Geoprocessing Authentication in Web App Builder (Developer Edition)

486
6
03-06-2019 04:02 AM
AshleyGahl
New Contributor II

Hi Everyone,

I would like some help or guidance on how to force authentication when using my Geoprocessing service in a web application. 

Breakdown :

1. I have secured my Geoprocessing Service in ArcGIS Server with token based authentication

2. Configured my proxy and config file for the application

3. However when i use my Geoprocessing widget in my web application it automatically authenticated my user          credentials that I've setup in my proxy config file. Its my understand (under correction) by using a proxy i can bypass      a secured service, however my application are viewed and accessed by a wide audience and therefore i want to        secure only my Geoprocessing widget for a  certain group of users accessing my web application.

GIS : Greetings

0 Kudos
6 Replies
RobertScheitlin__GISP
MVP Esteemed Contributor

Ashley,

  If you want your GP to not authenticate then you need to remove that serverUrl from your proxy.config file. Or if you just have a very broad url that covers your whole server in the proxy.config have it more defined to the other urls that you want to go through the proxy and urls that would not include the GP service.

0 Kudos
AshleyGahl
New Contributor II

Hi Robert,

Thanks for replying so quickly to my post.

The following is a indication of my current configuration

1. WAB Application

1.1 config.json

"wabVersion": "2.6",

"isTemplateApp": true,

"isWebTier": false,

"httpProxy": {

"useProxy": true,

"alwaysUseProxy": false,

"url": "",

"rules":[

{"urlPrefix":"https://machine.domain.gov.za/adapter/rest/services/GeoServices/Click20/GPServer/IntersectionTool",

"proxyUrl":"https://machine.domain.gov.za/DotNet/proxy.ashx"

}

]

1.2 proxy.config

GeoNet

( https://community.esri.com/?et=watches.email.thread)

Re: Geoprocessing Authentication in Web App Builder (Developer

Edition)reply from Robert Scheitlin, GISP

( https://community.esri.com/people/rscheitlin?et=watches.email.thread)

in Web AppBuilder for ArcGIS - View the full discussion

(

https://community.esri.com/message/836219-re-geoprocessing-authentication-in-web-app-builder-developer-edition?commentID=836219&et=watches.email.thread#comment-836219)

Ashley,

If you want your GP to not authenticate then you need to remove that

serverUrl from your proxy.config file. Or if you just have a very broad

url that covers your whole server in the proxy.config have it more

defined to the other urls that you want to go through the proxy and urls

that would not include the GP service.

Reply to this message by replying to this email, or go to the message

on GeoNet

(

https://community.esri.com/message/836219-re-geoprocessing-authentication-in-web-app-builder-developer-edition?commentID=836219&et=watches.email.thread#comment-836219)

Start a new discussion in Web AppBuilder for ArcGIS by email

(

mailto:discussions-community-gis-webgis-webappbuilder@mail.geonet.esri.com)

or at GeoNet

(

https://community.esri.com/choose-container.jspa?contentType=1&containerType=14&container=2150&et=watches.email.thread)

Following Re: Geoprocessing Authentication in Web App Builder

(Developer Edition)

(

https://community.esri.com/message/836219-re-geoprocessing-authentication-in-web-app-builder-developer-edition?commentID=836219&et=watches.email.thread#comment-836219)

in these streams: Inbox

Following Robert Scheitlin, GISP

( https://community.esri.com/people/rscheitlin?et=watches.email.thread)

in these streams: Inbox

This email was sent by GeoNet because you are a registered user.

You may unsubscribe

(

https://community.esri.com/unsubscribe.jspa?email=agahl%40overstrand.gov.za&token=347fc985ca0251d0db8c780489f956ac9605f2cf7777edfa0d37502b5f03fd16)

instantly from GeoNet, or adjust email frequency in your email

preferences

( https://community.esri.com/user-preferences!input.jspa)

0 Kudos
AshleyGahl
New Contributor II
1.2 proxy.config
<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*"
mustMatch="true">
<serverUrls>

<serverUrl url="https://services.arcgisonline.com"
matchAll="true"/>

<serverUrl url="https://machine.domain.gov.za/adapter/rest/services/GeoServices/Click20/GPServer/IntersectionTool"
username = "test413"
password = "test413"
matchAll="true"/>
</serverUrls>
</ProxyConfig>
0 Kudos
AshleyGahl
New Contributor II
What I'm trying to achieve is to NOT have this Geoproccesing Service accessible to everyone in my General WAB Application but only for users that have a credentials to sign into it.
I removed the <serverUrl> for my GP Service in my proxy.config as you suggested and my Geoprocessing Widget still shows in my WAB Application, however it totally fails to execute
where it prompts me for authentication, which the same behavior i want in the WAB Application.
Any more advice would be much appreciated
GIS : Greetings
0 Kudos
AshleyGahl
New Contributor II

Hi Robert,

Thanks for replying so quickly to my post.

The following is a indication of my current configuration

1. WAB Application

1.1 config.json

"wabVersion": "2.6",

"isTemplateApp": true,

"isWebTier": false,

"httpProxy": {

"useProxy": true,

"alwaysUseProxy": false,

"url": "",

"rules":[

{"urlPrefix":"https://machine.domain.gov.za/adapter/rest/services/GeoServices/Click20/GPServer/IntersectionTool",

"proxyUrl":"https://machine.domain.gov.za/DotNet/proxy.ashx"

}

]

1.2 proxy.config

for my GP Service in my proxy.config as you

suggested and my Geoprocessing Widget still shows in my WAB Application,

however it totally fails to execute

If i double click on my "urlPrefix" ,I'm redirected to

"https://machine.domain.gov.za/adapter

(

https://machine.domain.gov.za/adapter/rest/services/GeoServices/Click20/GPServer/IntersectionTool)

/rest/login?redirect=https%3A//https://machine.domain.gov.za/adapter/rest/services/GeoServices/Click20/GPServer/IntersectionTool"

where it prompts me for authentication, which the same behavior i want

in the WAB Application.

Any more advice would be much appreciated

GIS : Greetings

Overstrand Municipality

A: 1 Magnolia Street, Hermanus, 7200 | P: P.O Box 20, Hermanus, 7200

T: +27 (0) 313 8000 | F: +27 (0) 312 1894

E: enquiries@overstrand.gov.za | W: www.overstrand.gov.za

Vision Statement: "To be a centre of excellence for the community"

Disclaimer: This e-mail (including attachments) is subject to the

disclaimer published at: http://www.overstrand.gov.za

Please read the disclaimer before opening any attachment or taking any

other action in terms of this e-mail. By replying to this e-mail or

opening any attachment you agree to be bound by the provisions of the

disclaimer.

Please consider the environment before printing this correspondence.

0 Kudos
RobertScheitlin__GISP
MVP Esteemed Contributor

Ashley,

   What happens if you also remove the rule from your apps main config.json file too? I would expect that it would not fail and would just challenge the user for their credentials.

0 Kudos