+ Reply to Thread
Results 1 to 24 of 24

Thread: Token Security on an ArcGIS Server (Javascript)

  1. #1
    Graham Whelan
    Join Date
    May 2011
    Posts
    15
    Points
    0
    Answers Provided
    0


    0

    Default Token Security on an ArcGIS Server (Javascript)

    Hello

    I have a javascript application that connects to an ArcGIS server and does some functionality with the feature services. Today we added token based security to the rest end point which means I can no longer access it without the appropriate login details.

    Can anyone provide a code example in javascript or point me in the direction of an example, of how to get a token using login details and store it/use it for a defined period of time. I cant find anything on the resource center.

    Thanks in advance.

    Graham

  2. #2
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    1

    Default Re: Token Security on an ArcGIS Server (Javascript)

    you can use a proxy page. Here you can set your period of time ect.

    I have attached an example of proxy modified for call dynamic token in proxy page
    In method gettokens you can change your rules


    Code:
    public string GetToken(string uri)
        {
            foreach (ServerUrl su in serverUrls)
            {
                if (su.MatchAll && uri.StartsWith(su.Url, StringComparison.InvariantCultureIgnoreCase) && su.DynamicToken)
                {
                    // Code to dynamically get the token
                    string tokenService = string.Format("https://{0}/arcgis/tokens?request=getToken&username={1}&password={2}&expiration=30", su.Host, su.UserName, su.Password);
                    string token;
                    
                    
                    // This script is added to force the application to certify the SSL script (if for example you have a self certificate on server)
                    System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
                    {
                        return true;
                    };
                    
                    
                    
                    System.Net.WebRequest tokenRequest = System.Net.WebRequest.Create(tokenService);
                    System.Net.WebResponse tokenResponse = tokenRequest.GetResponse();
                    System.IO.Stream responseStream = tokenResponse.GetResponseStream();
                    System.IO.StreamReader readStream = new System.IO.StreamReader(responseStream);
                    token = readStream.ReadToEnd();
    
                    return token;
                }
                else if (su.MatchAll && uri.StartsWith(su.Url, StringComparison.InvariantCultureIgnoreCase)) 
                {
                    return su.Token;
                }
                else
                {
                    if (String.Compare(uri, su.Url, StringComparison.InvariantCultureIgnoreCase) == 0)
                        return su.Token;
                }
            }
    
            if (mustMatch)
                throw new InvalidOperationException();
    
            return string.Empty;
        }
    Attached Files
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  3. #3
    Graham Whelan
    Join Date
    May 2011
    Posts
    15
    Points
    0
    Answers Provided
    0


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Hi Domenico

    Thanks for the response. I tried your code and a few other similar examples but i keep getting a 403 error when the proxy tries to access the service.

    For the config im using

    Code:
        
    <serverUrl url ="https://212.147.136.135/ArcGIS/rest/services/DoEHLG/ACTIVITIES/FeatureServer"
                   matchAll="true"
                   dynamicToken="true"
                   host="https://localhost/imds/"
                   userName="USERNAME"
                   password="PASSWORD">
        </serverUrl>
    I'm obviously doing something wrong somewhere is the config code correct?

    A snippet from the htm.

    Code:
    esriConfig.defaults.io.alwaysUseProxy = true;
    
    featureLayer = new esri.layers.FeatureLayer("https://212.147.136.135/ArcGIS/rest/services/DoEHLG/ACTIVITIES/FeatureServer/0", {
                        mode: esri.layers.FeatureLayer.MODE_SNAPSHOT,
                        outFields: ["*"],
                        id: "featureLayer"
                    });
    And this is the error that appears after the request is denied/times out

    Thanks again

  4. #4
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    1

    Default Re: Token Security on an ArcGIS Server (Javascript)

    remove the web.config. I have attached for error.... You need only proxy.ashx and proxy.config.

    Have you service token on https? tokenService = string.Format("https://...

