username of geoprocessing service user

KyleDixon · ‎02-23-2012

I need to log usage of a geoprocessing service inside the python script. Is there any way, inside the script, to capture the user who is using the service?
It is a secured service requiring authentication.
I'm using ArcServer 10.1

I have tried this:

import getpass
...
print(getpass.getuser())

It only prints 'arcgis', the arcserver admin account no matter who is logged in to use the service.

DarrinChristy · ‎02-28-2012

Hi Kyle,

Since ArcGIS Server accounts handle all the geoprocessing tasks, I don't think you will be able to get access to who is using the service. However, you may be able to use it to traceback to who is logged into the soc machine. In a multi-user deployment, this would not be very applicable, but I figured it was worth throwing out there.

KevinHibma · ‎02-28-2012

Just thinking out loud: I assume you have people using it from a web application which they logged into?
If thats the case you could add some another parameter to your service, and when its called from the web application (which has authenticated), have the user name passed in under the hood).
Or with any sort of web calls, you'll probably already have a token. So, however you got that token, can you some how get/send the account at that time?

If you're connecting via Desktop then you may have to look into ways to connect to the security store and do a query there.

Its an interesting question, but the answer will probably be driven by your exact workflow.

Also; you and Darrin are right - the Python code you have will simply show you the windows account running the Server instance (arcsoc.exe process). The tool which is executing has no knowledge of the GIS Server security, it simply knows it can run because you've already got past authentication.

KyleDixon · ‎02-29-2012

That is a good idea, unfortunately it is our customers web applications that are using the web services. I could require an additional parameter, but since they already have to log in it would seem hokey to then ask them for their username.

KevinHibma · ‎02-29-2012

No, I mean the web application keeps track of whos logged.
When the GP Service is called, its the web app that passes the "user name" parameter in. It would be transparent to the user.
But I guess that means you having to convince your customer to handle that bit of logic in their web app for you.

Again, just an idea - maybe someone else has done something like this and has a better way.

KyleDixon · ‎02-29-2012

It's easy for the web app to log use, but I don't own the web app. I need to log what the web app is doing.

I could require them to send their user name in, but they've just logged in so it seems redundant and would make me and ESRI look stupid. Plus they could very easily spoof their identity because I have no way to verify it.

I have an open ticket for this, going on 1 week now, when / if I get an answer I'll post it here.

KyleDixon · ‎03-08-2012

Finally got an answer.

"Python does not have a hook into the ArcServer so there's no way to tell who the user is that is using a service."

Not what I wanted to hear.

JakubOrálek · ‎06-10-2019

Hi. Few years ago I solved it by decripting token send by the GP Service. I prepared DecryptArcGISToken.exe console app that was called from inside a Python script. It uses ESRI.ArcGIS.TokenService.dll

Maybe there is something for Portal too, asuming majority of apps uses Portal authentication.