Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to securely authenticate with Arcgis Server using username && password

See original GitHub issue
  • Version of Leaflet (L.version):


  • Version of esri Leaflet (L.esri.VERSION):


Hi, I’m using this tutorial from the doc to authenticate to an ArcGIS server and then retrieve a DynamicMapLayer. The tutorial shows how to authenticate by hardcoding the credentials in the application.

I’m using one of my company’s account and I’d like to secure it so no user of the web application can get them and use them without our knowledge nor our consent for another purpose. We still want to login to this service using our own account though and not force users to create a personnal ArcGIS account.

Does esri-leaflet offer a way to authenticate to an ArGIS service on the server side of the application ? This would avoid lots of complications trying to hide the credentials on the client-side…

Thank you

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

Djohn12commented, Apr 18, 2019

About the Esri Master Agreement : I got in touch with the person in charge at my company. The MapService we use from Esri is public (the concerned data originally comes from the NOAA) so we can share it without infringing any terms of use if we give it for free.

About securing the credentials inside the web app : I think we will instead get the data directly from this api which is free of use and doesn’t require any token or authentication process.

Thanks for your help

jgravoiscommented, Apr 17, 2019

@pmacMaps from the sound of it @Djohn12 wants to display secure services without asking users to login.

@Djohn12 if i’ve got that right, you most certainly are not the first person to have asked such a question. INAL, but it sounds like a violation of the Esri Master Agreement:

2.5 Named User Licenses

a. Named Users

  1. Named User login credentials are for designated users only and may not be shared with other individuals.
  2. Customer may reassign a Named User License to another user if the former user no longer requires access to the Software or Online Services.

b. Value-Added Applications

  1. Customer may not embed a Named User Credential into Value-Added Applications. Value-Added Applications that enable access to Customer’s private data or content must require individual users to log in to the application(s) with their unique Named User login credentials.

this does not mean that folks must sign in each and every time they view private content in your own application. Whether you use a built-in identity store or a SAML provider, there are techniques you can use to persist a user’s login.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Security and authentication | Documentation
If you wish to authenticate using an ArcGIS Enterprise account, you can use ArcGIS identity, application credentials, and other ArcGIS identity ...
Read more >
How To: Add secure ArcGIS Server services as items in ...
Procedure · Add a username in Enter username box, and password in Enter password box with the credentials for an ArcGIS Online account...
Read more >
Configure security settings—Portal for ArcGIS (10.7 and 10.7.1)
Configure a list of portals (for example with which you want to share secure content. This will allow members of your ...
Read more >
Best practices for configuring a secure environment—ArcGIS ...
Requesting and configuring your own server certificate · Restricting file permissions · Disabling the primary site administrator account · Defining the shared key ......
Read more >
Best practices for configuring a secure environment
When securing ArcGIS Server, it's important that the environment ArcGIS Server runs in be ... Its name and password are recognized only by...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found