Secure Services
Layers and Tasks in ArcGIS API for iOS communicate with ArcGIS Server web services. These services may be secured to permit access to only authorized users. An ArcGIS Server instance can use one of two authentication methods: token-based authentication or HTTP (including Windows) authentication. Both types of authentication modes are supported by the API.
Working with secure services
To use a secure service, you need to know the credentials (username and password) to access the service. The server administrator can provide this information. Once you know the credentials to use, you need to pass them to the layer or the task through an AGSCredential object.
//create the credential
AGSCredential* cred = [[[AGSCredential alloc] initWithUser:@"<user>" password:@"<password>"] autorelease];
//pass the credential to layer or task
AGSDynamicMapServiceLayer* layer = [AGSDynamicMapServiceLayer dynamicMapServiceLayerWithURL:url credential:cred ];
AGSQueryTask* task = [AGSQueryTask queryTaskWithURL:url credential:cred];
The API will automatically try to discover the type of authentication being used by the service. If the service is using token-based authentication, it will also try to discover the URL of the token service where tokens can be acquired. If you know this information in advance, you can provide it to the AGSCredential object so that it does not make any unnecessary network requests to discover the same information.
AGSCredential* cred = [[[AGSCredential alloc]
initWithUser:@"<user>" password:@"<password>" authenticationType:AGSAuthenticationTypeToken tokenUrl:url
]autorelease];
If the service is using token-based authentication, the layer/task will transparently acquire a token using the credentials you provided. The token will then be included in every request to the service. When the token expires, the layer/task will automatically acquire a fresh token.
If the service is using HTTP authentication, the credentials will be propagated to the service using HTTP request headers.
To safeguard content exchanged over the network from eavesdroppers and man-in-the-middle attacks, you should use HTTPS whenever supported by the service. HTTPS connections use Secure Sockets Layer (SSL) to encrypt information that is exchanged over the network and digital certificates to verify identities of the parties involved.
Note:Self-signed certificates are not supported. Use certificates issued by a trusted certificate authority.