English

How To: Enable ArcIMS authentication with a file-based Access Control List

Summary

ArcIMS offers two methods for restricting access to map services through the ArcIMS Servlet Connector using an Access Control List (ACL):

  • ArcXML text file
  • JDBC connection to a database
The main advantage of a file-based ACL is that it is easy to create and requires no additional components. A file-based ACL stores permissions in an XML file that can be created using any text editor. Within this file, the service names and authenticated username(s) and password(s) are specified. The contents of the file are loaded into memory when the servlet initializes. Thus, edits to the ACL file require the servlet engine (or Web server, if the servlet engine is native to the Web server) to be restarted for the changes to take effect.

Procedure

The following example uses ESRI Sample data, which is installed under the ArcIMS Installation directory\Samples\Tutorial Data directory.

  1. Create the following three Image Services in ArcIMS Administrator from the sample AXL files of the same name:
  • Canada
  • SanFrancisco
  • SantaClara
Note:
For the purpose of this example, these should be the only three services listed in ArcIMS Administrator.
  1. Design an HTML Viewer for each of the three services created in Step 1 using ArcIMS Designer.
  2. In the Esrimap_prop file, located in the Servlet Engine Installation Directory, uncomment the following lines and confirm the following attributes and values:
    enable=True
    
    authenticate=True
    
    authMethods=Basic 
    
    authenticateWithSessions=True 
    
    sessionTimeout=120
    
    aclFileName=<full pathname to the ACL file>/aimsacl.xml
    Note:
    Typically, the ACL file will be placed in the same location as the Esrimap_prop file. Slashes in the pathname must be forward slashes (/).
  3. Create the XML file to store the ACL.
    1. Open a text editor, such as NotePad, and copy the following code into it:
      <?xml version="1.0"?>
      <AIMSACL>
      <USER name="*" services="Canada, SanFrancisco" />
      <USER name="test" password="private" services="SantaClara" />
      </AIMSACL>
      Note:
      Be mindful of case sensitivity. Standard XML format dictates that elements (such as AIMSACL and USER) must be in uppercase, while attributes (such as name, password and services) must be in lowercase.
    2. Save the file as "aimsacl.xml" (quotes included) and select All Files for Save as type.
    3. Close the file.
  4. If you are using IIS as your Web server, you will have to configure IIS for authentication.
    1. On the taskbar, click Start > Settings > Control Panel > Administrative Tools > Internet Services Manager.
    2. In the left panel, double-click the machine name to expand the tree structure.
    3. Double-click Default Web Site.
    4. If you're running ServletExec or JRun as your servlet engine, double-click Scripts.
      If you're running Tomcat, double-click Jakarta.
    5. In the right panel, right-click ServletExec_ISAPI.dll, jrun.dll, or isapi_redirect.dll (for ServletExec, JRun, and Tomcat, respectively) and click Properties.
    6. Click the File Security tab.
    7. Click Edit for Anonymous access and authentication control.
    8. Uncheck Basic and Integrated Windows authentication as well as Digest authentication. Click OK.
  5. Stop and start the Servlet Engine. If the Servlet Engine is native to the Web Server, you will have to stop and start the Web Server.
    Note:
    Stopping and restarting the servlet engine or Web server allows your edits to the Esrimap_prop file to take effect, thereby enabling authentication through the ACL.

Related Information