Community

Serve a JS map app through a proxy that publishes a locally-hosted web map that contain secure content. How to?

2283
5
03-16-2016 03:56 PM
DirkVandervoort
by
Occasional Contributor II
‎03-16-2016 03:56 PM

We have the full stack of ArcGIS Server and Portal hosted on-premise. We've authored a map service that is secured. In Portal we created a web map that uses an ArcGIS Online basemap and the secured map service. We then wrote a simple JS application that serves the web map. It requires the user to enter credentials - we do not want users to enter credentials, yet the map service must remain secure.

Enter the proxy, download from Releases · Esri/resource-proxy · GitHub

Following the instructions here: Sharing maps with secure layers | Guide | ArcGIS API for JavaScript,

...adding the appropriate urlUtils and proxy.configs

Results in a 403 error.

The JS is here:

urlUtils.addProxyRule({
   urlPrefix: "https://subdomain.domain.com",
   proxyUrl: "proxy/proxy.ashx"
});


arcgisUtils.arcgisUrl = "https://subdomain.domain.com/portal/sharing/content/items";
arcgisUtils.createMap("<WEB_MAP_ID>","map").then(function(response){});

The content of the proxy.config has:

<serverUrl clientId="<ClientID>" clientSecret="<Client_Secret" rateLimit="0" 
rateLimitPeriod="1" matchAll="true" url="https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer"/>

As per the sample. Yet I still get the 403

GET https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain…d189aa97?f=json&cal... 403 (Forbidden)

Can anyone with experience in this realm help provide insight for me please. TIA

0 Kudos
5 Replies
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎03-16-2016 06:45 PM

Dirk,

  I always make my proxy.config serverUrl url less specific:

<serverUrl clientId="<ClientID>" clientSecret="<Client_Secret>" rateLimit="0" rateLimitPeriod="1" matchAll="true" url="https://subdomain.domain.com"/>

Also have to tested your proxy?

https://subdomain.domain.com/proxytest/proxy/proxy.ashx?ping

and

https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/ser...

0 Kudos
DirkVandervoort
by
Occasional Contributor II
‎03-17-2016 08:26 AM

Hi Robert:

Getting closer... Thanks!

https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/ser...

returns:

{"error":{"code":499,"message":"Token Required","details":[]}}

So my proxy is working and interrogating the map service and is seeing that it's secure...

...which raises the question: Why is the proxy not working to access the secure services behind the scenes?

I'm still trying to wrap my head around how this works with the ArcGIS Portal. I create a "generic" app which gives me a ClientID and ClientSecret. This is what gets registered in the proxy.config file. My question is: How is the security to the map service relate to the security of the generic app with its ClientID and ClientSecret?

What I'd really like to do is have a ClientID and ClientSecret for my Web map. Is there a way I can create that security? Or am I constrained to use the generic apps?

Hopefully you or someone else with more grey matter than I've got can help answer that question...

--Dirk

0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎03-17-2016 09:27 AM

Dirk,

  So the way I do this is add a serverUrl in the proxy.config for your ArcGIS Server services that are secure

<serverUrl url="https://xxx.xxxx.com/arcgis/rest/services" matchAll="true" username="your user name" password="your password"/>

0 Kudos
DirkVandervoort
by
Occasional Contributor II
‎03-17-2016 01:24 PM

Getting closer!

Robert: Are you using enterprise security? Or internal (AGS) security?

TIA

0 Kudos
RobertScheitlin__GISP
by MVP Emeritus
MVP Emeritus
‎03-17-2016 01:25 PM

internal (AGS) security

0 Kudos