Client Access Policy for local services

KarenFolger · ‎01-22-2013

I had thought that I could not add my local map services to an ArcGIS online account. But there is some documentation about using a clientaccesspolicy.xml to allow the ArcGIS online application to gain access to my local map services. Where does one put that file exactly? Some say in the inetput/wwwroot folder, other's say??? Also, would one want to be specific about the URL allowed - say only www.arcgis.com/explorer so as to minimize any potential hacking?

MikeMinami · ‎01-23-2013

The ArcGIS.com map viewer can access local services, as long as the web browser is running inside your firewall. So you'll be able to display local services inside web map, while at your computer running inside your firewall. However, some functions of arcgis.com require that the service be externally available, like printing and editing. So these functions will not be available.

The clientaccesspolicy.xml file is specific to Silverlight applications and thus, is specific to ArcGIS Explorer Online. It allows explorer online to see the local serivces. In order for ArcGIS Explorer Online to access the services on a local ArcGIS server (one that is not publicly accessible), it must have a clientaccesspolicy.xml file in the web server's root directory. If you can access services in the ArcGIS.com map viewer but not in Explorer Online, then it is likely that there is a problem with the clientaccesspolicy.xml file on your server.

Here's a help topic with some information.

http://help.arcgis.com/en/arcgisexplorer/help/index.html#//01560000004p000000

thanks,

Mike

KarenFolger · ‎01-23-2013

Thanks for the reply, but the issue seems to be like described in the ESRI help doc, I can see the service in Arcgis.com but not in arcgis explorer online. I cannot seem to find the ACTUAL clientaccesspolicy.xml file on the server. But if I use the port number after the server name (http:server:6080/clientaccesspolicy.xml) then one displays. My question was, where does this file need to go (is it a inetpub/wwwroot?) and should it have the arcgis.com server name in it to protect from security violations.

Thanks, Karen

KarenFolger · ‎01-23-2013

Another potential issue is that we are not using the web adapter and so have to specify the port # for services. I copied the xml to the root of inetpub/wwwroot. I could then see the file with just the server name, but arcgis online still could not see the services.

RexHansen · ‎01-23-2013

Hi Karen,

A client access policy file must be present at the root of a web server. If IIS, often the physical folder that cooresponds with the web site root is c:\inetpub\wwwroot. If you're using the web server included with ArcGIS Server, the physical folder that cooresponds with the web site root may be c:\program files\arcgis\server\framework\runtime\tomcat\contents\rootapp. Here's some additional information on working with service across domain boundaries in Silverlight: http://msdn.microsoft.com/EN-US/LIBRARY/CC197955(VS.95).ASPX

Hope this helps,
-Rex

KarenFolger · ‎02-05-2013

Does anyone actually know what the line of code in clientaccesspolicy.xml would look like to grant arcgis.com/explorer access to your local services?