FV 3.0 Disable Secure Service Login

SimonRoss_User · ‎07-01-2012

I've already posted this to an existing post (http://forums.arcgis.com/threads/54640-FV-3.0-and-Login) but thought I'd open separately so there's no confusion.

Just started working with FV 3.0 and having some issues with the new login popup for secured services.

Our existing applications (FV 2.5) are secured via an ASP form control. Credentials for the secure services are built into the proxy page. Currently with the new secure services login this causes a separate challenge for authentication. Ideally I'd just like to disable the new secure services challenge but can't seem to make this happen in the flexviewer source code. I've tried removing the IdentityManager.instance.enabled = true but this makes no difference. I still get the popup appear. Any ideas on how to customize the viewer to remove this?
Thanks

HeatherGonzago · ‎07-02-2012

Heather - here are the files. One other thing, which you may have guessed anyway, all access to our server is via SSL

Hi Simon,
Thanks. Let me get something set up on this end and see what I can figure out. I'll be in touch.

Heather

HeatherGonzago · ‎07-03-2012

Hi Simon,
Just wanted to keep you updated. I'm still looking into this. Hopefully should have something soon.

Thanks

SimonRoss_User · ‎07-03-2012

Thanks Heather - Happy 4th of July

HeatherGonzago · ‎07-05-2012

Hi Simon,
Could you try one thing for me please? It looks like there may be a slight typo in the source that may be causing the issue with proxies not being honored for layers.

Go to line 495 of MapManager.mxml and change

From:
layerObject.proxyURL = m_configData.proxyUrl;

To:
layerObject.proxyUrl = m_configData.proxyUrl;

Could you please try this out and let me know if this takes care of the problem? If not, then there may be something more that we are missing.

Thanks again,
Heather

SimonRoss_User · ‎07-05-2012

Heather - that did the job! A couple of queries around that though - I ran that change on a version of the viewer code where I'd already made the additional references to IdentityManager.instance.enabled = false as documented previously in this discussion. If I understand correctly those modifications should no longer be required if it's picking up the proxy info correctly. Is that right? Secondly presumably this will be corrected in a future release of the compiled viewer?

Thanks for all your help
Best Regards

Simon

HeatherGonzago · ‎07-05-2012

Heather - that did the job! A couple of queries around that though - I ran that change on a version of the viewer code where I'd already made the additional references to IdentityManager.instance.enabled = false as documented previously in this discussion. If I understand correctly those modifications should no longer be required if it's picking up the proxy info correctly. Is that right? Secondly presumably this will be corrected in a future release of the compiled viewer?

Thanks for all your help
Best Regards

Simon

Excellent, I'm glad to hear it. As for your questions...You should not need those previous modifications you made. Go ahead and remove it and see how it goes. And for the second question, yes this has been marked as a bug and should be fixed shortly. I would keep an eye on GitHub where we keep the source and you can check for any recent check-ins.

Thanks for helping us troubleshoot this.

JosephAccardi · ‎07-06-2012

Hi Simon,
What you are trying to do is pretty common. Just to make sure that we have it correct:

1) You are accessing your Flex Viewer app via a asp login, I'm assuming you are using IIS authentication to access this?
2) You then are trying to work with some secure services. You do NOT want your users prompted for credential info correct?
3) You have a proxy page configured to point to these services with the servername and info passed in via the proxy config?
4) If all this is correct, the info in the proxy should provide the credential info without having to be prompted by the Identify Manager.

I am also using IIS basic/windows authentication to secure my FV 3.0 application. I do not have any security on my services because I'm also trying to avoid my external users from having to supply their credentials for every secured service in the web application. At the same time, I need the services to be secure without having the credentials prompt pop-up. I am not working with a proxy page so my scenario is only #1 and #2 from the list above. Is there a way to disable the prompt with secured services without using a proxy page?

Thanks

SimonRoss_User · ‎07-06-2012

I am also using IIS basic/windows authentication to secure my FV 3.0 application. I do not have any security on my services because I'm also trying to avoid my external users from having to supply their credentials for every secured service in the web application. At the same time, I need the services to be secure without having the credentials prompt pop-up. I am not working with a proxy page so my scenario is only #1 and #2 from the list above. Is there a way to disable the prompt with secured services without using a proxy page?

Thanks

Joseph,

Is there any particular reason you cannot set up a proxy page - it's a very straightforward process to do and the best way to keep the user credentials for the services hidden. The help files give a great walkthrough of the setup process - takes about 10 minutes!

HeatherGonzago · ‎07-06-2012

I am also using IIS basic/windows authentication to secure my FV 3.0 application. I do not have any security on my services because I'm also trying to avoid my external users from having to supply their credentials for every secured service in the web application. At the same time, I need the services to be secure without having the credentials prompt pop-up. I am not working with a proxy page so my scenario is only #1 and #2 from the list above. Is there a way to disable the prompt with secured services without using a proxy page?

Thanks

Normally you are prompted for the credential which generate the token needed to unlock the services. The user/pass information is
configured and stored by the administrator via Manager.

If you do not want your users to have to log in to access specific services, you may be able to control which users/roles have access
to what services through other means like Integrated Windows Authentication or even using a custom Security provider.

The first option works with the user/roles that are managed directly in MS Windows Active Directory server. This way you can take advantage
of the accounts already on your network. You would need to set up the permissions to your services based on these accounts. There is a
tutorial on this at http://resources.arcgis.com/en/help/main/10.1/index.html#/Securing_web_services_with_Integrated_Wind....

I would suggest taking a look at the 10.1 security section on the online resources Help section. They have a pretty good description of the
different options you can choose.

You may also want to ask some of these security-type questions on the main ArcGIS Server 10.1 -Windows or General discussion forum as well.

HTH,

DasaPaddock · ‎07-06-2012

Also, the IdentityManager will not prompt the user for credentials if the server is not configured to use token based security.