search

cmv / cmv-app

CMV - The Configurable Map Viewer - A community supported open source mapping framework built with the Esri JavaScript API and the Dojo Toolkit
https://demo.cmv.io/
MIT License
323 stars 278 forks source link

Need help in getting proxy to work with secured service. We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions. #355

Closed rkoelpin closed 9 years ago

rkoelpin commented 9 years ago

We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions. Thanks.

tmcgee commented 9 years ago

@rkoelpin the proxy is not specific to CMV. Configuring the proxy can be complex and so most likely outside of the outside the scope of what we can support here. Here are some resources.

  1. ESRI maintains and supports the proxy. You can find the repository here. Read through some of the issues there which may help you.
  2. There's some info about the proxy specific to use with the ArcGIS JS API here

Those are probably the best places to start. Once you have the proxy working properly, we can assist here with how to use it within CMV.

rkoelpin commented 9 years ago

Thanks Tim, we got the proxy working fine for the flex viewers and are trying to get that to work in CMV. I am working with ESRI support who are trying to run the CMV in their environment using the proxy and recommendations provided with the CMV.

I tried a while back to get our proxy solution (for flex) working with the CORS and thought I succeeded. But that didn’t last. So I started this latest cycle with ESRI support, and at their request reached out to you again.

From: Tim McGee [mailto:notifications@github.com] Sent: Wednesday, January 21, 2015 3:29 PM To: cmv/cmv-app Cc: Koelpin, Roger Subject: Re: [cmv-app] Need help in getting proxy to work with secured service. We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions....

@rkoelpinhttps://github.com/rkoelpin the proxy is not specific to CMV. Configuring the proxy can be complex and so most likely outside of the outside the scope of what we can support here. Here are some resources.

  1. ESRI maintains and supports the proxy. You can find the repository here<https://github.com/Esri/resource-proxy>. Read through some of the issues there which may help you.
  2. There's some info about the proxy specific to use with the ArcGIS JS API here<https://developers.arcgis.com/javascript/jshelp/ags_proxy.html>

Those are probably the best places to start. Once you have the proxy working properly, we can assist here with how to use it within CMV.

— Reply to this email directly or view it on GitHubhttps://github.com/cmv/cmv-app/issues/355#issuecomment-70915194.

tmcgee commented 9 years ago

@rkoelpin If the proxy is working with Flex viewers, it should work the same for JS-based apps like CMV (assuming the proxy is on the same server as your app).

If it is the proxy configuration in cmv viewer.js that is giving you problems, post it here (sanitized to remove the specifics of your servers as necessary).

Are users prompted for their own credentials when using the cmv app or are you using stored credentials or token-based authentication?

Are you using AGS security, or LDAP/Active Directory?

rkoelpin commented 9 years ago

Thanks, passing up the food chain to ESRI support to get their page.

We are using a proxy on the server of another application which got me started down the path of CORS. ESRI is trying to set up their proxy on the same server. Both use AGS security, where we are consuming the token-based security store from another application. User logs into the other app, gets access to links of viewers based on user role in the other app, and arc server uses the same roles to allow access to secured services. The token is part of the browser session.

From: Tim McGee [mailto:notifications@github.com] Sent: Wednesday, January 21, 2015 3:42 PM To: cmv/cmv-app Cc: Koelpin, Roger Subject: Re: [cmv-app] Need help in getting proxy to work with secured service. We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions....

@rkoelpinhttps://github.com/rkoelpin If the proxy is working with Flex viewers, it should work the same for JS-based apps like CMV (assuming the proxy is on the same server as your app).

If it is the proxy configuration in cmv viewer.js that is giving you problems, post it here (sanitized to remove the specifics of your servers as necessary).

Are users prompted for their own credentials when using the cmv app or are you using stored credentials or token-based authentication?

Are you using AGS security, or LDAP/Active Directory?

— Reply to this email directly or view it on GitHubhttps://github.com/cmv/cmv-app/issues/355#issuecomment-70917378.

rkoelpin commented 9 years ago

BTW – thanks for all the kick @ss work you and the community are doing here.

From: Tim McGee [mailto:notifications@github.com] Sent: Wednesday, January 21, 2015 3:42 PM To: cmv/cmv-app Cc: Koelpin, Roger Subject: Re: [cmv-app] Need help in getting proxy to work with secured service. We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions....

@rkoelpinhttps://github.com/rkoelpin If the proxy is working with Flex viewers, it should work the same for JS-based apps like CMV (assuming the proxy is on the same server as your app).

If it is the proxy configuration in cmv viewer.js that is giving you problems, post it here (sanitized to remove the specifics of your servers as necessary).

