Hoppa till huvudinnehållet

Secure Map Service connection error

Permanently deleted user

I am getting a consistent error when I try to connect to secured map services with the REST Manager.  On the server in question, the Map Service security is configured to use SQL Server.  In this case SQL Express is being used.

If I grant the “Anonymous” or “Everyone” roles access to the map service, I can connect with the REST manager without having to log in.  However, if I create a new role, add a member, then grant the new role access to the map service, I get the following error message when I try to connect with the REST manager using the role member account:

"There was an error connecting to the host ' ServerName ' with the credentials provided. If the host server requires SSL please ensure its certificate is trusted. Underlying error message: The remote server returned an error: (403) Forbidden."

I’ve tried using only the server name in the “Map Server” field of the “Create Map Service Wizard”.  I’ve tried the full URL in the form of:  http://servername/ArcGIS/rest/services  and  also http://servername/ArcGIS/rest/services/FolderName .  Either way I get the error message.  (There is no SSL on this server, the map service is only used on our internal network.) 

If I enter the “http://servername/ArcGIS/rest/services/FolderName” URL in a web browser, I get the “ArcGIS Server REST API Login” prompt.  At the login prompt the account in the desired role works, and I can see the secured services.  It appears the configuration in ArcGIS server is correct. 

It seems several of us are having problems with secured map services.  A Knowledge Base article outlining exactly what configuration is required on ArcGIS Server would be helpful. For example, I had to piece together information from non-contiguous sources to figure out that I had to change my Map Service security to SQL Server based.  At this point I have to think there’s another configuration I need to change, but I have no idea what it would be.  I've checked the REST Manager log file but there are no entries.  Maybe the web.config file needs to be modified?  Something else? 

 

0

Kommentarer

8 kommentarer

Datum Röster
  • Permanently deleted user

    The solution to the problem was a missing key in the web.config file for the "tokens" directory in IIS.  In the <appSettings> tag the following key had to be added:

    <add key="RequireSSL" value="False" />

    That was in addition to changing the TokenServiceURL key to an "http" value rather than "https".

     

     

    0
  • Permanently deleted user

    Hi Steve,

    Were / are you using a self-signed certificate for your ArcGIS server?

    We are working on a Knowledge Base article that details the various security configurations we support and this information would be useful.

    Thanks!

    -Malcolm

    0
  • Permanently deleted user

    Hi Malcom,

    We do not have any certificates installed at this point because the server is a development system on our internal network. 

    Steve

     

    0
  • Permanently deleted user

    Hello Malcolm,

    I am having a mighty struggle with security.  I am in the midst of developing an environment that will have viewers accessing secured map services.  Some of these configurations will be SSL, others not.  If you have any preliminary documentation at this point, I certainly wouldn't mind helping you folks test and refine this documentation.

    Dave

    0
  • Jeff Siemens

    To anyone trying to access secured services from Silveright, I found this ESRI article quite helpful:

    http://blogs.esri.com/Dev/blogs/silverlightwpf/archive/2009/08/31/Using-services-across-schemes.aspx

    Jeff

    0
  • Permanently deleted user

    Thanks Jeff!  That is certainly one piece in the puzzle I was missing.

    0
  • Permanently deleted user

    My problem was that I was getting a 404 error when trying to access the secured services.  Essentials 3.4 expects the ArcGIS REST directory to be named "ArcGIS".  Mine wasn't, hence the problem.  If anyone has the same problem, you can set up IIS to redirect the request to the actual directory name.  I understand this will be fixed in a new version of Essentials.

    0
  • Permanently deleted user

    What's the status of the promised (4/11) "Knowledge Base" article that will help users enable map service security?  The existing documentation is very less than clear on what is required to set this up, surely enough people struggle with this to warrant some response?

    Adding new features without the backing documentation does not really help anyone.

    Thanks

    Eric

    0

Du måste logga in om du vill lämna en kommentar.

Hittade du inte vad du sökte?

Nytt inlägg