What is the recommended methodology for deploying a WAB app that you don't want to share publicly?

JayGeisen · ‎10-12-2017

Okay, here's my current methodology for creating WAB apps.

1. Publish ArcGIS Server service(s) to ArcGIS Server (local).

2. Create web map on ArcGIS Online that uses the service(s) from step 1.

3. Use the Web Appbuilder (dev version) to create a web app that uses the web map from step 2.

4. Download the WAB app and deploy it on my local web server.

So, up until now, this has worked fairly well for us. The problem comes when I want to restrict access to resources published in a particular web map (until now, everything I've deployed via WAB has been publicly accessible). I have tried setting the "sharing" option in ArcGIS Online for the web map to specific ArcGIS Online "groups". I can get this to work only after registering the locally-served app with ArcGIS Online and editing the config.json to include the "appId" generated after this registration process (otherwise, I get errors when attempting to login -see bug description below).

The problem I am coming across is that I am limited by the number of logins/users/seats/etc we have as an "Organization" within ArcGIS Online. So, let's say I want to be able to share my app with 50 members of my organization. Then I need to have 50 logins to my "Organization" in ArcGIS Online. I guess I don't understand why this is the case. I mean, I'm hosting the ArcGIS Server services (ie the data) locally and hosting the web app locally, so why do I need 50 logins just to be able to share my app with my colleagues? Maybe I am missing something here. Can someone please enlighten me if so?

*We are using Enterprise Logins in ArcGIS Online, so it's possible that the part where I have to register the downloaded WAB app is a result of that, as per the bug below (from ESRI):

Defect ID: BUG-000099402
Synopsis: Specifying credentials for an ArcGIS Online enterprise account to access applications created using Web AppBuilder for ArcGIS (Developer Edition) returns the following error, "The username or password you entered is incorrect."
Status: Not in Current Product Plan
Workaround: Use a built-in ArcGIS Online account when signing in to access the web application.
Public Explanation: For supporting OAuth or SAML login, the app needs to be registered and add the appid to config.json file. The guide is documented in readme.html file in the downloaded app, and the developers site: https://developers.arcgis.com/web-appbuilder/guide/xt-deploy-app.htm#LI_D74BFE27BEA64CF19D1667B5E88E...

Thanks,

Jay

RobertScheitlin__GISP · ‎10-13-2017

Jay,

The way I do this is:

Do everything like you have been doing for a public app.
Develop a .Net user based authentication app (you can find many samples/walkthroughs online).
Take the .Net apps Default.aspx and add the WAB apps index.html code to it.
Copy all of the WAB apps subfolders and other files into your .Net apps folder structure.

This does assume you have some .Net development skill.

I just thought I would throw this workflow out there for you to consider.

KafilBaig · ‎05-19-2019

Hi Robert,

I followed the steps given by you to create authentication app and copied all of the WAB apps subfolders and other files into my .net app folder structure.

When i run i get error as

Please let me know if i have to add anything other file or reference.

RobertScheitlin__GISP · ‎05-19-2019

Kafil,

Sorry I have no experience doing this using typescript and that 's what your errors are talking about.

JayGeisen · ‎10-16-2017

Thanks for the reply, Robert. I will have to look into this further. Is this an alternative to using a proxy or would you do both?

RobertScheitlin__GISP · ‎10-16-2017

Both

WarrenMedernach · ‎04-09-2018

I have done something very similar, but have some additional questions...

My current setup:

ASP.NET MVC app functioning with ASP.NET Authentication and works great.
Webmap and Web AppBuilder app designed on ArcGIS Online.
Downloaded the WAB app from AGOL and deployed on our own server.
- All my downloaded WAB apps are in a common location, and a virtual folder is added to the MVC app to point to the WAB app location
The webmap on AGOL is not currently secured

When we go live, I want to secure the the webmap on AGOL, but then this will cause the AGOL OAuth dialog to prompt the user to enter AGOL creds.

How can we avoid prompting the users again to enter an AGOL cred.

Any suggestions on a design pattern that would work here, would be greatly appreciated.

Warren M

RobertScheitlin__GISP · ‎04-09-2018

Warren,

You use a proxy with stored credentials in the proxy.config and because your MVC app is secured though .Net authentication the use of the proxy will be limited to those who have been authenticated already.

WarrenMedernach · ‎04-11-2018

Robert,

Thank you, thank you, thank you!

I've been avoiding the proxy configuration as I figured I didn't require it and I really didn't fully understand it. After some reading, digging, and more reading I now have a working sample setup and a better understanding.

I do have some further questions about accessing different secured content on AGOL with different AGOL users. In the proxy.config I have the serverUrl pointing to our company AGOL root domain: https://mycompany.maps.arcgis.com.

Can the proxy serverUrl be configured to point to specific content/itemIds on AGOL?
IOW, is there a way to configure the proxy to point to Content-A with User-A, and Content-B with User-B

Or is my thinking flawed in this methodology?

Thanks again for your insight!

RobertScheitlin__GISP · ‎04-12-2018

Warren,

Absolutely you can make the serverURL more specific for a certain resource and a password and username can be defined in each serverURL entry.