search

Esri / ArcREST

python package for REST API (AGS, AGOL, webmap JSON, etc..)
Apache License 2.0
192 stars 155 forks source link

Example - How to log into Portal on premise to generate token, etc with Windows Credentials & Portal Credentials #249

Closed anthonyryan-ergon closed 8 years ago

anthonyryan-ergon commented 8 years ago

ArcRest or ArcRestHelper

Version 3.5.5

Question / Examples Is it possible to get more complete examples of how to use this tool. I'm struggling to find/understand an example of how to password Windows credentials with IWA enabled on the web server hosting Web Adaptor for Portal on premise and passing Portal's credentials (eg. PortalAdmin) as well. These could be different but generally the same. I can't remember off the top of my head the error but certain it's relating to Error 401 Unauthorized on the web server side before getting to Portal.

Thanks

achapkowski commented 8 years ago

For IWA, you have to pass your domain username: <domain>\\<username> and the domain user's password.

sh = arcrest.NTLMSecurityHandler(org_url="https://mysite.com/portal", username="mydomain\\myusername", password="my_password")

This is assuming you need to use NTLM for your site, but the two methods you referenced should work with this.

You user needs to have permissions to access the portaladmin site of the REST API.

anthonyryan-ergon commented 8 years ago

achapkowski - thank you for the reply. The issue is I as 'domain user' doesn't have admin access to portal so I need to pass portal admin creds as well (eg. portaladmin account). I have been able to do it with my own python code

import requests from requests_ntlm import HttpNtlmAuth

parameters = { 'username' : portalusername, 'password' : portalpassword, 'client' : 'referer', 'referer': portalurl, 'expiration': 60, 'f' : 'json' }

url = portalurl + 'sharing/rest/generateToken?' session = requests.Session() session.auth = HttpNtlmAuth(iwausername, iwapassword, session) token = session.post(url, params=parameters, verify=False)

I was hoping not to rewrite things and use all of your fab work.

achapkowski commented 8 years ago

@aryan200o Have you tried instead going to port 7443? So your org would be https://mysite.com:7443/arcgis. In order for this to work, you have to manually enter in the site's token url as well, or it will revert to using the web adaptor.

So in my example, the token url would be https://mysite.com:7443/arcgis/sharing/generateToken

Now you be able to use token based/built-in security with your admin credentials.