    In property host of proxy.config you set "localhost" and not "https://localhost/imds/" : if you see in gettoken string tokenService = string.Format("https://{0}/arcgis/tokens? ... -> {0} is hostname (Server where there is token service).

    Have you in mapping of the application proxy ashx enabled? (you can see http://msdn.microsoft.com/en-us/library/bya7fh0a.aspx)

    Extra info:
    -If your instance is <> 'arcgis' change here in method gettoken the name. string tokenService = string.Format("https://{0}/<nameofinstanceags>/tokens?

    -if you have certificate from third parties (verisign, geotrust, geosign, godaddy ect.) you also can remove this block of code because is yet in trust list:

    Code:
     // This script is added to force the application to certify the SSL script (if for example you have a self certificate on server)
                    System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
                    {
                        return true;
                    };
    or set your check for accept certificate in this delegate. In this case with return true accept the certificate.
    Last edited by ciava.at; 07-01-2011 at 12:40 AM.
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  5. #5
    Graham Whelan
    Join Date
    May 2011
    Posts
    15
    Points
    0
    Answers Provided
    0


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    That worked great. Thanks a lot for your help Domenico.

  6. #6
    VIKRANT KRISHNA
    Join Date
    Nov 2010
    Posts
    94
    Points
    1
    Answers Provided
    3


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    I am having the same issue, where trying to access the rest service page through proxy.ashx is getting error out saying error 403 Access denied to the proxy page

  7. #7
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    vikrant, can you give me further details?
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  8. #8
    VIKRANT KRISHNA
    Join Date
    Nov 2010
    Posts
    94
    Points
    1
    Answers Provided
    3


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Hi Domenico,
    When ever I am trying to go to rest service through the proxy page and with https connection, its giving 403 error. For example my syntax is

    https://wsbv7/proxy/proxy.ashx?https.../rest/services

    its will give me the error, but when I try http (non ssl) connection, it does not return any error. The problem going to be is that when we try to get token for the service, we have to use the https connection, which doesn't work.

    Any thoughts?


    Thanks,

  9. #9
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    in proxy.config have you set:
    Code:
      <serverUrl url ="https://wsbv7/WebGIS/rest/services..."

    Perahps you have
    Code:
    <serverUrl url ="http://wsbv7/WebGIS/rest/services..."
    Last edited by ciava.at; 02-21-2012 at 10:02 AM.
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  10. #10
    VIKRANT KRISHNA
    Join Date
    Nov 2010
    Posts
    94
    Points
    1
    Answers Provided
    3


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    I tired that to, but that doesn't work either.

    after adding the given line on config file , I tried this
    http://wsbv7/proxy/proxy.ashx?https:...t&password=vik

    this again gives 403 error. I am not sure if this is related to our IIS settings or something in our server.



    Even trying to access secured service on esri server (given on esri token based security demo sample), through proxy page using the given username and password (rick and rick@esri) doesn't work either.

  11. #11
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Open in visual studio the application where there is your proxy and you try go in debug
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  12. #12
    VIKRANT KRISHNA
    Join Date
    Nov 2010
    Posts
    94
    Points
    1
    Answers Provided
    3


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    I got an error when I debug the proxy.ashx

    error message screenshot is attached.
    Attached Thumbnails Attached Thumbnails Click image for larger version

Name:	proxyerror.jpg‎
Views:	246
Size:	94.9 KB
ID:	12096  

  13. #13
    Domenico Ciavarella

    Join Date
    Mar 2010
    Posts
    2,678
    Points
    458
    Answers Provided
    71


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    when you go in debug you provide a url after http://.../proxy.ashx -> http://.../proxy.ashx?http://yourrequest
    Studio A&T srl

    Domenico Ciavarella

    ESRI Certified
    Enterprise Geodatabase Management Associate 10.1
    Web Application Developer Associate 10.1

    My ArcGIS.com

    Blog: NicoGis

  14. #14
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Quote Originally Posted by vikrant327 View Post
    I got an error when I debug the proxy.ashx

    error message screenshot is attached.
    Were you ever able to solve this issue? I get the same thing when I try to access http://localhost/proxy/proxy.ashx, and anytime I try to access a service through the proxy page I get an error 403.

