Question about token based security

Discussion created by hbostic on Dec 9, 2010
Latest reply on Dec 16, 2010 by hbostic
I am testing token based security on my dev server.  I have set up everything correctly but I have two issues that I can't seem to understand.  I have two ArcGIS Server instances running named ArcGIS (no security enabled) and ArcGISSecure with role based security from a full SQL Server

1. The two mapservices that I have caches for, only display in the services directory when I access them through the ArcGISSecure Instance.  These directories have "Everyone" level perms and I assumed that I could access the service using the ArcGIS instance like I do for my dynamic services.  Although I can use the ArcGISSecure instance as a work-around, I would like to understand why the other instance is not accessing the cache anymore (before the secure instance was setup, I was able to view the service in the services directory)

2.A bigger issue that I have is this:
I created a token to use for one feature service that will be used for browser editing.  The token is stored and accessed in my proxy page.  I can access the feature service by using: http://server/esriprox/prox.ashx?http://server/ArcGISSecure/rest/services/DNRECMSD/DNREC_Dynamic_Test_Edit_Secure/FeatureServer/0, or http://server/esriprox/prox.ashx?http://server/ArcGISSecure/rest/services/DNRECMSD/DNREC_Dynamic_Test_Edit_Secure/FeatureServer or http://server/esriprox/prox.ashx?http://server/ArcGISSecure/rest/services/DNRECMSD/DNREC_Dynamic_Test_Edit_Secure/FeatureServer/2

This is because in the proxy I have match all = true for the url http://server/ArcGISSecure/rest/services/DNRECMSD/DNREC_Dynamic_Test_Edit_Secure/FeatureServer which is the same url that I used to aquire the token.

When the request is made inside my FlexViewer app firebug tells me it is requesting this:
(notice the ?f=json on the end)
and the response I get is that the token is invalid.  Can anybody explain to me why this is the case.

Thanks in advance