Security for ArcServer using FLEX

RobRahrs1 · ‎02-23-2011

I just began on developing a FLEX map using ArcServer and now need to secure it. I have looked on the help menu, but not sure which option will work best (https, token, reverse proxy, etc). Any sugguestions. Easier is better. Im not a programmer. Thanks.

JonFisher · ‎02-23-2011

The (relatively easy) approach I've taken is securing the services, and granting permissions to a role/user on the local domain. I then secure the folder my Flex app will go into using IIS (using Active Directory). Finally, I generate a token using that user for the secure services, and use that token in the Flex app (both for operational layers and any widgets like Search) that goes into the secure folder.

The downsides: 1) you have to remember to update your tokens at least once per year 2) it's not especially user friendly to require a login before the page even loads (as you have no opportunity to provide instructions on what login to use).

The upside: it's pretty fast, easy, and simple.

RobRahrs1 · ‎03-03-2011

Does that method secure the Customized Web Application as well? So far I was able to secure the Rest Services using SQL. I am now working on adding the tokens to my config file to unlock those services. However, I am woried I won't be able to secure the Flex App in the end. My ultimate goal is to have a flex web address to send to folks along with a user name and password to access it.

BjornSvensson · ‎03-03-2011

Yes, securing the folder where you flexviewer is locating will accomplish that.

How to do it depends on your web server, but if using IIS 7, Microsoft has extensive documentation. See for example "Configuring Authentication in IIS 7" at http://technet.microsoft.com/en-us/l...8WS.10%29.aspx. For your case, "Basic Authentication" might be sufficient.

RobRahrs1 · ‎03-09-2011

I secured my rest services and have unlocked them using a token through a proxy page. The problem is now some of my widgets no longer work. Any ideas on how to unlock a widget using a token in a proxy?

BarbaraPatterson · ‎03-30-2011

We are also having problems getting our widgets to work (in particular the Query Builder Widget) now that we have generated tokens for our services. All the references in the xml files are updated. We can view the map services in our Flex App. Were you able to figure this out?

Thanks,

Barb Patterson

JonFisher · ‎03-31-2011

I've never set up a proxy page, but got everything working as I described (where all URLs include a static token and the whole folder where the flex app is stored is secured via IIS).

The url should always look like:

https://maps.tnc.org/ecadpubprodanon/rest/services/TNC_internal/tnc_lands_auth_WM/MapServer?token=thisisyourlongtokenandoftenitendswithtwoperiods..

I got my query widget working in this way with no special work or new code.

However, I found that for the data extract widget there was a problem where firefox was using GET rather than POST which caused problems but was fixed with the code listed here: http://forums.arcgis.com/threads/22261-authenticated-data-extraction-services

Hope that helps,

Jon

maria_byrne · ‎04-13-2011

I've never set up a proxy page, but got everything working as I described (where all URLs include a static token and the whole folder where the flex app is stored is secured via IIS).

The url should always look like:
https://maps.tnc.org/ecadpubprodanon/rest/services/TNC_internal/tnc_lands_auth_WM/MapServer?token=thisisyourlongtokenandoftenitendswithtwoperiods..
I got my query widget working in this way with no special work or new code.

However, I found that for the data extract widget there was a problem where firefox was using GET rather than POST which caused problems but was fixed with the code listed here: http://forums.arcgis.com/threads/22261-authenticated-data-extraction-services

Hope that helps,

Jon

Hi Jon,

I'm having problems getting the ThematicQueryWidget to work with the token security, all my other widgets work fine but I think the problem with this one is that the ThematicQueryWidget.xml doesn't have it the url of the query layer in it, rather it references the url of the operational layer from the config.xml and it doesn't seem to be passing the token.

Any ideas on how to resolve this would be greatly appreciated!
Many thanks,
Maria

SteveWhitehead__GISP · ‎04-13-2011

Hi Guys,
Did you guys get the Identify widget working with a token? I can't get my dynamic service that requires a token to work with it. I have all my layers as operational within one dynamic service.
Thanks
Steve