|
POST
|
Very simple question, I would like to know if anyone has success taking a webmap offline in Collect that contains a feature service with stored credentials? 1. publish a feature service on your 10.2.2+ server, make sure to enable Sync in the feature service capabilities. 2. secure it with "traditional" GIS-tier authentication (ArcGIS Server built-in username/password) that uses tokens 3. Login to your organizational ArcGIS.com account 4. In 1 of the folders under "my content", click add item / from the web 5. Enter the REST endpoint URL to your feature service, then hit Tab key 6. Enter valid credentials to access the service 7. make sure to select "Store credentials with service item. Do not prompt for authentication" 8. Enter name, tags, ect... then Add Item 9. If login box pops up, enter valid service credentials again. 10. Add this item to a new webmap and save webmap as TEST 11. Share both the feature service item and webmap with a group or your orginization 12. Login to your organization using Collector for ArcGIS 13. click the cloud download button on the TEST webmap you saved in step #10 During the map download in Collector, do you get an error? My testing says YES. Why? Because you have credentials stored with the item you added to ArcGIS Online. Follow exact same workflow, but this time, on step #7 select "Do not store credentials with service item. Prompt for authentication everytime." During the map download in Collector, do you get an error? My testing says NO. Because credentials are not stored with the feature service item.
... View more
01-15-2015
01:52 PM
|
2
|
28
|
15505
|
|
POST
|
we have server 10.3, and I was unable to sync attachments from iOS to a feature service that was versioned in SDE. Follow this workflow, I bet sync with attachment will work. 1. create new SDE geodatabase, feat. dataset and feat. class 2. add globalIDs 3. enabled archiving 4. enable attachments 5. publish service with sync enabled 6. add feat. service as item in Arcgis.com, DO NOT store credentials with the item if service is secured. BUG-000084538 was logged yesterday. Support helped me to determine storing credentials with secured services when added to arcgis.com was causing issues with collector. 7. create webmap with your newly added item 8. share both service and webmap 9. take offline with collector, create points, take photos with camera 10. sync. 11. this workflow works every time, no issues. Key items: NO versioning, NO storing credentials.
... View more
01-15-2015
09:28 AM
|
3
|
2
|
2669
|
|
POST
|
Currently running ArcGIS Server Standard Workgroup 10.1 with ArcGIS Online (AGOL) Organizational account as the portal. Problems: -Do not like built-in ArcGIS Server users/groups vs. AGOL named users/groups -The separate workflow of manually adding ArcGIS Server services to AGOL, then sharing them again with AGOL named users/groups -I will miss the unlimited number of ArcGIS Server users/groups I understand the solution to this is to federate the ArcGIS Server to your portal. I understand the 3 levels of integration between ArcGIS Server and Portal for ArcGIS. Explained here: Levels of Integration Do these same integration levels exist between ArcGIS Server and AGOL ? My gut feeling is to wait until 10.3 Portal for ArcGIS is released (complimentary at 10.3 with 5 named users given our ArcGIS Server Standard Workgroup license), then switch our portal method away from AGOL to Portal for ArcGIS. However, I'm concerned about hardware capacity. Max of 3 simultaneous users, pretty lightly used. Everything on same dual-core box - any experience with this type of setup? Portal for ArcGIS Designated hosting server for Portal SQL Server Express Managed enterprise geodatabase ArcGIS Server 2x web adapters Any comments/feedback?
