the proxy is adding a token and no security error is returned to the client, then the IdentityManager should not be showing the sign in dialog.

Since creating an instance of the Portal also enables the IdentityManager, try adding this after line 45 of PortalBasemapAppender:

IdentityManager.instance.enabled = false;

SimonRoss_User · ‎07-02-2012

If the proxy is adding a token and no security error is returned to the client, then the IdentityManager should not be showing the sign in dialog.

Since creating an instance of the Portal also enables the IdentityManager, try adding this after line 45 of PortalBasemapAppender:

IdentityManager.instance.enabled = false;

Dasa - thanks for the response. I added this as directed and also set the instance of IdentityManager.instance.enabled to false in the ViewerContainer.mxml. Unfortunately this now causes a fault code 499 Unauthorized Access when the application launches and the layer cannot be accessed. For reference our proxy configuration has user name and password credentials embedded to generate a token at runtime - could this be causing the issue?

proxy.ashx, proxy.config

    <serverUrl url="https://MYDOMAIN/ArcGIS/rest/services"
               matchAll="true"
        dynamicToken="true"
        userName="USER"
        password="PASSWORD"
               host="SERVER_ID"
               ></serverUrl>
</serverUrls>

DasaPaddock · ‎07-02-2012

Can you post your Viewer's config.xml?

SimonRoss_User · ‎07-02-2012

File is attached

HeatherGonzago · ‎07-02-2012

Hi Simon,
What you are trying to do is pretty common. Just to make sure that we have it correct:

1) You are accessing your Flex Viewer app via a asp login, I'm assuming you are using IIS authentication to access this?
2) You then are trying to work with some secure services. You do NOT want your users prompted for credential info correct?
3) You have a proxy page configured to point to these services with the servername and info passed in via the proxy config?
4) If all this is correct, the info in the proxy should provide the credential info without having to be prompted by the Identify Manager.

This makes me wonder if there is something else going on with the proxy configuration. In order to try and narrow this down, let's take the Flex Viewer completely out of the equation as it just adds more variables when troubleshooting.

Could you please try using something as basic as a sample web API sample and see if you can access your layers in that. I'm not sure exactly what type of layers you are working with but there are plenty of simple samples that you could copy/paste and change out the layer URL to that of yours. In addition to this, just make sure that you are also pointing to your proxy config file in the code. You would do this by setting the proxyURL property to the location of your proxy.ashx file.

For example

<esri:ArcGISDynamicMapServiceLayer url="https://ServerName/ArcGIS/rest/services/Secure/USASecured/MapServer" proxyURL="proxy.ashx" />

HeatherGonzago · ‎07-02-2012

Hi Simon,
After looking at this further, I remembered others having issues (not just in the Flex API) using the proxy page with dynamic tokens. The actual proxy.ashx file needed to be updated to allow this. Could you try using this updated proxy page instead? See if it makes any difference. Let us know how this goes as this should be updated as well in any documentation.

Thanks,
Heather

SimonRoss_User · ‎07-02-2012

Heather,

Thanks for your response. We're already using the updated proxy.ashx page and been using it without issue with Flex Viewer 2.5. As you suggested I created a basic sample app and this accessed the secure service via the proxy credentials without issue. In answer to the detailed questions in your first post
1/ Yes
2/ Yes
3/ Yes - see previous post for setup of proxy.config
4/ I wish this were true!

Thanks a lot

HeatherGonzago · ‎07-02-2012

Heather,

Thanks for your response. We're already using the updated proxy.ashx page and been using it without issue with Flex Viewer 2.5. As you suggested I created a basic sample app and this accessed the secure service via the proxy credentials without issue. In answer to the detailed questions in your first post
1/ Yes
2/ Yes
3/ Yes - see previous post for setup of proxy.config
4/ I wish this were true!

Thanks a lot

Hi Simon,
Thanks for the update. This helps narrow things down. So it does sound like the proxy is working as it should using the updated proxy file since you can do it without any problems directly in an API sample. Let me see if we can try and repro it on our end here. If possible, could you attach the proxy.zip you are using (including the ashx and config files)?

Thanks.

SimonRoss_User · ‎07-02-2012

Heather - here are the files. One other thing, which you may have guessed anyway, all access to our server is via SSL