Encrypt proxy.config file

5734
8
06-08-2011 10:27 PM
roufbaba
New Contributor III
How can I encrypt the proxy.config file that is provided with the proxy handler? the issue is that all the user credentials are stored there in plain text. Is there any scope so that it should behave like web.config file where we can encrypt section like connection string.

Early reply will be much appreciated.



Regards
Rouf
0 Kudos
8 Replies
PrashantKhanal
New Contributor
I think you can tackle this by creating custom section in the web.config file that stores the server info. Once you create custom section, you can encrypt and decrypt the section just like you do for other sections in the web.config file using aspnet_regiis.

I don't think you can apply that to the proxy.config that comes with the proxy handler.

Here is an article on how to create custom section in asp.net.

http://msdn.microsoft.com/en-us/library/2tw134k3.aspx
0 Kudos
roufbaba
New Contributor III
Dear Prashant ,
Thankyou very much for the reply. I am aware that we can encrypt the custom section in web.config. This is the workaround that I have to implement. But, What I am not sure that proxy.config being a .config file can also be encrypted some way.


Thanks again for your reply.

Regards
Rouf
0 Kudos
AndrewCullen
Esri Contributor

Hi Rouf,

I know it's a couple of years since your question, but did you ever come across a solution for directly encrypting the proxy.config file?

In your work-around with the Web.config, did you need to write additional code in the proxy.ashx to read from web.config?

Regards,

Andrew

0 Kudos
HelenZhou
Occasional Contributor II

Define "proxyUser" and "prxyPwd" with the username and password in the appSettings in web.config. Then modify the proxy.ashx file - set usrName=ConfigurationManager.AppSettings["proxyUser"] and usrPwd=ConfigurationManager.AppSettings["proxyPwd"]; Then replace in proxy.ashx wherever there is username and password with the usrName and usrPwd.

YangCao
New Contributor II

Hi Helen, I followed your steps. But after I made the code changes, I started seeing the prompt for the provisional layers.

The Provisional layer is the editable layer. The application will connect through the GIS proxy to get the username and password to go and generate a token for the session and allows the application/editor to make and save changes to the layer.

 

Instead of making a request with the proxy, the application seemed to be going directly to ArcGIS server and that is when the prompt would appear.

Do you any idea of what causes the login dialog prompt? 

Many thanks.

- Yang

0 Kudos
HelenZhou
Occasional Contributor II

Yang, is the feature service published in a standalone ArcGIS server or federated GIS server? If it is in the federated GIS server, you may need to provide more information like tokenServiceUri together with username and password. This is because the token is generated in the Portal for ArcGIS, not the GIS server. You will also be able to debug the application in IDE like Microsoft Visual Studio to find out if the username and password is passed to the proxy.ashx file and why you are still prompted for authentication.

YangCao
New Contributor II

Hi Helen, the feature service is published in our own GIS server, but we do have the tokenServiceUri together with the username and password. We stored the username and password in the proxy.config file. A sample code is shown below:

---------------------------

<serverUrl     url="https://XXX:6443/arcgis/rest/services/PWS/Public_Water_Service_Areas_Provisional"
matchAll="true"
username="XXX"
password="XXX"
tokenServiceUri="https://XXX:6443/arcgis/tokens/">
</serverUrl>

------------------------- 

I notice that the app which uses the GIS proxy can run without the login prompt on my local machine when I debug the code (https://localhost/apps/AppName/ ). But it throws the login prompt when I ran the app on the development version website(https://dev.XXX/apps/AppName ). So I am wondering if you modify any settings in the IIS or other places that I need to do the same to make it work. Thank you. 

0 Kudos
SimonFisher
Occasional Contributor II

Wondering if anyone ever came up with any other solutions for this problem?  Or successfully encrypted sections or all of the proxy.config?

0 Kudos