We have an application created in Web AppBuilder that uses a map with 2 layers.
1.A hosted service layer that our organization controls
2.Another hosted by a third party. (We have permission to use the layer in our application.)
We also have a custom widget, so we downloaded the application and are hosting it ourselves.
Using the proxy (https://github.com/Esri/resource-proxy), our application is able to display both layers without a problem. However, this also means that anyone who knows the application's URL can anonymously access our application, which we don't want.
Our user base has ArcGIS.com logins, which according to the page below, suggests using a named user login.
https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/
However, since our user base does not have a login to the 3rd party layer, it seems like we would have to use an app login combined with our proxy.
I essentially would like to use a named user login to control the login to our application, but once the user has been authenticated, they access the map and data through the proxy.
I can provide more details, but I've yet to devise proxy rules or a Web AppBuilder configuration that allows for this.
I've made progress on this and will leave it here in case it helps anyone else.
If you do not have proxy rules in place in your Web AppBuilder config.json file and the proxy's proxy.config to the URL to the underlying Web map, the user will be presented with an ArcGIS.com login prompt upon arriving at your site.