custom header values for http request

4360
6
04-11-2012 02:42 PM
LukePhilips
New Contributor III
when adding various service URI's to the map, is it possible to set custom header values to the http request that the ESRI iOS api is making to my arcgis server? The intention here is get through a security policy that places usernames/passwords in the headers.
6 Replies
DiveshGoyal
Esri Regular Contributor
Unfortunately, this is not possible at this time.

Could you please elaborate on the security policy you're referring to. The API already supports ArcGIS Server security model (Basic/Digest/Token).
If we have more information about your needs we can try and suggest ways to meet them or build provisions in the API for a future release.
0 Kudos
LukePhilips
New Contributor III
Unfortunately, this is not possible at this time.

Could you please elaborate on the security policy you're referring to. The API already supports ArcGIS Server security model (Basic/Digest/Token).
If we have more information about your needs we can try and suggest ways to meet them or build provisions in the API for a future release.


Instead of relying on ArcGIS Server for security, we have a 'mediation platform' (think Layer 7 or Tibco) to give a front end for all service calls to the back-end enterprise. This also handles the security up front and lessens the need for the back end enterprise to try to stay in sync with evolving security access/profiles. Once authenticated this provides basically a pass-through to the ArcGIS Server endpoints, using token values specified in the http request header, not URL parameters. Other http request header values provide for various other logging/tracking of service calls. What I would like simply would be more access to the http request object.
0 Kudos
LukePhilips
New Contributor III
Let me add some details to my request. What we have implemented as a security mechanism in front of our services is modeled after OAuth2, and for the OAuth 2.0 API you can pass through your tokens/username/password has header values or URI params, we limit it to header values. Is this type of security planned for the ESRI api's?

Another thought is if it would be possible to have the ESRI api make a request to a URI that is nothing more than 'http://localhost', then for me to intercept that and make the call myself with the Oauth security.
0 Kudos
DiveshGoyal
Esri Regular Contributor

Yes, we plan to support sending the oAuth details through headers instead of URI params in a future release.

0 Kudos
GlobalSBB
New Contributor

Any news about this issue? We have the same requirement, we need to pass custom headers required by our reverse proxy. 

I saw that this will be possible with the new Quartz SDK (AGSRequestConfiguration::useHeaders : 

https://developers.arcgis.com/ios/beta/api-reference//interface_a_g_s_request_configuration.html#a47...) so I guess we have to wait for it.

0 Kudos
YueWu1
by Esri Regular Contributor
Esri Regular Contributor

Hi Terrettaz,

I find this userHeaders method is available in 10.2.5 (current version of SDK) 10.2.5: AGSRequestOperation Class Reference

Maybe you can try to use this. 

0 Kudos