To use Windows secured map services with Geocortex Essentials, there are a number of things that must be in place:
-
Application Pool Identity
Geocortex Essentials connects to ArcGIS Server with the identity of the application pool that runs the Geocortex Essentials application. By default, these are local computer users called EssentialsAppPool and EssentialsAdministrationAppPool.
If your map services are located on the same computer as Geocortex Essentials, and you are using ArcGIS Server 10.0, these local users will be sufficient. If you map services are located on a different computer from Geocortex Essentials, or you are using ArcGIS Server 10.1 and above, you will need to change the identities of the application pools to domain users.
Both application pools need to be running in Integrated Pipeline mode with 32-bit applications disabled.
-
Permissions
Most of the time when using a viewer to interact with the map, you are connecting to the map service as the user who is logged in on the computer. Because of this, the user who is logged on to the computer needs to belong to a group that is allowed to access the map service (agsadmin or agsusers, for example).
However, there are times, such as when adding a map service using Rest Manager and when doing certain tasks such as printing, that the Essentials and Rest manager applications will need to connect to the map services as themselves.
When the Essentials and Rest Manager web applications connect to map services, they will connect using the identity of their respective application pools.
These users must also belong to a group that is allowed to access the map service (agsusers for example).
Be sure to verify the permissions and roles in ArcGIS Server Manager.
-
?Authentication in IIS
Go into the ArcGIS folder in IIS, and find the Services application.
Disable Anonymous Authentication. If you leave Anonymous Authentication enabled, then when you connect to the map services it will try to authenticate anonymously first, and fail.
Enable Windows Authentication.
Disable Anonymous Authentication and enable Windows Authentication for the 'rest' application as well.
Note: This differs significantly from the required configuration when setting up Windows security for your Essentials Sites (i.e.: securing the Geocortex Essentials REST application). In this case Anonymous authentication must be left on, as the REST Manager application needs to use it to talk to the Geocortex REST endpoint. Geocortex Essentials will then take care of using the correct mode of authentication automatically.
-
Enable Security
Go back into ArcGIS Server Manager and enable security for GIS Services.
-
Test
Create a new site in Essentials Rest Manager. The map services should populate correctly with the secured services. Ensure the map loads properly in all viewers
For more information, see the ArcGIS Server Help:
Comments
0 comments
Article is closed for comments.