... View more
10-31-2014
11:12 AM
|
0
|
0
|
4093
|
|
POST
|
We have a potential need to authenticate to our gis server using PKI, in particular, using DoD CAC cards. We're still on 10.1 but should this move fwd we would upgrade to 10.2.2 and config portal. after initial. Research, I've been made aware of the DoD requirements for CLR checks, (which in itself I've read is problematic). The portal and GIS server would be on our LAN, as well as AD Server. in a fundamental sense is it as easy as: 1 installing DoD root ca as trusted cert. in IIS 2 enabling client Cert. mapping in AD 3 mapping each users client cert in AD im assuming all portal hosted web apps. would also auth. Using PKI directly, rather than logging into portal first, then launching the web map app? like I said, this is an education endeavor at this point. Thanks
... View more
07-18-2014
07:41 AM
|
0
|
0
|
3823
|
|
POST
|
dbecker88 if I may ask you or others: I'm trying for the first time to set up security. We have one service we want to use with tokens. Just http for now. (https later). We set up SQL database with some users and roles and enabled anonymous user roles. I turned it to http following the docs - http://help.arcgis.com/en/arcgisserver/10.0/help/arcgis_server_dotnet_help/index.html#/Setting_up_users_and_roles_in_SQL_Server/0093000000q0000000/ <Web server root>\ArcGIS\Tokens\web.config and other two files updated fine. Note.. there was no space in the second key line, make sure to check spaces pasting in the AppSettings keys! We turned on the token service. I can get to our token service page fine with http://ourserver/tokens/gettoken.html That generates a token fine. However in our site and on the sample Sandbox (http://developers.arcgis.com/en/javascript/sandbox/sandbox.html?sample=widget_identitymanager_client_side) ... the user / role we created for this Service fails. I included Identity Manager and the local storage stuff from the sample (we want local storage for now, maybe proxy later..) It pops up as it should, asks for credentials. But when I enter the user /pass it says "Unable to access the authentication service. " However... when I turn the service Permissions in ArcGIS Server Manager to "Everyone" it works just fine! Interestingly though I noticed this secure service half-works on ArcGIS.com. I spied on it in F12/Firebug network connections and saw it got a token (the token at the end of the URL). However popups do not work. Even with everyone access. But that is fine, popups work with Everyone access in our site. It's only when we lock it down to the secured User that it fails, "Unable to access the authentication service." Anyone seen this? Called tech support, we couldn't fix it, we tried making a new user, new service/.msd, etc. Still happens. In fact I took the sample, but just stuck my secured service in it, same error. As both FeatureLayer and Dynamic. Will keep working on it, post results back... trying to remember back to server 10....we also really struggled with the initial setup of sql users/roles. IMO, if you have the ability, upgrade to 10.1 and scrap sql users/roles. The integrated 10.1 user/role store is 100% easier and doesn't require sql. When we upgraded, I ended up having to re-enter 100's of users into the integrated 10.1 security store, but it was well worth it IMO. The 10.1 manager is also 100% better. Back to 10...are you able to successfully connect to sql database in manager? When you assign a role to your service, (i can't remember exact steps) but we had 2 locations that roles were displayed, local and domain **i think**. If we added the role from one, it wouldn't work, but from the other it did. This was because the GIS server was also a AD domain server. this isn't a JS problem, it's a server 10 .NET config issue
... View more
05-07-2013
12:47 PM
|
0
|
0
|
2526
|
|
POST
|
And if it's OK I'll jump on this bandwagon -- anyone using server-side authentication with ESRI secured REST services, via ASP.NET, and have it up as a site we could check out? So, instead of a second popup for credentials it just uses the ones you already provide if you log in to the standard Windows Forms ASP.NET site (with the Log In on Site.Master and SQL Server database backend functionality). We have API 3.4 with Arc 10.0 Sp5 secured REST service now. We are testing with Identity Manager but it'd be nice to piggyback on the built-in ASP.NET authentication mechanism. I guess in referring to this http://help.arcgis.com/en/webapi/javascript/arcgis/jshelp/ags_secureservices.html it may (does?) involve a proxy page? Haven't played with those, we've attempted to stay away from it until we really need it. If we figure this out we'll post back here, too. In a round-about way we're in the process of doing something similar. Rather then a 100% custom solution, we are still using the built-in esri Token security mechanism. This is all for a one-time login. If the user originates from an "already secured site" they have permission to view the js app. But, we dont' have access to the "already secured site's" auth. mechanism. So, here's how we handle it.
external site--> server out of our control
user clicks link to js app--> server out of our control
jquery ajax fires call to .ashx handler--> server out of our control
server side .ashx handler grabs client IP--> server out of our control
.ashx handler sends client IP to ourServer.php script via url post--> our server
-ourServer.php checks ip of incoming call,
-if from accepted IP, requests a token from the GIS Server using hard-coded creds.
