[GIS] How the WMS services can be secured such that it can be accessed by Esri and non-Esri clients

arcgis-serverauthenticationwms

I couldn't figure out if there is a method to secure WMS services such that it can be accessed by Esri and non-Esri clients.
Is there a code can I write it some where?

Best Answer

To secure WMS services on ArcGIS server, you can use token-based authentication.

ArcGIS Server managed token-based authentication

Although not recommended, a WMS service can still be secured using ArcGIS Server managed token-based authentication by using this type of authentication on its parent map or image service. To make raw requests to WMS services protected by a token, you can get a valid token from the token service and append the token string as an extra parameter to the requests you send out. In other words, requests to a token-secured WMS service must use the following format:

http://<WMS_service_url>?<standard WMS parameters>&token=<valid_tokenString>

Most third-party desktop WMS clients will not be able to connect to WMS services secured in this way, but this technique can be used with WMS clients built with the ArcGIS API for JavaScript.

Reference:
http://server.arcgis.com/en/server/10.3/publish-services/linux/wms-services.htm#GUID-BB6D9497-6981-407F-BF9F-4ED3BB615024

Related Solutions

ArcGIS Server: Creating Adapter Between REST Interface and WMS/TMS

Yes, it should be possible to do this using the GDAL_WMS driver from GDAL. There is even an example at that page that points to another ArcGIS REST instance. However, I have not been able to make the concept work against this particular VBMP server. Against a slew of other ArcGIS servers with global-mercator output, no problem.

I believe I do not have the layer extents properly defined, or the tile levels, because I keep generating TMS requests that the server cannot respond to. Since I'm used to working with Spherical Mercator TMS requests, ones like this for TMS addresses in a local projection don't make much sense to me- http://gismaps.virginia.gov/arcgis2/rest/services/VBMP2006_2007/MapServer/tile/0/83/68.jpg.

Below is the XML file I put together from the Service metadata page - http://gismaps.virginia.gov/arcgis2/rest/services/VBMP2006_2007/MapServer. You may be able to get some assistance in making this work from the GDAL developer forum. Once GDAL can properly access the service, you can point MapServer (the original one) at the XML file and run a WMS service that can reproject the data from EPSG:3698 to EPSG:900913 (or whatever code is now used).

<GDAL_WMS>
  <Service name="TMS">        
  <ServerUrl>http://gismaps.virginia.gov/arcgis2/rest/services/VBMP2006_2007/MapServer/tile/${z}/${y}/${x}.jpg</ServerUrl>
    <Layer>VBMP</Layer>
    <Format>jpg</Format>
    <Version>1.1.1</Version>
  </Service>
  <DataWindow>
    <UpperLeftX>-384269.977874641</UpperLeftX>
    <UpperLeftY>476583.633639972</UpperLeftY>
    <LowerRightX>404548.778455541</LowerRightX>
    <LowerRightY>-48883.4062351487</LowerRightY>
    <TileLevel>13</TileLevel>
    <TileCountX>1</TileCountX>
    <TileCountY>1</TileCountY>
    <YOrigin>top</YOrigin>
  </DataWindow>
  <Projection>EPSG:3968</Projection>
  <BlockSizeX>512</BlockSizeX>
  <BlockSizeY>512</BlockSizeY>
  <BandsCount>3</BandsCount>
  <Cache />
</GDAL_WMS>

Good luck.

[GIS] How to access an wms layer that requires authorization via OpenLayers

It's not the work of WMS server that do the authorization, but the HTTP server. Usually we save logged in user's information in the sessions and provide those information when requesting to a WMS server in the cookies.

Best Answer

Related Solutions

ArcGIS Server: Creating Adapter Between REST Interface and WMS/TMS

[GIS] How to access an wms layer that requires authorization via OpenLayers

Related Question