Maps and Apps Gallery Authentication Error

CraigMcDade · ‎07-11-2013

I'm getting some pretty weird behavior out of the maps and apps gallery suddenly. The application was working as suspected for a few weeks and suddenly I began to get an authentication error in the checklist.html, and the gallery stopped pulling the information from arcgis online.

Thinking it might have been caused by some edits I made to the JS, I downloaded the source code from Github and started from scratch. This made everything work again perfectly... for an hour.

Needing to have the website useful for a meeting, I did the same thing and re launched the application with fresh code so it would work, luckily it made it through the meeting, but after an hour it started getting the same authentication errors and would not load properly.

The proxy has a line of code:

<tokenDurationMinutes>60</tokenDurationMinutes>

that looks like it might be of interest since the time out happens after an hour, its just not getting the new token or re-authenticating.

Any help/workarounds/fixes?

MikeTschudi · ‎07-30-2013

Hi Craig,

It sounds to me, too, that the problem is related to the expiring token, but I can't reproduce it.

The proxy program looks for a token in its cache; if it finds it, it uses it to save the roundtrip to the authentication server; if there isn't one (because the proxy.ashx program changed, or the token never existed, or the token expired), it creates a new token and caches it. The cache expiration is set to the same UTC time as the token's expiration time.

I modified the proxy.ashx program to include some diagnostic headers and checked it into GitHub in the master branch. The diagnostics add headers to the response that the proxy.ashx program sends to the browser so that we can see some of the caching behavior. Since the diagnostics are optional, you'd set constant cShowAuthXHeaders to 'true' to turn on the headers.

The approach that I'd try is to first clear the token cache. The proxy.ashx program will do this for you if you rename/remove the proxy.config file from the site, and then access the proxy.ashx program either by refreshing the gallery or by calling the proxy directly, as in

http://<myServer>/<myGallerySite>/proxy.ashx

You'll see a 500 internal server error, but it will also tell you that the cache was cleared.

Next, restore the proxy.config file to the site and change the tokenDurationMinutes to something small, say 5 minutes or even 2 minutes. Refresh the gallery. Using Fiddler2 or Chrome's debugging Network tab or Firebug's Net tab, look for the network call

http://<myServer>/<myGallerySite>/proxy.ashx?http://www.arcgis.com/sharing/search

and look at its response headers. (It's a POST about 3/4 of the way down the network window in each of these three debuggers, after a large number of Dojo files.) The headers we've added (with sample values) are

X-AuthExpiration: 7/30/2013 7:06 PM UTC

X-FromCache: False

X-UTCNow: 7/30/2013 7:04 PM UTC

The first provides the expiration time of the token and the cached value of the token. The second indicates if the token came from the cache (true) or not. The third provides the current time in UTC for convenience.

If you refresh the gallery again before the token expires, you'll get the same expiration time, but you'll see that the token this time came from the cache.

X-AuthExpiration: 7/30/2013 7:06 PM UTC

X-FromCache: True

X-UTCNow: 7/30/2013 7:05 PM UTC

One more refresh, but this time after the expiration of the token, yields

X-AuthExpiration: 7/30/2013 7:09 PM UTC

X-FromCache: False

X-UTCNow: 7/30/2013 7:07 PM UTC

This should be what you're seeing. If all is OK here, we can add more diagnostic headers.

Regards,
Mike