identitymanager &amp;amp; proxy

AlbertoAloe · ‎07-26-2013

Sorry guys...
I know that this has been asked several times.....but reading all the posts increased my confusion instead of solving the issue

My configuration is:

ArcGis Server 10.1 with WebAdaptor

SSL set on the ArcGIS Server and IIS 7.5 (at the moment with the home made certificate)

Token based authentication

I'm making some planning about the following scenario.

I need to workaround the issue related with Internet Explorer 7-9 when using IdentityManager as explained here http://forums.arcgis.com/threads/72265-IdentityManager-quot-Aborted-Sign-In-process...-quot-with-cre.... Basically I'd like to offer IE 7-9 users the possibility to authenticate themselves against the ArcGIS Server in the web application through the use of IdentityManager (exactly like Chrome and Firefox without using the proxy). I do not want to do authentication at the application level.

Is it possible or do I have to embed username/password (or token) in proxy.config ?

If it is possible where can I download the most updated proxy files ? How can I set proxy.config in order to access my secure services and my ArcGIS Online for Organizations web maps ?

Thanks

Alberto

JohnGravois · ‎08-01-2013

just a guess, but maybe this is caused by a lack of trust in the SSL certificate on your own machine?

View solution in original post

JohnGravois · ‎07-26-2013

in the thread you mentioned, Kelly was suggesting the use of a proxy that does not store credentials or a token in order to assist in passing an IdentityManager request with dynamic credentials from the client to generate a token.

in short. for IE, you need a proxy, but you don't need the proxy to authenticate on behalf of the end user.

does that make things more clear?

our most recent proxy can be found here. you only need to configure it to allow requests to be made to your own ArcGIS Server instance (like below).

<serverUrl url="http://yourserver/arcgis/rest/services"
               matchAll="true">
</serverUrl>

AlbertoAloe · ‎08-01-2013

Thanks John..

I'm back today and I'm making some testing. I'm experiencing the following

Web app pointing to a secured arcgis.com web map works fine. The proxy does the job and identiymanager asks for credentials correctly even in IE 7/9

Web app pointing to a secured service on the same server hosting the app does not work. I get error 500 trust failure when accessing the service

The message in firebug is :

500 TrustFailure
  323ms 
/jsapi...ompact/ (line 15)
"NetworkError: 500 TrustFailure - https://dmzarcsrv001/proxy/proxy.ashx?https://dmzarcsrv001/arcgis/rest/services/Test/Scratch/MapServer?f=json&dpi=96&transparent=true&format=png8"

When testing the proxy it works fine with any url I declare in proxy.config except for arcgis server. Am I missing something ?

In attachment simple html example and proxy.config.

Thanks

Alberto

AlbertoAloe · ‎08-01-2013

...I'm adding the code in the text as well..

html page..

<!DOCTYPE html>
  <html>
  <head>
  <title>Create a Web Map</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=7, IE=9, IE=10">

  <link rel="stylesheet" type="text/css" href="https://serverapi.arcgisonline.com/jsapi/arcgis/3.5/js/esri/css/esri.css">
  <style>
    html,body,#mapDiv,.map.container{
      padding:0;
      margin:0;
      height:100%;
    }
    #legendDiv{
      background-color: #fff;
      position: absolute !important;
      z-index: 99;
      top:10px;
      right:20px;
    }
  </style>

  <script>var dojoConfig = { parseOnLoad:true };</script>
  <script src="https://serverapi.arcgisonline.com/jsapi/arcgis/3.5compact/"></script>
  <script>
    dojo.require("esri.map");
    dojo.require("esri.arcgis.utils");
    dojo.require("esri.dijit.Legend");
 dojo.require("esri.IdentityManager");

    var map;
  
    function init(){
 
 esri.config.defaults.io.proxyUrl = "https://dmzarcsrv001/proxy/proxy.ashx";
 esri.config.defaults.io.alwaysUseProxy = true;
 
      map = new esri.Map("mapDiv", {
      center: [-56.049, 38.485],
      zoom: 3,
      basemap: "streets"
    });
 var dynamicMapServiceLayer = new esri.layers.ArcGISDynamicMapServiceLayer("https://dmzarcsrv001/arcgis/rest/services/Test/Scratch/MapServer")
 map.addLayer(dynamicMapServiceLayer); 
   
    }

    dojo.ready(init);
 
  </script>

  </head>

  <body>
    <div id="mapDiv"></div>
    <div id="legendDiv"></div>
 
  </body>
  </html>

and proxy.config....

<?xml version="1.0" encoding="utf-8" ?>
<!-- Proxy config is used to set the ArcGIS Server services that the proxy will forward to.
        
        mustMatch: true to only proxy to sites listed, false to proxy to any site -->
<ProxyConfig mustMatch="true">
  <serverUrls>
    <!-- serverUrl options:
            url = location of the ArcGIS Server, either specific URL or stem
            matchAll = true to forward any request beginning with the url
            token = (optional) token to include for secured service
            dynamicToken = if true, gets token dynamically with username and
              password stored in web.config file's appSettings section.
    --> 
    <serverUrl url="https://sampleserver1.arcgisonline.com/arcgis/rest/services/" 
               matchAll="true"></serverUrl>
      
    <serverUrl url="https://sampleserver2.arcgisonline.com/arcgis/rest/services/" 
               matchAll="true" 
               token=""></serverUrl>
      
    <serverUrl url="https://server.arcgisonline.com/arcgis/rest/services/"
               matchAll="true"></serverUrl>
      
    <serverUrl url="https://orthogonal.esri.com/arcgis/rest/services/"
               matchAll="true"></serverUrl>
      
    <serverUrl url="https://hummer/ArcGIS/rest/services"
               matchAll="true"
               dynamicToken="true"></serverUrl>
     
 <serverUrl url="https://services.arcgisonline.com/arcgis/rest/services/"
               matchAll="true"></serverUrl>
      
 <serverUrl url="https://dmzarcsrv001/arcgis/rest/services/"
               matchAll="true"></serverUrl> 
           
 <serverUrl url="https://www.arcgis.com"
               matchAll="true"></serverUrl>
      
      <serverUrl url="http://www.google.it"
               matchAll="true"></serverUrl> 

 <serverUrl url="http://hydro-gis.jrc.ec.europa.eu/arcgis/rest/services"
               matchAll="true"></serverUrl>
      
 <serverUrl url="http://dmzarcsrv001/dev"
               matchAll="true"></serverUrl>    
  </serverUrls>
  
</ProxyConfig>

Alberto

JohnGravois · ‎08-01-2013

just a guess, but maybe this is caused by a lack of trust in the SSL certificate on your own machine?

AlbertoAloe · ‎08-02-2013

John,
it's more than a guess...
the self signed certificate on the arcgisserver side is the one creating trouble.
Ok. I'll test it with a trial signed certificate.

Thanks

Alberto

JohnGravois · ‎08-02-2013

sometimes my nose is better than other times. 🙂

you can also simulate the use of a CA signed cert by installing the self-signed certificate in trusted storage on a particular machine. good luck with the rest of your project!

identitymanager &amp;amp;amp; proxy

identitymanager &amp; proxy