AnsweredAssumed Answered

How do I properly secure calls/layers in the javascript API using the token service

Question asked by danielp0086 on Jul 8, 2014
Latest reply on Jul 8, 2014 by dwtimmins

Currently I'm working on an implementation where my web application ( stack) communicates with an internal C# asmx web service which acts as a proxy to retrieve the key from the token service, store it in session, and pass it back as a cookie/json to the requesting client.  There is also logic in there to ensure they get back a token with integrity.


My problem is I am looking for a way to ensure that the cookie is safe.  I have the cookie set to HttpOnly and Secure.  The problem is of course I can't access the cookie via the javascript api.  Also due to security requirements appending the token to the url is not an option.  So I removed that and then just did the standard:


var token = {
  "server": "<internal domain hosting arcgis server>/arcgis/rest",
  "userId": "<username>",
  "token": result.d.Token,
  "ssl": false,
  "expires": result.d.Expires
};  ;


But when after I add the layers and initialize everything, the map is blank and when I try to forward or reverse geocode I get the error "Uncaught TypeError: Cannot read property 'wkid' of undefined"


Is there a better way of using the token to secure calls and layers made in javascript.