Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to securely authenticate with Arcgis Server using username && password

See original GitHub issue

Version of Leaflet (L.version):

1.4.0

Version of esri Leaflet (L.esri.VERSION):

2.2.3

Hi, I’m using this tutorial from the doc to authenticate to an ArcGIS server and then retrieve a DynamicMapLayer. The tutorial shows how to authenticate by hardcoding the credentials in the application.

I’m using one of my company’s account and I’d like to secure it so no user of the web application can get them and use them without our knowledge nor our consent for another purpose. We still want to login to this service using our own account though and not force users to create a personnal ArcGIS account.

Does esri-leaflet offer a way to authenticate to an ArGIS service on the server side of the application ? This would avoid lots of complications trying to hide the credentials on the client-side…

Thank you

Issue Analytics

State:
Created 4 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

Djohn12commented, Apr 18, 2019

About the Esri Master Agreement : I got in touch with the person in charge at my company. The MapService we use from Esri is public (the concerned data originally comes from the NOAA) so we can share it without infringing any terms of use if we give it for free.

About securing the credentials inside the web app : I think we will instead get the data directly from this api which is free of use and doesn’t require any token or authentication process.

Thanks for your help

0reactions

jgravoiscommented, Apr 17, 2019

@pmacMaps from the sound of it @Djohn12 wants to display secure services without asking users to login.

@Djohn12 if i’ve got that right, you most certainly are not the first person to have asked such a question. INAL, but it sounds like a violation of the Esri Master Agreement:

2.5 Named User Licenses

a. Named Users

Named User login credentials are for designated users only and may not be shared with other individuals.

Customer may reassign a Named User License to another user if the former user no longer requires access to the Software or Online Services.

b. Value-Added Applications

Customer may not embed a Named User Credential into Value-Added Applications. Value-Added Applications that enable access to Customer’s private data or content must require individual users to log in to the application(s) with their unique Named User login credentials.

this does not mean that folks must sign in each and every time they view private content in your own application. Whether you use a built-in identity store or a SAML provider, there are techniques you can use to persist a user’s login.

Top Results From Across the Web

Security and authentication | Documentation

If you wish to authenticate using an ArcGIS Enterprise account, you can use ArcGIS identity, application credentials, and other ArcGIS identity ...

How To: Add secure ArcGIS Server services as items in ...

Procedure · Add a username in Enter username box, and password in Enter password box with the credentials for an ArcGIS Online account...

Configure security settings—Portal for ArcGIS (10.7 and 10.7.1)

Configure a list of portals (for example https://otherportal.domain.com/arcgis) with which you want to share secure content. This will allow members of your ...

Best practices for configuring a secure environment—ArcGIS ...

Requesting and configuring your own server certificate · Restricting file permissions · Disabling the primary site administrator account · Defining the shared key ......

Best practices for configuring a secure environment

When securing ArcGIS Server, it's important that the environment ArcGIS Server runs in be ... Its name and password are recognized only by...