- Before you do anything, change the ‘Clear Cache Options’ for ArcGIS Server to periodic and set the interval to something very short like 1 minute. That way you won’t have to remember to clear the cache every time you make a change. Don’t forget to change this setting to something more reasonable when you’re all done.
- For this project I was planning to implement token based security too and was just gonna take it one step at a time so I would know why stuff broke when it inevitable did. So the first step was to implement ESRI’s proxy page. The instructions here are very good.
esri.arcgis.gmaps.Config.proxyUrl = 'proxy.ashx'; esri.arcgis.gmaps.Config.alwaysUseProxy = true;
- Here’s where I ran into my first problem. My dynamic map service layer wasn’t coming through. I fired up Firebug and saw the problem: esri.arcgis.gmaps.DynamicMapServiceLayer do an export map request then they do a ‘Get’ for the map image using the url returned from the export map request. The url for the map image pointed to the arcgisoutput directory which was not configured in my proxy. There are a couple of ways you could fix this problem but I hit it with a hammer: I just configured the proxy to proxy all requests to that hostname. And it worked!
- Get an SSL certificate for your ArcGIS Server. ESRI’s instructions here were helpful. I used a self signed certificate since this is for development/ testing.
- Next you need to setup your map service to require ssl. You do this in ArcCatalog at the folder level. So open ArcCatalog, connect to the server, right click on the folder that contains your map service, select ‘Properties’, check the ‘Require Encrypted Access’ box, and click ‘OK’.
- Here’s where I ran into problems. The webserver where the proxy was running was not accepting the certificate of the ArcGIS Server. I know what to do, I thought, so I tried to hit the page in IE from the webserver and, as expected, got a message saying the certificate wasn’t trusted. So I went to the page anyway then viewed the certificate. Then I installed the certificate. But when I ran the app again, the certificate was still refused. Finally, I found this post which pointed out that I had just installed the certificate for the logged on user. Follow the link for instructions on how to install it for the local machine.
- But then it still didn’t work. So I fired up Firebug and saw what was happening: Remember above where I talked about how Dynamic Map Service Layers work? Well what was happening now was that the output directory url that was being returned by the export map request wasn’t an ssl url so since my proxy was only configured with the https url, it wouldn’t proxy the map image requests. I didn’t find any documentation on this (I didn’t look very hard) but I fixed it by adding another output directory just for ssl and configuring my map service to use it. You do this in ArcCatalog: Right click on your connection to the ArcGIS Server, click ‘Server Properties’, and go to the ‘Directories’ tab. Select ‘Output Directory’ from the ‘Directory Type’ list and then click add. Now give it the path to the directory you want to use (I created an arcgisoutputssl directory right next to the arcgisoutput one) and give it a virtual directory(I used https://<hostname>/arcgisoutputssl) and click ‘OK’ and ‘OK’.
- Now at this point you might be thinking that you’re done as I was. But it still didn’t work. I was getting 404′s from the map image requests. I assumed since the AGS post install creates those virtual directories that when I added an output directory it would create its virtual directory for me. But it doesn’t, so go ahead and create your virtual directory and don’t forget to set it to require ssl.
That’s it! Hope this helps somebody.