Are users prompted for their own credentials when using the cmv app or are you using stored credentials or token-based authentication?

Are you using AGS security, or LDAP/Active Directory?

— Reply to this email directly or view it on GitHubhttps://github.com/cmv/cmv-app/issues/355#issuecomment-70917378.

tr3vorm commented 9 years ago

I just checked my proxy and it says

 * DotNet proxy client.
 *
 * Version 1.1 beta
 * See https://github.com/Esri/resource-proxy for more information.

I vaguely recall changing this from the default released with CMV, but can't remember why. My proxy.config looks like

<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*"
             mustMatch="true">
  <serverUrls>
    <serverUrl url="https://server/adaptor/rest/services/internal"
         matchAll="true"
         dynamicToken="true"
         host="server"
         username="user"
         password="password" />
  </serverUrls>
</ProxyConfig>

And my viewer.js has the following lines at the top of the function... I could never get it working by setting alwaysUseProxy = false and have always explicitly set any rules. 

    // url to your proxy page, must be on same machine hosting you app. See proxy folder for readme.
    esriConfig.defaults.io.proxyUrl = 'proxy/proxy.ashx';
    esriConfig.defaults.io.alwaysUseProxy = false;
    esriConfig.defaults.io.timeout = 150000;

    urlUtils.addProxyRule({
        urlPrefix: 'server/adaptor/rest/services',
        proxyUrl: 'proxy/proxy.ashx'
    });
rkoelpin commented 9 years ago

Thanks, is there any chance the proxy can be on another machine (with CORS enabled?) we are using the security store (users, roles) from another application for arcserver in production?

Will try the suggested changes on our dev.

From: Trevor Masters [mailto:notifications@github.com] Sent: Wednesday, January 21, 2015 3:52 PM To: cmv/cmv-app Cc: Koelpin, Roger Subject: Re: [cmv-app] Need help in getting proxy to work with secured service. We have set a proxy using the code provided and can't get it to pass or accept credentials username and password. Is there further documentaition available or additional solutions....

I just checked my proxy and it says

I vaguely recall changing this from the default released with CMV, but can't remember why. My proxy.config looks like

<?xml version="1.0" encoding="utf-8" ?>

<ProxyConfig allowedReferers="*"

         mustMatch="true">
``` ```

And my viewer.js has the following lines at the top of the function... I could never get it working by setting alwaysUseProxy = false and have always explicitly set any rules.

// url to your proxy page, must be on same machine hosting you app. See proxy folder for readme.

esriConfig.defaults.io.proxyUrl = 'proxy/proxy.ashx';

esriConfig.defaults.io.alwaysUseProxy = false;

esriConfig.defaults.io.timeout = 150000;

urlUtils.addProxyRule({

    urlPrefix: 'server/adaptor/rest/services',

    proxyUrl: 'proxy/proxy.ashx'

});

— Reply to this email directly or view it on GitHubhttps://github.com/cmv/cmv-app/issues/355#issuecomment-70918991.

tmcgee commented 9 years ago

yes, if CORS is enabled, then you should be fine. One thing that I have done often when CORS is not available is to use a proxy on the local server where the application resides that simply points to the proxy on the other server that handles the security. Extra steps but always an option

If you have the username/password in the proxy config like Trevor does (thanks @tr3vorm!), you should be able to paste a url like this in your browser:

https://server/proxy/proxy.ashx?url=https://server/adaptor/rest/services/internal

(Of course, you'll have to adapt it to your environment.) The response you will see from the REST should appear as if you were directly talking to the AGS server. This will verify that the proxy is working as expected and the security you have in place.

The code in viewer.js that Trevor posted using urlUtils.addProxyRule for each specific server/url is what I do and considered a good practice.

tmcgee commented 9 years ago

I am now seeing your token-based approach. I missed that in the various e-mails. The local proxy talking to the remote proxy as I suggested will probably not work in this case since the cookies are in a different server domain. Continue looking at using CORS policies to allow direct access to the remote server proxy.

rkoelpin commented 9 years ago

Where do I look to change the string sent to the proxy?

Here is what the flex viewers send -

https://my.proxy.server/services/idhs/proxy.ashx/?https://my.arcserver/arcgis/rest/services/Flooding/IDHS_RIVER_GAUGES/MapServer?f=json

and here is what cmv is sending

https://my.proxy.server/services/idhs/proxy/proxy.ashx?https://my.arcserver/arcgis/rest/services/CIKR/GasServiceAreas/MapServer?f=json&dpi=96&transparent=true&format=png8