ArcGIS Server Security: Token-based verification Guide)

The Security Service of ArcGIS Server is not as difficult as you think. as a tool for managing services, ArcGIS Server manage can create and manage database security, and permit access to certain services and files.

 

Step 1: Create a database for security management before locking your server.

Log on to ArcGIS Server Manager, click Security, and then click setting. In the setting window, you can connect to the database.
To create a new database table to store the permission. In this process, you need to determine a check box to automatically generate a user and a role suitable for "everyone", which will be used in the next step. [Question: you can select the everyone role for the default bound SQL database according to the wizard. But if you use other Oracle databases, how can you set the everyone role ?]

 

Step 2: Generate roles and users)

Service licenses are managed by roles. After you successfully create a role, you can create a new user or add existing users to the role. You can easily create this user and role in ArcGIS Server Manager wizard.

 

Step 3: Lock your service

Now with a database, you can lock your service.

Return to the "setting" section of "security" in step 1.

Find "security for GIS services is: not enabled", and there is a button next to "enable"

Note: Once you select this "enable", you cannot cancel it in ArcGIS Server Manager, but you do not need to be afraid. You can solve this problem in the next step.

 

Step 4: Go to root
Level, Grant "everyone" a license

Now you are locked. You need to authorize your service.

The following steps assume that you have some public or private services. Instant security is enabled, and we also want to ensure that our public services are still open without the user name/password.

Click the "services" key, which will automatically go to "manage services". If not, change "services" in your root directory.
In, and then click manage folders-> permissions. In the root directory, add the access list to the role to grant the "everyone" license.

In this way, security is enabled, but your service is still public. We recommend that you complete the above steps when installing the arcigis server so that you can quickly add a license as needed.

 

Step 5: Lock the ArcGIS Server folder

Your services are open now. What should I do if I need to lock some services?

If your service is in a folder, it is easy to do. Now, if your folder is "private", you need
Change the value in to your private folder, Click Manage folders-> permissions, add the role you created to the folder, and confirm to remove "everyone" from the access list ".

Now the services in this folder require that you enter the username and password associated with this role.

 

Step 6: access protected folders through the rest Interface

If you are using ArcGIS Server Javascript. API to develop applications, rest
The interface is your best friend. However, you will find that the locked folder is not displayed in your service root directory:

HTTP: // <Servername>/ArcGIS/rest/services

Access the "private" folder and directly enter the URL of the protected folder:

HTTP: // <Servername>/ArcGIS/rest/services/private

In this way, a login window is opened, and the user name/password is entered for access.

 

Step 7: Apply a protected service in ArcGIS Server for Javascript. API app

Next we will introduce how to publish ArcGIS Server for JavaScript. the purpose of embedding protected services in API apps is to allow users to directly apply services in their own apps without obtaining the URLs of your services.

To save space, assume that you already have a proxy page in your app. If you do not have a proxy page, there may be two situations, one being that the page is not refreshed, in addition, the query result contains more than 2000 characters, and IE cannot obtain the returned data. Here is a link to set your proxy:

HTTP: // Configure

If you already have a proxy configuration, the first step is to update your proxy settings in your JavaScript.

Now you are protected, and you will use this proxy page for every query. If not, set "alwaysuseproxy" in the app to "true ".

 

Step 8: Token-based verification

Token-based verification is used to verify the ArcGIS Server services that apply Javascript. API. There are two methods: 1. Create a token through the Token Generation page; 2. Create a dynamic token.

 

Method 1: Create a token on the Token Generation page

In the security of the ArcGIS Server installer, you can access a Token Generation page:

HTTP: // <Servername/ArcGIS/tokens/gettoken.Html(You can also find this page on the Rest Interface) enter a valid user name/password and return a token value.

ChangeHTTPChange to HTTPS. copy and paste this token to the service URL in the proxy. config file.

The following is an example of ESRI help:

<Serverurl url = "https://www.example.com/arcgis/rest/services/MyMapSecureService/MapServer" matchall = "false" token = "5ffo4% 2fi4tv8igsqsybpunorrd % 2fyxxmspo6nehnngmpt9cmknpxijevqygm3uqnu"
> </Serverurl>

The default token on the Token Generation page can only be used for 10 days.
Server Manager, or you can set your service as follows.

 

Method 2: create a dynamic token

To create a dynamic token, you must first download a new proxy. ashx page.

We have previously pasted an ESRI users forums about this operation. There is a new proxy file in it, which can be downloaded from the following link:

HTTP: // Forums.esri.com/thread.asp? C = 158 & F = 2396 & t = 297001 #926770

After downloading the ZIP file, replace your original proxy. ashx page, and then update the URL of your service in the proxy. config file.HTTPChange to HTTPS and add the following new attributes:

Dynamictoken = "true"
Host = ""
Username = ""
Password = ""

Format of restful access to the service with the token value:HTTP: // Ip/ArcGIS/rest/services/service name/mapserver? Token = token value. The obtained token value is generated by the IP address accessed by the client.

Copyright statementSource: HTTP:// Lmyhao. Cnblogs. Com/
Copyright: The copyright of this article is shared by the author and the blog