Community
Select to view content in your preferred language

Managing Public/Secure applications

1806
3
08-30-2013 12:16 PM
JamesMitchell_Jr_
by
Emerging Contributor
‎08-30-2013 12:16 PM
My office is using ArcGIS for Server 10.1 and Flex Viewer 3.4, and a relatively new to both. We have already published a few public and secure map services. And we now would like to build an application that uses those services. We have created generic user accounts for accessing these services in our applications, as the users will be getting to the applications from another ASP.NET web application. We would like to know if it is possible to to build our flex application in a way so that public users will only see the public layers, and secured users would see all layers without them having to enter in the generic account login credentials? Or is it best practice to create two separate applications, one for public use and the other for secure use that uses a proxy page?

Thanks!
Tags (2)
0 Kudos
3 Replies
IsaiahAguilera
by
Frequent Contributor
‎09-03-2013 10:05 AM
James,
I would say your best bet would be to use two separate config.xml files. You could have the default application load with the public services that everyone could see and then have some sort of login system to get to the secured services from the public application.  A simple hyperlink in your header controller that uses the custom URL functionality built into the viewer could work.

So your hyperlink could say Login and the URL would be your app's URL plus the specific config file for the secured version.
Example
 http://yoursite.com/index.html?config=configSecure.xml


If your services are secure the new config will reload the site and will prompt the user for credentials.  This could save time because you would only have a separate config xml instead of a separate application.  That is just my opinion.

Hope this helps,
0 Kudos
JamesMitchell_Jr_
by
Emerging Contributor
‎09-03-2013 11:20 AM
Isiah,
Thanks for the response. It sounds like this may work for our application. Since we are fairly new to Flex applications we have a few follow-up questions.
- In the secure config file are we right in thinking that we would need to have all services public and secure included?
- To gain access to applications that have our office's secure data we have our users log into an ASP.Net application first. We originally thought we would use a dynamic proxy page to launch the Flex application with secured service based on a generic ArcGIS Server user account we created. This would alleviate a user having to sign on twice to get to the flex application. If we want to continue with this route How would we laungh the flex app using the proxy page? Or would you happen to know another way of doing this?

Thanks! 🙂
0 Kudos
IsaiahAguilera
by
Frequent Contributor
‎09-03-2013 01:59 PM
James,
In the secure config file are we right in thinking that we would need to have all services public and secure included?

That would be a matter of preference as I do not know exactly what you are using the services for. You could include all of the public service data in the secured service as well to avoid have to add two services but that is up to you.

To gain access to applications that have our office's secure data we have our users log into an ASP.Net application first. We originally thought we would use a dynamic proxy page to launch the Flex application with secured service based on a generic ArcGIS Server user account we created. This would alleviate a user having to sign on twice to get to the flex application. If we want to continue with this route How would we laungh the flex app using the proxy page? Or would you happen to know another way of doing this?

If your users are already logging on using an ASP service then to avoid having to log in twice you could generate a token for that service and embed the token in the secured config.xml within the layer tag.
<layer label="Streets"
    type="tiled" token="yourtoken"
    visible="true"
    url="http://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer"/>

This would allow you access to the secured service without having to log in again. As far as the proxy page goes I would say its not needed but I am limited on knowledge of your situation. It would depend on whether or not you want users to view the token, or to transmit the token over the network between your web server and your users. Those are cases where a proxy would be used.

Info on the how to use a proxy with flex is here:
https://developers.arcgis.com/en/flex/guide/using-the-proxy-page.htm

How to generate a token here:
http://resources.arcgis.com/en/help/main/10.1/index.html#/Acquiring_ArcGIS_tokens/0154000005rp000000...

Hope this helps,
0 Kudos