Presentation is loading. Please wait.

Presentation is loading. Please wait.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Published byBryan Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications."— Presentation transcript:

1 Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications Dasa Paddock, David Cordes & Tom Shippee

2 Esri UC2013. Technical Workshop. What’s covered in this session Key secured application terms Common secured service use cases Implementing OAuth-based apps Building Secure Applications

3 Esri UC2013. Technical Workshop. What’s covered in other security sessions Core ArcGIS Server ArcGIS Online Building Secure Applications Building Secure Applications Best Practices in Setting Up Secured Services in ArcGIS for Server Best Practices in Setting Up Secured Services in ArcGIS for Server Securing ArcGIS Services Advanced Securing ArcGIS Services Advanced ArcGIS Online & Cloud Computing Security Best Practices ArcGIS Online & Cloud Computing Security Best Practices Securing ArcGIS Services Introduction Securing ArcGIS Services Introduction Security and ArcGIS Online Security and ArcGIS Online Designing an Enterprise GIS Security Strategy Designing an Enterprise GIS Security Strategy Building Secure Applications Enterprise Architecture

4 Esri UC2013. Technical Workshop. Application Level Common use cases for secured services How service URLs authenticate How service URLs authenticate Web server (e.g., IIS) Web server (e.g., IIS) AGS service AGOL item via AGS service AGOL item via Application (server & portal tokens) Application (server & portal tokens) Identity Mgr Identity Mgr Browser-based Authentication via Browser-based Authentication via PKI IWA In the Code In the Code Impersonated User login AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Single sign on or User login Single sign on or User login

5 Esri UC2013. Technical Workshop. Understanding the concepts… Key secured application terms Building Secure Applications

6 Esri UC2013. Technical Workshop. Understanding authentication Key security decision - Configured by the GIS admin - Specific to a given ArcGIS server site Can occur at different levels - Web server (e.g., IIS) - Application (e.g., GIS Server) Verifies credentials against a user store - Web server requires Windows Active Directory (AD) - Groups and roles can be stored elsewhere Building Secure Applications

7 Esri UC2013. Technical Workshop. Web Server level authentication Building Secure Applications Implementation - Configured in the web server (e.g., IIS) - Runs in browser before the app is called - Web tier authentication in ArcGIS Server Login models - Integrate Windows Authentication (IWA) Pass Windows login credentials - Basic or Digest Challenges with a login dialog

8 Esri UC2013. Technical Workshop. Application level authentication Implementation - Web server MUST be configure for anonymous access - Token-based ArcGIS Server uses server tokens ArcGIS Online uses portal tokens - Requires server or portal token service - GIS server tier authentication in ArcGIS Server Login using ArcGIS Identity manager - Handles all login and token processing - Supported in all Web APIs Building Secure Applications

9 Esri UC2013. Technical Workshop. What is single sign on? Integrate Windows Authentication (IWA) - Sign in once to Windows - Supporting apps automatically passed Windows credentials Same user credentials - Sign in multiple times using the same credentials SaaS Application - AGOL model login once to the application - Token stored as an application cookie Building Secure Applications

10 Esri UC2013. Technical Workshop. What is OAuth? Industry standard enterprise authentication system - Login redirected to enterprise security server - Application NEVER see credentials Works with SAML - Server based mechanism that handles login requests - Supported by AGOL for enterprise authentication - More in final section… Building Secure Applications

11 Esri UC2013. Technical Workshop. Apps to access secured services Common secured service use cases Building Secure Applications

12 Esri UC2013. Technical Workshop. Application Level Use case: Identity Manager Web server (e.g., IIS) Web server (e.g., IIS) Browser-based Authentication via Browser-based Authentication via PKI IWA In the Code In the Code Impersonated AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Single sign on or User login Single sign on or User login Application (server & portal tokens) Application (server & portal tokens) User login AGS service AGOL item via AGS service AGOL item via Identity Mgr Identity Mgr How service URLs authenticate How service URLs authenticate

13 Esri UC2013. Technical Workshop. Identity Manager Why should I use it? - Handles all login and token processing - Works with default token security model AGS & AGOL - Available in all Web API’s & viewer apps What should I watch out for? - Only works for token secured services - Prompts multiple times rather than ignoring services Building Secure Applications

14 Esri UC2013. Technical Workshop. Application Level Use case: Impersonation Web server (e.g., IIS) Web server (e.g., IIS) Browser-based Authentication via Browser-based Authentication via PKI IWA AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app Single sign on or User login Single sign on or User login User login AGS service AGOL item via AGS service AGOL item via Identity Mgr Identity Mgr In the Code In the Code Impersonated Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Application (server & portal tokens) Application (server & portal tokens) How service URLs authenticate How service URLs authenticate

