Setting up a proxy with Web AppBuilder for ArcGIS (Developer Edition)

19972
8
10-28-2015 09:35 AM
Labels (1)
by Anonymous User
Not applicable
3 8 20K
Welcome to part two! In our last blog post, we looked at how to set up a proxy to work with a JavaScript application. Today, we’ll be taking a look at the workflow to set up a proxy with Web AppBuilder for ArcGIS.

Please note: This blog assumes you have already downloaded, hosted, and properly configured a proxy. Unsure if you’ve done this? No worries; just follow the instructions HERE .


Just to recap, here are some reasons to set up a proxy with a Web AppBuilder application.
  • Access secured services with token-based authentication
  • Going across domains for your resources
  • Request exceeds 2,048 characters
  • O-Auth 2.0 app logins used
  • Enables logging
  • Both resource and referer based rate limiting

To make sure we’re all on the same page, let’s clear the murky water. A marvelous application has been created inside the Developer Edition of Web AppBuilder. Go ahead and double check to make sure that the application has been downloaded and deployed on a web server.

Two things are secured:
  1. An ArcGIS Online web map shared with the organization
  2. An ArcGIS for Server map service secured using ArcGIS Server built-in with ArcGIS tokens

In this example, we’ll have two challenges when we run the application: one, authenticating the secured web map and two, securing the ArcGIS for Server map service.

When we open the developer tools and take a look at the Network tab, we can see that the response returns a 403 error when accessing the ArcGIS Online web map. This is because by default, an anonymous user doesn’t have permission to access this resource.
networkTabChallengeWebMap-1024x667.png

challenge for securing a web map



For the second challenge, we see that in the Network tab, the application fails to load the service, returning a 499 token required error. This tells us that to access the content, we need to pass a token.
challengeForSecuredService-1024x724.png

challenge for securing an ArcGIS for Server map service



Alright, now we're ready to dive in!

1. In Windows Explorer, open the application's "config.json" file. configJSONFile-1024x602.png

2. At the very bottom of the file, there is a cozy spot to add the proxy rule to the application. useProxy_WebAppBuilder_20151028.jpg

The parameter useProxy (Boolean) is set to true by default. If it is set to false, all requests will not use a proxy.

The url (String) parameter is optional, which is the URL of the proxy location. When a request must use a proxy for a Cross Domain request, or a request is larger than 2048 characters, this proxy will be used.

The alwaysUseProxy (Boolean) is also optional and set to false by default. If set to true, all requests for communication to a REST endpoint will use the proxy set in the url parameter.

The rules (Object[]) parameter is also optional and, if set, defines specific requests that will use the proxy.

3. Since we have two secured resources, we can channel the requests through the proxy to authenticate. To do this, we need to add some proxy rules to the config.json file.
rules1-1024x475.png

proxy rules



The first rule is for the web map shared to the organization, and the second rule is for the secured ArcGIS for Server service.

The urlPrefix property tells the application that when you see this prefix in the request, use the proxy to access the resource. The proxyUrl property tells the application where the proxy is located.

Web maps can be shared with the organization, or not shared at all. By using clientId and clientSecret, we can authenticate the web map or resources inside the web map. If you are working with an ArcGIS Online hosted feature service, you MUST be the owner of that hosted feature service to authenticate using an app login.


4. Set up the serverUrls in the proxy.config file. Since we have two rules, we will also have two serverUrls.

When working with content secured in ArcGIS Online (such as a secured web map or a secured hosted feature service), it is highly recommended to use a client id and client secret to authenticate. We will be using an ArcGIS for Server username and password for services hosted on ArcGIS for Server.


Need help registering an application to get a client id and client secret? There are two ways to do this! The choice is yours, and yours alone...they produce the same results; it’s just your personal preference.
serverURL-1024x450.png

serverUrl in the proxy.config



Beauty! We added the proxy rules in the config.json and configured the serverUrl in the proxy.config. Make sure to save those two files and run the application in a web browser!runApp-1024x540.png

Look at that, you’re a *S*T*A*R* ! Now you’re a pro at setting up a proxy with Web AppBuilder! Have fun creating and designing beautiful apps!starApp1-1024x607.png
Marla K. & Akshay H. - SDK Support Services
8 Comments
Cook_CountyGIS
New Contributor II

I set up the DotNet proxy on the same machine as my app.

  1. Question: My webmap requires login and the application still prompts: "Please sign in to access the item on ArcGIS Online."  Is this expected?
  2. Question: The application at https://SERVER1/borOutreach works as it worked, without a proxy implemented.  How can I tell it is doing anything differently?  The dev tools show all traffic through https://SERVER1/borOutreach.

