DotNet : Throw "Error 500-Protocol Error" when passing ArcGIS Server uri with windows authentication #7
Comments
|
@afili has another proxy that works with window auth for arcgis server, do you think we need to add this here? @kellyhutchins @jgravois |
|
Was this fix merged? Is it planned? |
|
@AmrEldib this issue has not yet been resolved and merged into the proxy. We will evaluate this issue and discuss the feasibility of incorporating this into a future release of the proxy. |
|
I'm sorry...I don't understand the problem with using the proxy.ashx and Windows Authentication. I've got apps deployed to Windows 2008 web servers, using services on ArcGIS 10.0 servers that are secured with windows authentication, and everything works fine. Is this some new restriction that was introduced after AGS 10.0? |
|
@theBoringCoder thanks for chiming in Tom. how exactly are you supplying your credentials in our current resource-proxy to accomplish this? in looking through the .NET code i don't see anything pertaining to authentication that isn't helping form requests to retrieve tokens. |
|
I'm not sure I'm using your current one. The one I am using has been in place for a couple years now. The credentials are coming from proxy.config. I can post a (redacted) picture of the proxy.config if you like. |
|
I think this bug is about Windows credentials passed from the client (browser) rather than stored in the proxy.config file. That's the issue I'm running into. |
|
thanks for the clarification guys. @theBoringCoder you must not be using our 'resource-proxy' as it was only released a few months ago. as @kellyhutchins said, we are looking into adding support for web tier windows authentication in the future. |
|
My apologies. An ESRI Support Analyst my co-worker is working with pointed us at this thread as being about the HTTP 500 error we're experiencing with the proxy we're using...but we're not using this "resource-proxy"...we're using a proxy.ashx (handler) that has a matching proxy.config file, that we got from ESRI, which has "proxyConfig" as the root, then "serverItems", and then "serverItem" which then contains "url", "matchAll", "domain", "username", and "password" attributes. |
|
@theBoringCoder. yes, we have had a number of different proxies floating around in the past, each with their own individual functionality, syntax and bugs. the 'resource-proxy' repository here is a new effort to consolidate our work in a single location and attempt to ensure parity across .NET, Java and .PHP versions. |
|
Thanks for the clarification. I was not aware that there had been different proxies. |
esoekianto
changed the title
esoekianto
changed the title
|
Hi, I see there's been no update to this for a few weeks so I'll assume that Windows Authentication with the .NET proxy is not planned for the near future. @esoekianto had mentioned in his second post that there's another version of the proxy that supports this...Could I get a link to it, assuming it's on the web somewhere? We have great need for that functionality. Thanks! |
|
@ReticulatingMoP we are definitely working on incorporating the functionality in the resource-proxy. in the meantime, you might check out the proxy linked about a third of the way down the page below, as i believe it provides what you need. ArcGIS Silverlight API - Secure services |
|
@jgravois thank you for your reply. I took a look at the proxy you linked to and I don't see anything there that would help. The windows authentication section of the proxy there looks more like what theBoringCoder had been talking about, ie storing a specific user/pw in the proxy.config file. We need what @AmrEldib had talked about, being able to use the credentials of the current user. I realize that you guys don't have definitive deadlines for changes, but do you by chance have a rough target? Just wondering if this is more likely to be weeks or months before it's put together? Thanks. |
|
we are discussing the possiblity of adding hardcoded windows web tier credentials in the proxy.config (in addition to token credentials). we don't have any current plans to support passing authentication details from the client request dynamically. |
|
Oh I see. Thanks for clearing that up John, I guess I'll just have to try writing my own. |
|
@ReticulatingMoP sounds good. we're definitely accepting pull requests. |
|
fixed at #118 |
|
We are configuring our IIS application pool identity to a 'headless service account' that has been configured for access to our 'web-tier' secured services. PR 309 was merged into the master in MAY 2017. Technically we are getting web-tier authentication working from the proxy making requests to the back-end servers running Microsoft Integrated Windows Authentication. You might find this useful getting you proxy working with web-tier services... |
I know that proxy should only work with token-based arcgis server, but is there any way to allow the url for arcgis server that is not set for token based but window authentication only
The text was updated successfully, but these errors were encountered: