Arcgis server SOE for filtering service based on user

GeorgePapadakis · ‎10-14-2014

Suppose that i have a service based on a oracle spatial table. The table has an attribute with the username that has access rights to the specific row.

So when i hit the service through the javascript api i'd like the data to be filtered on the tokens username. I figured out how i can get the username inside the SOE using the following

Guid guid = Marshal.GenerateGuidForType(typeof(IServerEnvironment));

UID uid = new UIDClass();

uid.Value = guid.ToString("B");

IEnvironmentManager environmentManager = new EnvironmentManager() as IEnvironmentManager;

IServerEnvironment2 serverEnvironment = environmentManager.GetEnvironment(uid) as IServerEnvironment2;

string userName = serverEnvironment.UserInfo.Name;

IEnumBSTR roles = serverEnvironment.UserInfo.Roles;

string role = roles.Next();

do

role = roles.Next();

while

(role != null);

So how can i proceed in order to filter the data on the service

Thanks

George

nicogis · ‎10-14-2014

You can use method in IMapServer3 (QueryData, QueryFeatureData ect) . See sample Find Near Feature ArcObjects 10 .NET SDK Help

GeorgePapadakis · ‎10-15-2014

Let me explain my self i d like to extend the default behavior of a Feature Access capability with Create Delete Update on features but with the user filtering. I know that i can use "Enable ownership-based access control" but that doesn't fit my needs. So can i extend it or do i have to recreate the whole logic my self? If i have to, can somebody provide me some guidelines?

nicogis · ‎10-15-2014

What do you want to do in details?

GeorgePapadakis · ‎10-15-2014

Ok, so as i said i am building a web app with arcgis javascript api with editing capabilities. The spatial data are stored in an oracle db. Each spatial table has an attribute with the id of the prefecture that owns the record. In an other table i store the users and the prefecture that they belong to.

I publish the spatial tables to arcgis server as map services with feature access(update,insert,delete,query).

Also i have connected arcgis server with the local LDAP and every map service has assigned users and roles. The users in db are the same with those that are coming from ldap.

So when the user opens the web app i d like to see and update only the features that belong to his perfecture. I thought why not to do that in a transparent way by building an SOE. I can get the username from the token inside the SOE but i do not know how to proceed in order to query the user table get the prefecture id and then filter the map service.

I have good knowledge of arcobjects but it is my first time that i work with SOE.

Thanks

nicogis · ‎10-15-2014

with 'Enable ownership-based access control' you can then choose Operations allowed on features created by other users also 'Query' so users see only own data. (I advise you)

If you don't use this functionality you haven't overrides on capabilities feature access.

You can create a proxy that 'override' the request or soe that does functionality of 'feature access' (I don't advise: help create soe rest .net http://resources.arcgis.com/en/help/arcobjects-net/conceptualhelp/0001/0001000000mw000000.htm ) or in 10.3.x you can create a custom SOI (server object interceptor) for override request (here in http://proceedings.esri.com/library/userconf/proc14/tech-workshops/tw_689.pdf (page 8)). See also video at 10m55s http://video.esri.com/watch/3877/what-is-coming-in-arcgis-103-for-server-and-portal-for-arcgis

You can see the following short description and demonstration from the
DevSummit in Palm Springs: http://video.esri.com/watch/4230/arcgis-server-_and_-sois

Here you can see a sample using soi: https://github.com/mraad/ExportImageSOI or my blog http://nicogis.blogspot.it/2015/05/tutti-pazzi-per-il-soi.html