AnsweredAssumed Answered

Securing a map service

Question asked by dahsande on Apr 29, 2013
Latest reply on May 1, 2013 by dahsande
I have a 10.1 map service that I want to make secure. These are the steps that I took to secure it in ArcGIS Server Manager:

1. Created a role "PrivateServiceRole"
2. Created a user "PrivateServiceUser"
3. Granted "PrivateServiceRole" to "PrivateServiceUser"
4. Created a folder "PrivateService", checked "Require Encrypted Web Access", selected "Private, available only to selected users", added the role "PrivateServiceRole" to the Allowed roles list.

Here are the ArcGIS Server Security settings:

Configuration Settings
User Store: ArcGIS Server Built-in
Role Store: ArcGIS Server Built-in
Authentication Tier GIS Server
Authentication Mode: ArcGIS Tokens

Token Settings
Lifespan of Short-lived Tokens: 60 minutes
Lifespan of Long-lived Tokens: 1 day

I then viewed the service by logging in as "PrivateServiceUser" on the arcgis/rest/services page.

Is that all there is to it, or is there anything else that can be done to secure the map service?

For instance, in ArcGIS Server 10, I was able to go into IIS and set IP Address and Domain Restrictions and control which computers were able to access the page to get a token. With the Web Adaptor, that doesn't seem to be possible any more.