I set up the application's config.json with one rule:

"httpProxy": {
    "useProxy": true,
    "alwaysUseProxy": false,
    "url": "",
    "rules": [{
      "urlPrefix": "https://SERVER1/borOutreach",
      "proxyUrl": "https://SERVER1/DotNet/proxy.ashx"
    }]
  }‍‍‍‍‍‍‍‍‍

I set the proxy.config with one serverUrl:

<serverUrls>
   <serverUrl url="https://SERVER1/borOutreach" matchAll="true"/>
</serverUrls>

https://SERVER1/DotNet/proxy.ashx?ping returns 

{ "Proxy Version": "1.1.2", "Configuration File": "OK", "Log File": "Not Exist/Readable"}

But https://SERVER1/DotNet/proxy.ashx?https://SERVER1/borOutreach?f=pjson fails to load anything, looking for simpleLoader.js , init.js, env.js etc. at https://SERVER1/DotNet/fileName.ext

If I swap out http://esri.com for https://SERVER1/borOutreach in config.json and proxy.config, it loads the (poorly formatted) Esri webpage.

MarijeKootstra
New Contributor

I can't seem to figure out how to deploy my web app. 

For me, it is still unclear what the following parameters are for my app:

yourDomain
yourDomainName
yourSecuredService

I guess 'yourDomain' is "routeplannerpedestrianthesis". This is the domain I set in the Data Source URL (https://laptop-p9sbpmdc.routeplannerpedestrianthesis:3344/webbuilder ) in the settings of the web app. But if this is true, what is "yourDomainName", does this differ from "yourDomain"? In addition, I am also not sure what "yourSecuredService" could be. Below you can see my proxy.config file and my config.json file. Please let me know what I am doing wrong. For obvious reasons I deleted my ClientID, ClientSecret and username and password in the printscreen. In my webapp I make use of the Plan Route widget.

JessePapez
New Contributor

Bill, did you find an answer to this question?  I believe I may be experiencing the same issue the proxy gets my into the web map fine, but i'm challenged for the arcgis  login when running the analysis widget.

Thanks!

JP

WarrenMedernach
Occasional Contributor III

Is there additional settings/config to get this working on an Enterprise 10.6x instance with Portal and Active Directory authentication?

I have the proxy working on a 10.3 instance with no Portal and simple ArcGIS Server User Store, but on this new server instance it continues to prompt with the login page.

I have so far:
- installed the DotNet proxy files
- created the Application in IIS
- setup the serverUrl details in the proxy.config file using one of the ArcGIS user credentials (not an AD user)
- the proxy URLs test successfully:

   https://<my-server>/DotNet/proxy.ashx?https://my-server/portal/sharing/rest/content/items/<some itemID 1>

   https://<my-server>/DotNet/proxy.ashx?https://my-server/portal/sharing/rest/content/items/<some itemID 2>

   https://<my-server>/DotNet/proxy.ashx?https://my-server/arcgis/rest/services/<Folder Name>

So the proxy seems to be working, but it still fires the login page when hitting the web app?

Any ideas/suggestions would be greatly appreciated.

DharminNaik
New Contributor

Hello,

After performing all the steps you mentioned, I am still getting popup for Login using Username Password. 
Screenshot - 09bb900de3a61f481b47527b1cf0b308 - Gyazo 

My HttpProxy looks something like this.

"httpProxy": {
    "useProxy"true,
    "url""http://localhost/dist/",
    "alwaysUseProxy"false,
    "rules": [
      {
        "urlPrefix""http://organization.maps.arcgis.com/sharing/rest",
        "proxyUrl""http://localhost/DotNet/proxy.ashx"
      },
      {
        "proxyUrl""http://localhost/DotNet/proxy.ashx"
      },
      {
        "urlPrefix""http://route.arcgis.com",
        "proxyUrl""http://localhost/DotNet/proxy.ashx"
      },
      {
        "urlPrefix""http://services.arcgis.com",
        "proxyUrl""http://localhost/DotNet/proxy.ashx"
      }
    ]
  }

and Proxy.config look like this. 

<serverUrl url="http://geollect.maps.arcgis.com/sharing/rest"
clientId="sdsdsdsddffCCuDcgfdgfg"
clientSecret="dsdsdsdsdsdsds34e18gfgfgfgf"
matchAll="true"/>

<serverUrl url="http://utility.arcgisonline.com/arcgis/rest/services/Geometry/GeometryServer"
username="username"
password="password"
matchAll="true" />

<serverUrl url="http://services.arcgis.com"
clientId="sdsdsdsddffCCuDcgfdgfg"
clientSecret="dsdsdsdsdsdsds34e18gfgfgfgf"
matchAll="true"/>

<serverUrl url="http://route.arcgis.com"
clientId="sdsdsdsddffCCuDcgfdgfg"
clientSecret="dsdsdsdsdsdsds34e18gfgfgfgf"
matchAll="true" />


Can you help me here? 

DharminNaik
New Contributor

Hi, Did you get anything that worked for you ?

Please reply, It will be greatful

NikitaRanglani
New Contributor

How did you resolve the pop up issue ?

shaylavi
Esri Contributor

If you get a popup message to sign-in, it's either the proxy didn't trigger for the request or you don't have permissions to access some portal items through the proxy. You need to narrow the problem by accessing the resources through the proxy directly to understand if it works or not -

https://#proxy-url/proxy.ashx#?#resource-url#

and always work with fiddler or the network tab in dev-tools, to examine the response.

When creating an app with client id+secret, you delegate access to Portal for that user who created that app. if Portal items are not owned by/shared with that user who created the dev app, you will still not be able to access these portal items with the client id + secret