bb1769

Using secured asynchronous GP task fails with unauthorized access

Discussion created by bb1769 on Dec 24, 2010
Latest reply on Jan 3, 2011 by bb1769
I'm using a geoprocessing task to access a secured GP service. It's an asynchronous service, so I'm calling submitJob on the task. However, in the application it returns an error with a 400-code "Unauthorized access" message. I can use the task successfully in the Services Directory.

I traced the calls with Fiddler and see that the submitJob is actually in two steps. First it calls /submitJob and includes the token=xxxx parameter. That returns a 302 redirect response with a URL for the client to call. That URL does not contain the token. The client uses that URL as-is and doesn't append the token to it. Sooo there's no surprise that the response is unauthorized access. In the Services Directory case, on the other hand, it's inserting the token into a cookie with each request, which the server accepts in lieu of a token in the query string.

I found a posting from last year along these lines: http://forums.esri.com/Thread.asp?c=158&f=2396&t=276750&mc=6#msgid855820. Apparently it only affects asynchronous GP tasks, due to this redirect behavior.

Any way to get around this? The 302 redirect may not even get to the code at all, instead being handled by the browser. If that's the case there's nothing that can be done at the client level (JS API or my application). The only possibility might be for the server itself  to append the token to the redirect URL.

Outcomes