Workflow query layer from secure service

Permanently deleted user

July 11, 2018 08:18

Hi all,

 

I have a private map service on an ArcGIS server.

 

I need to do a Query Task on this layer when the viewer starts, however I don't think I should ask an end user for their credentials immediately after they've had to enter their  credentials to log in to the viewer... (in fact I don't think a user who's logged in should be asked for credentials at all).

 

I could of course save the username/password for the service in the workflow, but considering that that amounts to saving credentials in plain text it doesn't strike me as a good idea.

 

So... what do I do here?

 

 

0

• 

  Permanently deleted user

  July 11, 2018 08:34

  I literally did this just 5 minutes ago, for the first time....

   

  I have basic auth setup on the map service in the Query Task (QT), and I just proxied the request.

   

  The QT activity has a proxy url setting (hidden in the properties panel)

   

  I set this to :

   

  "http://<proxy server>/proxy.ashx"

   

  and in the proxy.config file (in the wwwroot directory) I added a new serverItem for the secure map service

   

  <serverItem url="http://xxx.xxx.vic.gov.au/arcgis/rest/services" username="xxxx" password="xxx" matchAll="true"></serverItem> 

   

  I'm not sure it's the best way to do it, as proxies, and security is all a bit smoke and mirrors for me right now, but as I said, I just got it working then.... 

   

  hope it helps

  0
• 

  Zack Robison

  July 12, 2018 17:42

  Do you have an app account that you could use to credential your query?  That's my go-to solution for these types of problems, that is, problems which don't need to record the accessing user for anything.  If you do need to record the user, then you will probably need to look into a proxy.  Integrated authentication may be of use here too but I don't know much about using it with workflow to be honest.

  0
• 

  Permanently deleted user

  July 13, 2018 10:00

  Hi, thank you for your replies.

   

  We don't need to record the accessing user in this case, but we might need to in the future (I haven't really thought about it yet).

   

  For simplicity's sake let's assume I don't. I'm not clear on how using an app account would help? I'd still need to get the password into my workflow somehow, wouldn't I? Or am I just not understanding something?

   

   

   

   

  0
• 

  Zack Robison

  July 13, 2018 18:20

  If you're using one account across all of your users for a workflow then you simpily hardcode its credentials into the workflow, or you can read them from a config on your server.  You remove the need to get anything from your users.  For example, you could make an account called "appUser" and give it permissions to your ArcGIS secured service, then use the AppUser credentials in your workflow whenever you need to access the service..

  0
• 

  Permanently deleted user

  July 16, 2018 06:52

  But if I hardcode the credentials into the workflow, the password will be in plain text in the workflow's xaml file. I don't know much about security, but 'storing passwords in plain text is bad' is something that comes up often enough that I'd really prefer to avoid doing so.

  0
• 

  Berend Veldkamp

  July 17, 2018 07:47

  If that layer is included in the map, you can use the Get Map Service Info activity to get a token and use that in the Query Task. No need to store a password anywhere.

  0
• 

  Permanently deleted user

  November 27, 2018 03:15

  Hi Berend, do you mean adding get map service info activity in work flow? if the answer yes can you please show me where excatly to add this.

   

  cheers,

   

  Rawan

  0

Please sign in to leave a comment.