Can't add map service 403 Forbidden error

Permanently deleted user

8. Juni 2012 22:58

When I try to add the map service http://services.nationalmap.gov/ArcGIS/rest/services/NEXRAD_Weather/MapServer    to the rest site I get:

 

The host 'http://services.nationalmap.gov/ArcGIS/rest/services' does not appear to reference a valid ArcGIS Server instance. When specifying a URL please ensure you provide the full URL to an ArcGIS Server Services Directory. Underlying error: The remote server returned an error: (403) Forbidden.

This service does not have a clientaccesspolicy file but it does have a crossdomain.xml which Silverlight can use:

<?xml version="1.0" ?>

 

  <!DOCTYPE cross-domain-policy (View Source for full doctype...)>

 

- <cross-domain-policy>

 

  <site-control permitted-cross-domain-policies="all" />

 

  <allow-access-from domain="*.gov" secure="true" />

 

  <allow-access-from domain="*.doi.net" secure="true" />

 

  <allow-access-from domain="*.mil" secure="true" />

 

  <allow-access-from domain="mccullough-consulting.net" secure="true" />

 

  <allow-access-from domain="*" secure="true" />

 

  </cross-domain-policy>

Does the highlighted entry in the crossdomain policy mean that I would need to get the security credentials in order to use it?

Why can I add this service using the silverlight AddMappLayerInteractive function?  

Thanks very much.

 

0

• 

  Permanently deleted user

  8. Juni 2012 23:16

  I just tested this because I was curious and I was able to add it to my internal site with no issues. I am coming from a .gov domain however. I could also access this endpoint from my browser as well. I am not sure what the secure attribute is in the crossdomain file I would assume it is for credentials and not an https connection since I am not using https for my sites.

  0
• 

  Permanently deleted user

  8. Juni 2012 23:38

  The configuration line:

  <allow-access-from domain="*" secure="true" />

  refers to SSL connections, not to credentials. According to the spec this will act to disallow any http connections to the service. I'm not really sure why it would work from a .gov address, as it seems that it should not allow this either.

  However, it is a bit strange to have this security policy on a service that is _not_ running over SSL, as there is no security benefit to disallowing http on an unsecured service. In fact, this policy will likely act to ban any connections from the Silverlight Viewer regardless of configuration, as Silverlight will not download image data under any circumstances from a http service if it is running over https itself.

  0
• 

  Permanently deleted user

  9. Juni 2012 00:46

  I guess from my perspective, I either have to ask nationalmap to add our domain to the list or find a way to dynamically add this service using a workflow.  

  Jonathan, you mentioned that it doesn't make sense that the url would work for .gov - Nick had tried it and it worked for him.

  In one of our crossdomain files, we limit access but do not include  <allow-access-from domain="*" secure="true" />

  it seems to work by limiting use of our services to the domains listed in the crossdomain file

  http://gisservices.dot.state.mn.us/crossdomain.xml

  Thanks for your help.

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.