  15. #15
    john gravois

    Join Date
    Dec 2009
    Posts
    788
    Points
    450
    Answers Provided
    77


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    are you working with the sample ASP.NET proxy from the Javascript resource center? if you haven't already, please try setting the global flag "mustMatch" to false to see whether you can forward traffic to a standard webpage directly from the browser.

    ie:
    http://localhost/proxy/proxy.ashx?http://esri.com

  16. #16
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Yep - that's the one I'm using. I tried setting mustMatch to false and I'm still unable to connect to anything.

    When I try to connect directly to localhost/proxy/proxy.ashx I get the same error page that vikrant327 posted. I tried turning debugging on and it gave me the error message in the attached screenshot.

    Click image for larger version

Name:	proxyerror.png
Views:	80
Size:	68.9 KB
ID:	17381

    I'm guessing I'm just doing something stupid here!

  17. #17
    john gravois

    Join Date
    Dec 2009
    Posts
    788
    Points
    450
    Answers Provided
    77


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    its normal to see an error when you try to access the proxy without attempting to forward a url, but you should definitely be able to forward traffic if you aren't restricting sites.

    did you convert the proxy folder to an application in IIS?

  18. #18
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    I did, and just to be sure I tried doing so again. One thing I'm noticing this time, when I click Convert to Application and try the "Test Settings" button, I get an error that says "Invalid Application Path", even though the physical path is pointing directly to C:\inetpub\wwwroot\proxy.

    I apologize if these are dumb questions - I'm really out of my element working with this stuff!

  19. #19
    john gravois

    Join Date
    Dec 2009
    Posts
    788
    Points
    450
    Answers Provided
    77


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    i just did a quick test and it seems that an "invalid application path" error when converting an application is normal for working proxies as well.

    in IIS manager, do you have handler mappings for .ashx files?

  20. #20
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    I have three of them - SimpleHandlerFactory - Integrated; SimpleHandlerFactory-ISAPI-2.0; and SimpleHandlerFactory-ISAPI-2.0-64.

  21. #21
    john gravois

    Join Date
    Dec 2009
    Posts
    788
    Points
    450
    Answers Provided
    77


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    if the global mustMatch policy in the proxy is set to "false" the proxy isn't evaluating URLs to confirm that they are in the list. this means the 403 permission error is being generated by another component.

    are you using the default application pool?
    is Anonymous Authentication enabled for the app?
    does it make any difference if you use 127.0.0.1 instead of localhost? machinename?

  22. #22
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Yes to the first two questions, and no, it doesn't seem to make a difference if I try my machine name or 127.0.0.1.

    Whew! This is frustrating!

  23. #23
    john gravois

    Join Date
    Dec 2009
    Posts
    788
    Points
    450
    Answers Provided
    77


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    this is just a shot in the dark, but you might check to make sure you have the following IIS components installed.

    http://blogs.esri.com/esri/arcgis/20...net-framework/

    also, i'm not sure what sites you are testing, but i've experienced intermittent problems bouncing tests off of google.

    you're testing the following, correct?

    http://localhost/[proxyfolder]/proxy.ashx?http://esri.com

    is the error the same in all browsers?

  24. #24
    Brett Greenfield
    Join Date
    Jan 2012
    Posts
    101
    Points
    17
    Answers Provided
    5


    0

    Default Re: Token Security on an ArcGIS Server (Javascript)

    Thanks for all your help with this, John, but I told you it would be something stupid! Turns out the proxy page files I had downloaded were from an older help page (http://resources.esri.com/help/9.3/a...gs_proxy.htm); once I downloaded the more up to date proxy page files, everything worked perfectly.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts