If using the Web Adaptor is it really necessary to "secure" the published services?
customer will only consume services via the REST, so in my mind it seems a bit of overkill to secure the published services on top of running the web adaptor.
Users = Domain A
ESRI = Domain B (this is by design and cannot be moved to Domain A)
what would be the cleanest way to secure services....if they even nee to be secured at all?