turbin

How to handle secured services for some users

Discussion created by turbin on Apr 11, 2012
Latest reply on Apr 12, 2012 by turbin
I started a new project and for now I only have a test environment on my local computer with Arcgis Server 10.

I have some secure services and some users are allowed to view them and some not. The security is set to be windows integrated authentication.
The challange is that all users must use the same homepage. This page will load all services and the goal is that only the services the users is allowed to will be visible for that user.

I thought I could handle this by only catching error 401.2 from the IIS when a user is denied but it seems like it doesn´t work although I through a debugging tool can see the error being fired.

Something like this
try
{
   Mylayer = new esri.layers.ArcGISDynamicMapServiceLayer("http://Myserver/ArcGIS/rest/services/test/Mylayer/MapServer");
   map.addLayer(Mylayer );
  }
catch(err)
  {
//Mark up  that the service is not loaded and just smoothly go on
  }

My second problem is that the layer is loaded even if I as a user shouldn´t have access to it. My username is not in the group that has access to it and the 401 error is correctly fired.

So first I need opinions on this being a good idea in the first place to trying to load all services even if a user is only authenticated to some? Is this an ok approach?

And secondly if anyone having an idea  on whats going on with my user accessing the secured layer even if 401 is fired? (Has it to do with me doing this on my local computer?)

Hope someone here can help

Outcomes