About authenticating server and services

LegacyLegacy:

ArcGIS 10 is the last release of the stand-alone ArcGIS Image Server product. The image service definition (.ISDef) has been replaced by an improved geodatabase data model—the mosaic dataset—which can be published as an image service using the ArcGIS Server Image extension.

ArcGIS Image Server has an option to ensure that only authorized users can view image services in the client application using an authentication setting. When using authentication, it provides image service-based access security. This feature is turned on or off on the Server Configuration dialog box. If you switch from one mode to the other, the service provider connected to a particular server has to be restarted. When the server obtains the name of a service from a service provider, it creates a file with the same name as the service in C:\Documents and Settings\All Users\Application Data\ESRI\Image Server\Services (Windows 2003 Server and Windows XP) and in C:\ProgramData\ESRI\Image Server\Services (Windows Vista, Windows Server 2008 and Windows 7).

The image server authentication of image services is based on the Microsoft Windows security settings. The administrator can use the operating system access control to define users' access control to these files individually or as a directory. When a client requests access to a server, it sends its authentication details along with the request. The server checks if the user has read access to these files; if not, the client application does not display the image service. Only services for which the user has read access will be displayed.

When the authentication check box is checked, ArcGIS Image Server uses named pipes that only work within a LAN. If direct access is required over the Internet, authentication should be turned off, in which case ArcGIS Image Server uses remote procedure calls.

Controlling the user access to a service involves two procedures. First, you need to activate authentication in the server using the Image Server Manager. When authentication is enabled, the server creates a file corresponding to each service registered under that server. The file has the same name and folder structure as the name of the image service, and these files are created in C:\Documents and Settings\All Users\Application Data\ESRI\Image Server\Services (Windows 2003 Server and Windows XP) and in C:\ProgramData\ESRI\Image Server\Services (Windows Vista, Windows Server 2008 and Windows 7). Since the image server authentication is based on the Microsoft Windows security settings, the authentication file corresponding to each service inherits the properties of the parent directory. By setting access rights to the parent directory as Denied, by default, access to the file created in this parent directory will be denied to everyone.

Related Topics

About managing service providers
About managing the image servers
About publishing image services

Copyright © 1995-2011 Esri. All rights reserved.
4/18/2011