Secured feature service authentication in widget

4035
11
Jump to solution
11-21-2016 02:06 PM
AndrewTerwiel
Occasional Contributor II

How do I add a layer to a map from a widget when the layer is secured and requires authentication? Currently, the secured layer gets added to the map, but an authentication popup appears. I'm hoping I can add a token or credentials to the layer properties and so circumvent the authentication popup. The layer that I'm trying to add is secured and visible externally in our DMZ. We'd like our users to not see the authentication popup, if possible. I've been experimenting with IdentityManager using the online examples, but these samples don't seem to apply well to Web App Builder apps and widgets.

0 Kudos
1 Solution

Accepted Solutions
AndrewTerwiel
Occasional Contributor II

I have this working now. For those who are new to using the proxy, here are some important considerations.

  • The proxy must be on the same domain as the app that is calling it. If you are running your app from Web App Builder the domain of your app will be something like: http://<yourmachinename:3344/webappbuilder/apps/8/>, so putting the proxy at http://localhost/proxy will not work because the port number 3344 is a different domain from localhost. This is where I went wrong.
  • Download the app and extract the zipped files to inetpub/wwwroot/<yourappname> and convert to this folder to an application in IIS manager.
  • Your proxy should be in http://localhost. Ping it to make sure it runs. http://localhost/proxy/proxy.ashx?ping
  • Configure your app to use the proxy in <yourappname>\config.json. e.g.
    • "httpProxy": {
          "useProxy": true,
          "alwaysUseProxy": false,
          "url": "",
          "rules":[{
                "urlPrefix": "http://<domain>/arcgis/rest/services/.../MapServer",
                "proxyUrl": "http://localhost/proxy/proxy.ashx"
           }
           ]
        },

  • Configure the proxy. Refresh the proxy in IIS after changing the config. e.g.
    • <?xml version="1.0" encoding="utf-8" ?>
      <ProxyConfig allowedReferers="*"
                   mustMatch="true"
                      logFile="proxylog.txt">
          <serverUrls>
              <serverUrl url="http://<serviceUrl>"
                         matchAll="true"
                      username="<username>"
                   password="<password>"
                   oauth2Endpoint="https://www.arcgis.com/sharing/oauth2/"/>
                             
          </serverUrls>
      </ProxyConfig>

View solution in original post

11 Replies
RobertScheitlin__GISP
MVP Emeritus

Andrew,

   Most people are just using the esri proxy for secure services.

0 Kudos
AndrewTerwiel
Occasional Contributor II

Thanks, Robert. I've implemented the proxy, but now I get this error in the console:

"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource"

0 Kudos
RobertScheitlin__GISP
MVP Emeritus
How did you implement the proxy?


0 Kudos
AndrewTerwiel
Occasional Contributor II

This is my proxy.config:

/",

      proxyUrl: "http://localhost/proxy/proxy.ashx"

});

By the way, the website is producing an error and I'm unable to reply

via it. It keeps displaying this:

An unexpected error has occurred

On Tuesday, November 22, 2016 4:05 PM, Robert Scheitlin, GISP

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Ok I am a little confused.

Did you mean you added that to the config.json and you added your secured service URL to the proxy.config?

0 Kudos
AndrewTerwiel
Occasional Contributor II

I"m having trouble with the geonet website. It's giving me an error

when I log in and view a discussion. I can't use it to reply to

discussions. When I'm not logged in I can view the discussion and can

then see that it looks like my reply to you was truncated and you've

only received part of it.

I'll try again.

This is my proxy.config:

And this is the code in the widget's postCreate:

 urlUtils.addProxyRule({

                  urlPrefix: "http://maps.npdc.govt.nz/",

                  proxyUrl: "http://localhost/dotnet/proxy.ashx"

              });

 

On Tuesday, November 22, 2016 4:38 PM, Robert Scheitlin, GISP

0 Kudos
AndrewTerwiel
Occasional Contributor II

The proxy.config didn't make it through. Here it is:

<ProxyConfig allowedReferers="*"
             mustMatch="false">
    <serverUrls>
        <serverUrl url="http://maps.npdc.govt.nz/arcgis/rest/services/CPP/NPDC_Reseal_Forward_Works/MapServer/1"
                   matchAll="true"
                   clientId="aGbgYH2unJP7fTUX"
                   clientSecret="46ee6cd747b442df8d3a9c86d7c509ae"/>
                   
    </serverUrls>
</ProxyConfig>

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Andrew,

  There is no need for :

             urlUtils.addProxyRule({

                  urlPrefix: "http://maps.npdc.govt.nz/",

                  proxyUrl: "http://localhost/dotnet/proxy.ashx"

              });

You define rules in the config.json.

I am wondering about you using an appid and client secret. I would use username and password untill you have fully deployed your app and you are no longer using localhost for your proxy.

AndrewTerwiel
Occasional Contributor II

I've now defined the rules in the config.json as you suggested, and the proxy is being used, but I'm still getting this in the console:

XMLHttpRequest cannot load http://localhost/proxy/proxy.ashx?http://<domain>/arcgis/rest/services/<path>/MapServer/1?f=json. 
Response to preflight request doesn't pass access control check: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://<domain>:3344' is therefore not allowed access.‍‍‍‍‍‍‍‍

   I've also configured the proxy to use the username and password rather than the appId and appSecret.

0 Kudos