15 Esri UC2013. Technical Workshop. Impersonation: Embedded credentials To be completed… - To be completed… Building Secure Applications

16 Esri UC2013. Technical Workshop. Application Level Use case: Integrated Windows Authentication PKI AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app User login AGS service AGOL item via AGS service AGOL item via Identity Mgr Identity Mgr In the Code In the Code Impersonated Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Application (server & portal tokens) Application (server & portal tokens) Web server (e.g., IIS) Web server (e.g., IIS) Browser-based Authentication via Browser-based Authentication via IWA Single sign on or User login Single sign on or User login How service URLs authenticate How service URLs authenticate

17 Esri UC2013. Technical Workshop. Integrated Windows Authentication (IWA) To be completed… - To be completed… Building Secure Applications

18 Esri UC2013. Technical Workshop. Application Level IWA Use case: PKI AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app User login AGS service AGOL item via AGS service AGOL item via Identity Mgr Identity Mgr In the Code In the Code Impersonated Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Application (server & portal tokens) Application (server & portal tokens) Web server (e.g., IIS) Web server (e.g., IIS) Browser-based Authentication via Browser-based Authentication via Single sign on or User login Single sign on or User login How service URLs authenticate How service URLs authenticate PKI

19 Esri UC2013. Technical Workshop. PKI To be completed… - To be completed… Building Secure Applications

20 Esri UC2013. Technical Workshop. Industry standard enterprise logins Implementing OAuth-based apps Building Secure Applications

21 Esri UC2013. Technical Workshop. Application Level IWA Use case: OAuth AGS service AGOL item via AGS service AGOL item via Identity Mgr Identity Mgr In the Code In the Code Impersonated Secured app with tokens stored Secured app with tokens stored In a Proxy In a Proxy Web server (e.g., IIS) Web server (e.g., IIS) Browser-based Authentication via Browser-based Authentication via Single sign on or User login Single sign on or User login PKI AGOL via OAuth AGOL via OAuth Web app Web app Mobile app Mobile app User login Application (server & portal tokens) Application (server & portal tokens) How service URLs authenticate How service URLs authenticate

22 Esri UC2013. Technical Workshop. OAuth implementation details To be completed… - To be completed… Building Secure Applications

23 Esri UC2013. Technical Workshop. Please fill out the session evaluation First Offering ID: 1421 Online – www.esri.com/ucsessionsurveys Paper – pick up and put in drop box Thank you… Designing and Using Cached Map Services

24 Esri UC2013. Technical Workshop.Building Secure Applications

Download ppt "Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications."

Similar presentations

Publishing GIS Services to ArcGIS for Server

Publishing GIS Services to ArcGIS for Server
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Esri UC 2014 | Technical Workshop | Automating Cache Workflows and Tile Usage Heat Maps Eric J. Rodenberg.

Esri UC 2014 | Technical Workshop | Automating Cache Workflows and Tile Usage Heat Maps Eric J. Rodenberg.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Viewer for Flex—

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Viewer for Flex—
Geocoding - Advanced Techniques

Geocoding - Advanced Techniques
Esri Maps for Salesforce and Microsoft Dynamics CRM

Esri Maps for Salesforce and Microsoft Dynamics CRM
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Esri UC 2014 | Technical Workshop | What Every Manager Needs to Know About Cloud GIS John Thieling.

Esri UC 2014 | Technical Workshop | What Every Manager Needs to Know About Cloud GIS John Thieling.
Esri UC 2014 | Technical Workshop | Optimizing Your JavaScript Web App for Performance Jeremy Bartley Derek Swingley.

Esri UC 2014 | Technical Workshop | Optimizing Your JavaScript Web App for Performance Jeremy Bartley Derek Swingley.
Esri UC2013. Technical Workshop.Editing & Maintaining Parcels with ArcGIS.

Esri UC2013. Technical Workshop.Editing & Maintaining Parcels with ArcGIS.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Configuring ArcGIS.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Configuring ArcGIS.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Online Steps.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS Online Steps.
Portal … from the trenches! Deployment Patterns

Portal … from the trenches! Deployment Patterns
Sharing Geographic Content

Sharing Geographic Content
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Building Secure Applications

Building Secure Applications
ArcGIS Online for Organizations

ArcGIS Online for Organizations
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS for Local Government.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California ArcGIS for Local Government.
ArcGIS Workflow Manager An Introduction

ArcGIS Workflow Manager An Introduction

Similar presentations

Ads by Google