- Allows for connections to be made to all services, secured and public, from both inside the local domain, and from the internet.
- Does not support single sign-on. All users are prompted for a log-in unless passing an ArcGIS token.
- Requires the installation and configuration of a web adaptor.
Note: See the Related Information links below for web adaptor installation and configuration help.
- All Services are set to secured when web-tier authentication is turned on.
- For web-tier to function, it is required to turn on Windows Authentication and disable anonymous authentication in IIS.
- As a result of disabling anonymous connections in IIS, there are no unsecured services. All services require a Windows Domain Account to be accessible whether accessing the services from inside the domain, or from the internet.
- Using web-tier authentication allows for the use of single sign-on when used inside the local domain.
- When web-tier authentication is turned on, attempting to access the REST and SOAP end points of the ArcGIS server on Port 6080 or 6443 results in an HTTP 403 Unauthorized error. This is by design as accessing the server directly on port 6080 circumvents the web-tier authentication, and is rejected as a result, as seen in this image.
To access the ArcGIS end points, the web adaptor must be used.
- Does not allow ArcGIS tokens to be used to pass credentials since IIS is doing the authentication on behalf of the ArcGIS server.