After the TLS 1.2 patching deadline, April 16th, I am having issues with my AWS-hosted web GIS application, where I get the following error when hitting the URL:
Unable to load //telecoupling.msu.edu/DotNet/proxy.ashx?https://msugis.maps.arcgis.com/sharing/rest/portals/self?f=json status: 500
The AWS EC2 instance for the ArcGIS Server site is a Windows Server 2012 R2 so patching should have not affected it, unless it messed up the proxy for some reason.
Any help or pointers will be much appreciated.
Hi Francesco, an update to the latest dotnet proxy build (1.1.2) will fix the issue. The issue is resolved if using newer versions of the ESRI proxy than 1.1.0 where the following fix was applied:
The April 16 deadline affects older proxy versions now, not just our desktop applications
Hope that helps
Andrew
Thanks Andrew! I converted the new proxy now to an application and modified the proxy.config file to have all the portals I want to automatically authenticate with my AGOL credentials. However, when hitting the application URL, I am now prompted with an AGOL login, which of course should not be there. Seems like when when it hits the proxy.ashx, it throws a failed authentication at:
with response:
{"error":{"code":498,"message":"Invalid token.","details":[]}}
The web map is publicly shared and in the proxy.config I correctly added clientId and clientSecret for Web App Builder Application, so I am not sure where that auth error comes from.
Can you try username and password instead of client id and client secret for your arcgis online account in proxy.config file and try to access the below url in broswer:
There may be issue with accessing layers inside webmap or some other content from Arcgis online.
Thanks,
Biraja
I have had similar issues with a proxy on a web-site, and have installed the updated proxy. This seems to have removed the first error. However, now I am having similar issues to Francesco with the authentication as well.
My proxy authenticates the AGOL credentials (using a username & password), and this seems to work perfectly well.
The proxy also authenticates ArcGIS Server services that are referenced in AGOL as map image layers. The credentials are not stored with the map image layer, but the proxy is meant to deal with this. And it has been doing this successfully until the last week. Not exactly sure when it stopped working, but I assume this is tied in with the TLS issue.
Our ArcGIS Server is still 10.5.1
Does our server need something installed?
Thanks
Keith
As far as I know, if TLS update affecting proxy, then we followed the below steps to fix the issue in general:
1. Download current version of resource proxy from Github as per below link:
https://github.com/Esri/resource-proxy
2. In IIS while converting the proxy folder to application, use .net 4.5 as application pool.
Hope that helps. Otherwise, please contact Esri Support Services to diagnose the issue further.
Thanks,
Biraja
Hello Biraja,
The resources and workflow to fix TLS patching for proxy work, but it does not solve issues related to login authorizations for server layers that are hosted in the shared web map. Even after the TLS proxy fix you suggested, there are still issues where the web application throws an ArcGIS Online login authorization windows, which should not happen given that the proxy should take care of that in the backend. Seems like in my case, I had to manually remove a couple of lines in the config.json file after updating to the new proxy v1.1.2 Esri suggested. These lines were those referring to:
{
"urlPrefix": "https://<arcgis_online_organization_name>.maps.arcgis.com/sharing/rest",
"proxyUrl": "https://<server_domain.org/DotNetProxy112/proxy.ashx"
},
...
It does not make much sense to me why I would have to remove these lines to solve the login issue, but it did fix it. Any explanation?
This is the proxy settings in the application and we need to set the 2 mentioned parameter for secure layers to access it. You mentioned that you removed these 2 lines from application and able to fix the issue. This implies that you do not need proxy to access those web maps or layers from ArcGIS Online.
{
"urlPrefix": "https://<arcgis_online_organization_name>.maps.arcgis.com/sharing/rest",
"proxyUrl": "https://<server_domain.org/DotNetProxy112/proxy.ashx"
},
Do you have any other "urlPrefix" and "proxyUrl" present after removing above 2 lines in config.json. If not, then you are not using proxy.
Thanks,
Biraja
I do have more lines in the "rules", so the proxy is still needed.
"rules": [
{
"urlPrefix": "https://landscape7.arcgis.com",
"proxyUrl": "http://telecoupling.msu.edu/DotNet/proxy.ashx"
},{
"urlPrefix": "https://landscape6.arcgis.com",
"proxyUrl": "http://telecoupling.msu.edu/DotNet/proxy.ashx"
},{
"urlPrefix": "https://earthobs2.arcgis.com",
"proxyUrl": "http://telecoupling.msu.edu/DotNet/proxy.ashx"
},{
"urlPrefix": "https://elevation.arcgis.com",
"proxyUrl": "http://telecoupling.msu.edu/DotNet/proxy.ashx"
},{
"urlPrefix": "https://sentinel.arcgis.com",
"proxyUrl": "http://telecoupling.msu.edu/DotNet/proxy.ashx"
}
]
The problem is that before the TLS patch update, I had those two lines mentioned in my previous message and it was working perfectly. Then, after the proxy update to v1.1.2, it was not letting users access the web app and prompting an AGO login authentication window. Do you have any idea why I had to remove those two lines after the TLS update while it was perfectly working before then?
Thanks. I see you are using proxy. It seems that TLS update is causing some issue with proxy for ArCGIS Online access. Please contact Support Service to analyze and may be this is a defect.
Biraja