I am trying to secure a feature service by using Tokens with my Javascript API application. The documentation seems a little lax with the new token setup for 10.1 and I am having problems with connecting to my REST services.
For example in admin to generate the token, it asks for the HTTP referer:.. does it have to be the exact page, the Domain, can it be just the domain or Domain and folder, hoes it HAVE to be HTTPS or can HTTP work? In teh admin you can enter any # of Days but the drop down to create the token only has 1 year max.
Access to test the token without pulling my hair trying to figure it out. You use to be able to include the token in the URL
However I can't get this to access using my REST URL and the Token. To test, when I generate the Token, In the HTTP referer: I am using the URL of my ArcGIS server, 1 year and HTML format. but I try going to the URL in a browser. IT automatically redirects to the REST login page.
Hi! We have this working ASP.NET code: string sTokenUrl = "http://" + url.Host + "/gishpgen8/tokens/generateToken?"; sTokenUrl = WebUtilities.setParameter(sTokenUrl, "username", "*"); sTokenUrl = WebUtilities.setParameter(sTokenUrl, "password", "*"); sTokenUrl = WebUtilities.setParameter(sTokenUrl, "clientrequestid", "ip." + sClientIP); sTokenUrl += "&f=json"; string sJson = WebUtilities.loadJson(sTokenUrl); Newtonsoft.Json.Linq.JObject jobj = Newtonsoft.Json.Linq.JObject.Parse(sJson); if (jobj["token"] == null || jobj["token"].ToString() == "") { lblError.Text = "*"; HttpCookie cookie = new HttpCookie("ur"); cookie.Value = sTokenUrl; cookie.Expires = DateTime.Now.AddMinutes(nMinutes); cookie.Path = "/"; Response.Cookies.Add(cookie); // Add it to the header } else { HttpCookie cookie = new HttpCookie("agstoken"); cookie.Value = jobj["token"].ToString().Substring(0, 43) + "."; cookie.Expires = DateTime.Now.AddMinutes(nMinutes); cookie.Path = "/"; Response.Cookies.Add(cookie); // Add it to the header FormsAuthentication.RedirectFromLoginPage(txtLogin.Text, false); lblError.Text = "";
cookie = new HttpCookie("ipp"); cookie.Value = sClientIP; cookie.Expires = DateTime.Now.AddMinutes(nMinutes); cookie.Path = "/"; Response.Cookies.Add(cookie); // Add it to the header
cookie = new HttpCookie("ur"); cookie.Value = sTokenUrl; cookie.Expires = DateTime.Now.AddMinutes(nMinutes); cookie.Path = "/"; Response.Cookies.Add(cookie); // Add it to the header }
That for the help, I see you are dynamically requesting the token (I actually don't need to do this) how are you sending it to the GIS server to authenticate it? In other words, what are you submitting to the REST to get the resource service?
If it helps, I tested the "Request Ip" to generate a token and it works, so the problem is what exactly to enter in the HTTP Referer. I need to use this type of Client authentication NOT Ip based
what are you submitting to the REST to get the resource service?
I'm setting three cookies that are attached to each request: "agstoken", "ipp", "ur". May be last two cookies are optional. But this configuration works for me. I only copied situation after standard login from standard page: server/rest/login.
from flex i've never been able to get referrer to work, only one of the IP flavors (our app settled on request-IP). only seems to work via plain HTTP calls & then the referrer value didn't seem to matter anyway.