Select to view content in your preferred language

How do we consume a secure GIS web service in a public facing GIS web app build uisng ArcGIS Maps SDK for JavaScript without any auth from user?

249
2
08-09-2024 07:58 AM
nikhilgiseng
Esri Contributor

This is a very common scenario that lot of developers must have pondered upon. We have a secured GIS web service that is accesible to limited users within our ArcGIS Enterprise. Now we want to use this service in an application built on top of ArcGIS JavaScript SDK. Now if we use this GIS web service directly in the JavaScript SDK a login popup will often be presented to the user whenever the application is initialized. Now the challenge is that the app is meant to be used without any login as it is for a wider audience base & the GIS service cannot be exposed publically also as it contains some sesnitive Information.

We want a solution which can allow us to use the secured GIS service in the public facing application without any login prompts from ArcGIS Enterprise & the serivice acces also needs to restricted as well to offer wider security & data integrity.

0 Kudos
2 Replies
nikhilgiseng
Esri Contributor

After doing a bit of research I found a workable solution to this trivial problem myself. The answer is to use a PROXY PAGE within my custom web application.

ArcGIS JavaScript SDK itself provides the functionality of configuring server side proxies within your web applications through the helper classes. The good part is that the functionality of Proxy pages can be harnessed not only in Esri Custom apps made using SDKs but also by various Esri web app builder plarforms as well like ArcGIS Web App Builder & ArcGIS Experience Builder.

ArcGIS Proxy will act as a Postman between your clients browsers and your web server which means that the request to the secured service shall pass via this postman i.e Esri proxy which will authenticate the service on users behalf with the help of embbeded token or credentials which will be inside your proxy file. This would ensure that the public facing web app access the secured service without challenging the user for any credentials. Proxy can also be configured in such a way that only whitelisted domains are able to access the proxy page such that anynomous access to proxy can be avoided which would ensure data integrity. 

Just make sure to place your secured GIS web service URL in the proxy.config file alsong with the credentials or token which will be used by your web server to authenticate the service on users behalf. The best part is that proxy can be configured in your environement for variety of web servers like IIS, Apache, Tomcat etc. Hence, irrespective of programming language you can harness the complete benefits of Esri proxy using ArcGIS JavaScript SDK. You might be worijg with .NET, JAVA, PHP React etc and still can use the Esri proxy & harness ithe benifits it provides.

Go through the following links & sample code for detailed understanding:

Documentation: https://developers.arcgis.com/javascript/3/jshelp/ags_proxy.html

Proxy Download Link: https://github.com/Esri/resource-proxy/releases

Sample Code: Attached

0 Kudos
nikhilgiseng
Esri Contributor

Would love to hear your take on the Post & provide your inputs.

0 Kudos