-stores token, client IP and random gen. key in sql db
- returns random key to .ashx handler
.ashx handler returns key to ajax success handler-->server out of our control
jquery appends key to js app link href attribute-->server out of our control
js app checks for key when the user arrives at site--> our server
-if a key is found, the proxy.php page query's sql db, and retrieves the previously stored token using the key and client IP
-if key and client IP match, return token to js app
js app loads token using the same method here: http://help.arcgis.com/en/webapi/javascript/arcgis/jssamples/widget_identitymanager_client_side.html
-if the token is valid and not expired, the identityManager will handle the credential and not prompt for login
if for some reason the https://oursite/jsLInk?key=aRandomstring is emailed to a dif. user, and they try the link within 60mins (token expiration) of when the orig. user clicked on js app link, it won't work because the proxy.php script on our server wont' retrieve the token from sql db because client2 has a dif. IP as what's associated with the key that client2 is passing
... View more
05-06-2013
07:44 AM
|
0
|
0
|
1138
|
|
POST
|
Just having a look at the identity manger for securing services - http://help.arcgis.com/en/webapi/javascript/arcgis/jsapi/identitymanager.html And wondered if anyone has done much customisation around this and how to do it e.g. Change to jQuery popup, changing text that appears in login popup, don't show again checkbox? Cheers 🙂 haven't swapped out the dialog, but I did change the text by adding this to init function. If you do customize text, make sure and maintain the ${server} and ${resource} params, otherwise the dialog doesn't work. esri.bundle.identity.info = "If you have not received a login, please contact this person. <br><br>[email protected] ${server} ${resource}";
... View more
05-06-2013
07:28 AM
|
0
|
0
|
1138
|
|
POST
|
have an app with 30 or so featLayers. After a user search findTask fills a dataGrid with up ~100 rows, dataGrid onRowClick handler creates a new extent from the graphic point and map.setExtent navigates/zooms to point. The dataGrid rows are points in states, Arkansas AR and California CA for example. in IE9 ONLY if newExt is inside the visible scale of the featLayers, it will work when onRowClicking points in the same state, CA for example. But, as soon as you click an AR point, the basemap goes white. Doesn't matter what basemap, topo, bing aerial, ect... If I change the new extent to -1000 this is outside the visible scale of the featLayers and you can click on any point and everything works great. Could anyone suggest a solution?
function onRowClickHandler(evt) {
var clickedFac = grid1.getItem(evt.rowIndex).aField;
var selectedFac;
dojo.forEach(hoverGraphicsLayer.graphics, function(graphic) {
if ((graphic.attributes) && graphic.attributes.aField == clickedFac) {
selectedFac = graphic;
return;
}
});
var xMin, yMin, xMax, yMax;
xMin = selectedFac.geometry.x - 600;
yMin = selectedFac.geometry.y - 600;
xMax = selectedFac.geometry.x - -600;
yMax = selectedFac.geometry.y - -600;
var newExt = new esri.geometry.Extent(xMin,yMin,xMax,yMax,map.spatialReference);
map.setExtent(newExt);
//map.centerAndZoom(selectedFac.geometry, 16); //wouldn't fire every time a dataGrid row is clicked
}
... View more
05-03-2013
11:56 AM
|
0
|
0
|
807
|
|
POST
|
workaround: the only way I knew of detecting whether the stored token was invalid was to send an esri.request to the service. If the error callback gets fired the token is either invalid or expired. At this point, the user needs to log in regardless, so just to be sure the identityManager calls the tokenServiceURL, we manually edit the stored token to be expired then refresh the state of the identityManager so it prompts for signIn.
