Token Security on an ArcGIS Server (Javascript)

12564
23
06-29-2011 01:26 AM
GrahamWhelan
New Contributor
Hello

I have a javascript application that connects to an ArcGIS server and does some functionality with the feature services. Today we added token based security to the rest end point which means I can no longer access it without the appropriate login details.

Can anyone provide a code example in javascript or point me in the direction of an example, of how to get a token using login details and store it/use it for a defined period of time. I cant find anything on the resource center.

Thanks in advance.

Graham
0 Kudos
23 Replies
nicogis
MVP Frequent Contributor
you can use a proxy page. Here you can set your period of time ect.

I have attached an example of proxy modified for call dynamic token in proxy page
In method gettokens you can change your rules



public string GetToken(string uri)
    {
        foreach (ServerUrl su in serverUrls)
        {
            if (su.MatchAll && uri.StartsWith(su.Url, StringComparison.InvariantCultureIgnoreCase) && su.DynamicToken)
            {
                // Code to dynamically get the token
                string tokenService = string.Format("https://{0}/arcgis/tokens?request=getToken&username={1}&password={2}&expiration=30", su.Host, su.UserName, su.Password);
                string token;
                
                
                // This script is added to force the application to certify the SSL script (if for example you have a self certificate on server)
                System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
                {
                    return true;
                };
                
                
                
                System.Net.WebRequest tokenRequest = System.Net.WebRequest.Create(tokenService);
                System.Net.WebResponse tokenResponse = tokenRequest.GetResponse();
                System.IO.Stream responseStream = tokenResponse.GetResponseStream();
                System.IO.StreamReader readStream = new System.IO.StreamReader(responseStream);
                token = readStream.ReadToEnd();

                return token;
            }
            else if (su.MatchAll && uri.StartsWith(su.Url, StringComparison.InvariantCultureIgnoreCase)) 
            {
                return su.Token;
            }
            else
            {
                if (String.Compare(uri, su.Url, StringComparison.InvariantCultureIgnoreCase) == 0)
                    return su.Token;
            }
        }

        if (mustMatch)
            throw new InvalidOperationException();

        return string.Empty;
    }
0 Kudos
GrahamWhelan
New Contributor
Hi Domenico

Thanks for the response. I tried your code and a few other similar examples but i keep getting a 403 error when the proxy tries to access the service.

For the config im using

    
<serverUrl url ="https://212.147.136.135/ArcGIS/rest/services/DoEHLG/ACTIVITIES/FeatureServer"
               matchAll="true"
               dynamicToken="true"
               host="https://localhost/imds/"
               userName="USERNAME"
               password="PASSWORD">
    </serverUrl>


I'm obviously doing something wrong somewhere is the config code correct?

A snippet from the htm.

esriConfig.defaults.io.alwaysUseProxy = true;

featureLayer = new esri.layers.FeatureLayer("https://212.147.136.135/ArcGIS/rest/services/DoEHLG/ACTIVITIES/FeatureServer/0", {
                    mode: esri.layers.FeatureLayer.MODE_SNAPSHOT,
                    outFields: ["*"],
                    id: "featureLayer"
                });



And this is the error that appears after the request is denied/times out

  
Error: Unable to load proxy.ashx?https://212.147.136.135/ArcGIS/rest/services/DoEHLG/ACTIVITIES/FeatureServer/0/query status:403
http://serverapi.arcgisonline.com/jsapi/arcgis/?v=2.3
Line 14


Thanks again
0 Kudos
nicogis
MVP Frequent Contributor
remove the web.config. I have attached for error.... You need only proxy.ashx and proxy.config.

Have you service token on https? tokenService = string.Format("https://...

In property host of proxy.config you set "localhost" and not "https://localhost/imds/" : if you see in gettoken string tokenService = string.Format("https://{0}/arcgis/tokens? ... -> {0} is hostname (Server where there is token service).

Have you in mapping of the application proxy ashx enabled? (you can see http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx)

Extra info:
-If your instance is <> 'arcgis' change here in method gettoken the name. string tokenService = string.Format("https://{0}/<nameofinstanceags>/tokens?

-if you have certificate from third parties (verisign, geotrust, geosign, godaddy ect.) you also can remove this block of code because is yet in trust list:

 // This script is added to force the application to certify the SSL script (if for example you have a self certificate on server)
                System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
                {
                    return true;
                };


or set your check for accept certificate in this delegate. In this case with return true accept the certificate.
0 Kudos
GrahamWhelan
New Contributor
That worked great. Thanks a lot for your help Domenico.
0 Kudos
VIKRANTKRISHNA
New Contributor III
I am having the same issue, where trying to access the rest service page through proxy.ashx is getting error out saying error 403 Access denied to the proxy page
0 Kudos
nicogis
MVP Frequent Contributor
vikrant, can you give me further details?
0 Kudos
VIKRANTKRISHNA
New Contributor III
Hi Domenico,
                When ever I am trying to go to rest service through the proxy page and with https connection, its giving 403 error. For example my syntax is

https://wsbv7/proxy/proxy.ashx?https://wsbv7/WebGIS/rest/services

its will give me the error, but when I try http (non ssl) connection, it does not return any error. The problem going to be is that when we try to get token for the service, we have to use the https connection, which doesn't work.

Any thoughts?


Thanks,
0 Kudos
nicogis
MVP Frequent Contributor
in proxy.config have you set:
  <serverUrl url ="https://wsbv7/WebGIS/rest/services..."



Perahps you have
<serverUrl url ="http://wsbv7/WebGIS/rest/services..."
0 Kudos
VIKRANTKRISHNA
New Contributor III
I tired that to, but that doesn't work either.

after adding the given line on config file , I tried this
http://wsbv7/proxy/proxy.ashx?https://wsbv7/WebGIS/tokens?request=getToken&username=Vikrant&password...

this again gives 403 error. I am not sure if this is related to our IIS settings or something in our server.



Even trying to access secured service on esri server (given on esri token based security demo sample), through proxy page using the given username and password (rick and rick@esri) doesn't work either.
0 Kudos