Hi Robert:
Getting closer... Thanks!
https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/ser...
returns:
{"error":{"code":499,"message":"Token Required","details":[]}}
So my proxy is working and interrogating the map service and is seeing that it's secure...
...which raises the question: Why is the proxy not working to access the secure services behind the scenes?
I'm still trying to wrap my head around how this works with the ArcGIS Portal. I create a "generic" app which gives me a ClientID and ClientSecret. This is what gets registered in the proxy.config file. My question is: How is the security to the map service relate to the security of the generic app with its ClientID and ClientSecret?
What I'd really like to do is have a ClientID and ClientSecret for my Web map. Is there a way I can create that security? Or am I constrained to use the generic apps?
Hopefully you or someone else with more grey matter than I've got can help answer that question...
--Dirk