function loadCreds() {
var def = new dojo.Deferred();
var idJson, idObject;
if (supports_local_storage()) {
idJson = window.localStorage.getItem(credential);
} else {
// read from a cookie
idJson = dojo.cookie(cred);
}
if (idJson && idJson != "null" && idJson.length > 4) { //proceed with loading credential
idObject = dojo.fromJson(idJson);
var token = idObject.credentials[0].token; //token that was stored
//query used to test if loaded token is valid
var url = "https://mygis.server.com/arcgis/rest/services/folder/service/MapServer/0/query";
var req = esri.request({
url : url,
content : {
where : "aField='aValue'",
f : "json",
token : token
}
}, {
useProxy : false
});
function success(data) {
esri.id.initialize(idObject);
def.resolve("valid token loaded");
}
function error(error) {
idObject.credentials[0].expires = 0000; //manually edit the loaded cred expireDate so the identityManager properly calls tokenService URL for new token
esri.id.initialize(idObject);
def.resolve("token invalid or expired");
}
req.then(success, error);
}
else{
def.resolve("not loaded");
}
return def.promise;
}
var firstProcess = loadCreds();
firstProcess.then(function(loadCredResults){//wait for stored credentials to load
return secondProcess();
}).then(function(secondProcessResults){//wait for the secondProcess
finishInit();
});
... View more
05-03-2013
11:44 AM
|
0
|
1
|
2526
|
|
POST
|
confirmed; if you set the "expires" value for the credential in localStorage to to a past timestamp, then browse to the app, the credential is loaded from storage, identityManager signIn dialog appears, and you can sign in normally. i.e. The tokenServiceURL is called like it should be. So, why isn't the tokenServiceURL called when the token in storage is invalid and not expired? Why does the stored token get corrupted, obiv. outside of manually corrupting it?
... View more
05-02-2013
11:13 AM
|
0
|
0
|
2526
|
|
POST
|
followed the example on how to persist identity manager info using local storage or cookie. http://developers.arcgis.com/en/javascript/jssamples/widget_identitymanager_client_side.html I've discovered a problem, occasionally you come back to the JS app using FireFox and you are prompted with identityManager signIn dialog. You enter valid credentials, the modal signIn disappears, then re-appears with an error: "this value is required" for the password field. I was finally able to reproduce the problem, you can perform these steps with the above sample: 1. login to js app normally by supplying valid credentials 2. close the tab or browser; dojo.addOnUnload() stores the current, valid, credential object in localStorage as a string 3. locate the string in localStorage (i used SQLite Manager extension in FF) 4. change a single character in the token, you essentially in-validate the token 5. new tab in FF, try to login to the js app; you will be presented with the password error on the signIn dialog Step 5 above, firebug never shows a call to the token service to obtain a new token. After pressing the OK button on the signIn dialog, all the layers are attempting to be accessed with a URL qString like so: https://servicesbeta.esri.com/ArcGIS/rest/services/SanJuan/TrailConditions/FeatureServer/0?f=json&token=theInvalidTokenYouEdited I assume the token service is not called because the token that was loaded from localStorage is not expired, it's just invalid. any advice on how to force identityManager to acquire a new token when the token in localStorage is invalid? thanks.
... View more
05-02-2013
10:09 AM
|
0
|
6
|
3421
|
|
POST
|
and public accounts can't share private data with other public accounts, when we used to be able to. Unfortunately, this is always how "free" services eventually become. Unless you dev. the solution, you dont' have control over it...even if you purchase several licenses for desktop & server.
... View more
03-29-2013
02:19 PM
|
0
|
0
|
1191
|
|
POST
|
I've been asked why do we need a subscription for ArcGis Online when we have an ArcGis Server with an Enterprise license. What are the advantages of ArcGis Online over an ArcGis Server, if any? I need a business reason to justify the expense of the subscription. A few months back I attended an ArcGis Online demo and I asked why you still needed an ArcGis server if you have an ArcGis Online subscription. And the answer was ArcGis Online didn't yet offer all the features that a server provides. Is there a matrix that details the differences in the features between the two. I work as a sys admin who manages the ArcGis Server. I'm not a Gis Desktop Analyst with an in depth knowledge of the product gained from working with it eight hours a day. Thanks this is a great question. Back in 2012 when we purchased a new server and ArcGIS for Server Workgroup, we would have been much ahead if we would have gone the arcgis online subscription route. Now we're stuck with a $10k setup that has limited functionality and told to purchase more. I guess 1 nice thing about having your own server is you don't have to mess with credits and a limited ammt. of users...or atleast with v 10.11, this is probably coming in 10.2
