+ Reply to Thread
Results 1 to 4 of 4

Thread: custom header values for http request

  1. #1
    Luke Philips
    Join Date
    Jun 2010
    Posts
    86
    Points
    12
    Answers Provided
    1


    0

    Default custom header values for http request

    when adding various service URI's to the map, is it possible to set custom header values to the http request that the ESRI iOS api is making to my arcgis server? The intention here is get through a security policy that places usernames/passwords in the headers.

  2. #2
    Divesh Goyal

    Join Date
    Oct 2009
    Posts
    270
    Points
    147
    Answers Provided
    31


    0

    Default Re: custom header values for http request

    Unfortunately, this is not possible at this time.

    Could you please elaborate on the security policy you're referring to. The API already supports ArcGIS Server security model (Basic/Digest/Token).
    If we have more information about your needs we can try and suggest ways to meet them or build provisions in the API for a future release.
    _
    Divesh

  3. #3
    Luke Philips
    Join Date
    Jun 2010
    Posts
    86
    Points
    12
    Answers Provided
    1


    0

    Default Re: custom header values for http request

    Quote Originally Posted by technobrat View Post
    Unfortunately, this is not possible at this time.

    Could you please elaborate on the security policy you're referring to. The API already supports ArcGIS Server security model (Basic/Digest/Token).
    If we have more information about your needs we can try and suggest ways to meet them or build provisions in the API for a future release.
    Instead of relying on ArcGIS Server for security, we have a 'mediation platform' (think Layer 7 or Tibco) to give a front end for all service calls to the back-end enterprise. This also handles the security up front and lessens the need for the back end enterprise to try to stay in sync with evolving security access/profiles. Once authenticated this provides basically a pass-through to the ArcGIS Server endpoints, using token values specified in the http request header, not URL parameters. Other http request header values provide for various other logging/tracking of service calls. What I would like simply would be more access to the http request object.

  4. #4
    Luke Philips
    Join Date
    Jun 2010
    Posts
    86
    Points
    12
    Answers Provided
    1


    0

    Default Re: custom header values for http request

    Let me add some details to my request. What we have implemented as a security mechanism in front of our services is modeled after OAuth2, and for the OAuth 2.0 API you can pass through your tokens/username/password has header values or URI params, we limit it to header values. Is this type of security planned for the ESRI api's?

    Another thought is if it would be possible to have the ESRI api make a request to a URI that is nothing more than 'http://localhost', then for me to intercept that and make the call myself with the Oauth security.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts