Feature Access Security

Discussion created by upgraders on Feb 28, 2013
I pondered which forum/section I should post this, but ultimately I am using the JavaScript API to develop this application so I am hoping I can find some security savvy folks to help.

I manage some in house ArcGIS servers where we plan to host our own Feature access services. I have some map services that I want to allow authorized staff to create new point, lines and polygons using a web application hosted on another server. I can authenticate these users on this other server. The web application will use the REST API from the ARCGIS server for these edits, however I need a good simple way to protect the Feature Access from unauthorized/anonymous users from the Create/Edit/Delete operations.  

I don't want to use Windows Active Directory because we have a lot of public access to other map services which could interrupt current services. I also want to maintain access through the ArcGIS.com on these other public services, so any server level security changes need to be sensitive to this. I know I can set security specific to the entire service (Public or private) as well as folder specific permissions. I do have Roles for Users, Publishers and Admin that can use local and Active Directory but it starts to become very confusing. I am hoping for an easy way to implement a simple security measure to only allow access to my authenticated users, without extra steps for the users to make.

There is a lot of articles on ArcGIS security, which is part of my problem, there is just too much to understand.  I was hoping someone here could help guide me on how to set this this from the Web App to the ArcGIS server.