... View more
03-22-2013
11:30 AM
|
0
|
0
|
1423
|
|
POST
|
Hopefully this helps someone in the future... ended up using the 1st method; checking the referrer. If any referrer exists and the user doesn't have a good existing cred in storage, an esri.request is made to pass referrer to the proxy for handling. If all checks pass, return a token, which then gets stored as cred. here's the js
var cred = "esri_jsapi_id_manager_data";
function init() {
loadCredentials(); //see if cred. already exists for this session
esri.config.defaults.io.proxyUrl = "proxy.php";
esri.config.defaults.io.alwaysUseProxy = false;
var process = function(ref) {
var def = new dojo.Deferred();
if (ref != "" && esri.id.credentials.length == 0) {
var refToken = esri.request({
url : "https://gis.ourdomain/arcgis/", //any url that's proxied in proxy
content : {
ref : ref
},
handleAs : "json"
});
function success(res) {
var idObject, idJson;
if (res.token != 'noToken') {
var serverInfo = {
"server" : "https://gis.ourdomain.com",
"tokenServiceUrl" : "https://gis.ourdomain.com/arcgis/tokens/",
"currentVersion" : 10.11
};
var securedServices = [];
//i guess this doesn't have to be a complete list
securedServices.push("https://gis.ourdomain.com/arcgis/folder/MapServer/0");
var creationTime = (new Date).getTime();
var idString = dojo.toJson({
"serverInfos" : [serverInfo],
"credentials" : [{
"userId" : 'auser', //user that was hard coded
"server" : serverInfo.server,
"token" : res.token,
"expires" : res.expires,
"ssl" : false,
"creationTime" : creationTime,
"resources" : securedServices
}]
});
if (supports_local_storage()) {
// use local storage
window.localStorage.setItem(cred, idString);
idJson = window.localStorage.getItem(cred);
} else {
// use a cookie
dojo.cookie(cred, idString, {
expires : 1
});
idJson = dojo.cookie(cred);
}
if (idJson && idJson != "null" && idJson.length > 4) {
//load the credential
idObject = dojo.fromJson(idJson);
esri.id.initialize(idObject);
}
def.callback("loaded");
}
else {
def.callback("not loaded"); //proxy didn't return token for 1 reason or other
}
}
refToken.then(success);
}
else {
def.callback("not loaded"); //no referrer or already logged in
}
return def;
}
var ref = document.referrer;
process(ref).then(function(response) {
//continue adding layers, ect...
})
}
heres the pertinent parts of the proxy.php
$targetUrl = $_SERVER['QUERY_STRING'];
$parts = preg_split("/\?/", $targetUrl);
$targetPath = $parts[0];
$qStringArr = array();
parse_str($parts[1],$qStringArr);
// open the curl session
$session = curl_init();
if(array_key_exists('ref', $qStringArr) && $qStringArr['ref'] != ''){
//esri.request call with referrer
if($qStringArr['ref'] == 'https://theReferrer.com/imLookingFor.html'){
$data = array(
'username' => 'auser',
'password' => 'auserpassword',
'client' => 'ip', //for dev only, switch to http referr on production
'ip' => '123.123.22.41',
'expiration' => '60',
'f' => 'json'
);
$postData = http_build_query($data);
$targetUrl = "https://gis.ourdomain/arcgis/tokens/generateToken";
}
else{//referrer didnt match, return junk response
echo json_encode(array('token'=>'noToken'));
exit;
}
}
else{
//continue w/ normal proxy call
$postData = file_get_contents("php://input");
}
//omitted cURL options array
$response = curl_exec($session);
echo $response;
... View more
03-22-2013
08:50 AM
|
0
|
0
|
1789
|
|
POST
|
that could be the reason why you can't edit existing features. I'm using a feature service. As a test you could add this to your web map using the add -- layer from web -- http://sampleserver5.arcgisonline.com/ArcGIS/rest/services/Energy/HSEC/FeatureServer/0 This is a sample featureService from esri.
... View more
03-22-2013
08:25 AM
|
0
|
0
|
1877
|
| Title | Kudos | Posted |
|---|---|---|
| 2 | 3 weeks ago | |
| 1 | 05-02-2024 04:44 PM | |
| 1 | 11-04-2025 11:45 AM | |
| 1 | 10-31-2025 06:53 AM | |
| 1 | 02-06-2019 06:41 AM |
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|