AnsweredAssumed Answered

Application-level token authentication

Question asked by csgeosol1 Champion on Jan 7, 2016
Latest reply on Jan 11, 2016 by csgeosol1

I'm looking to narrow availability of some map services utilized by my JSAPI application. I am using ArcGIS Server 10.3 on a local Windows/IIS install with proxy availability.

 

I have several applications on different domains and servers accessing the centrally-located ArcGIS Server resources, which are publicly available... I'd like to have it set-up so that only these applications can access the resources, but users shouldn't need to supply credentials - the idea is to make it difficult for a user to inspect the web requests to acquire the public resources outside of the application and poke around for data harvesting and hot-linking in non-sanctioned applications.

 

What's the best way to accomplish this? I've found several resources and write-ups on the topic, but I am still unclear as how to do this correctly and securely.

Outcomes