roktech blog

SSL and ArcGIS Server - Time For HTTPS is Now

Posted by Jason Harris on May 5, 2016 10:53:50 AM

We all knew it was coming and now it's here.  The #1 desktop browser, Google Chrome has recently updated several of their API's that affect us GIS developers - most notably for us, GeoLocation.  The short take away here is, in order to take advantage of in-browser geolocation (you know, that home/crosshairs button), you need to use HTTPS when serving your webs and map services.  Adding SSL to your ArcGIS Server site is pretty straightforward as is adding SSL to the webserver of your choice.  The bigger issue (pain) is going through all your code and making sure that everything is being served via HTTPS.  You know, all the javascript libraries, google apis, jquery, etc - they all need to be called via HTTPS or you'll get a 'Mixed Content' error that will block regular HTTP calls.

Esri has blogged about this both here and here.  Go check them out, as they have some pretty handy information.

So, then at some point after you have set all this SSL/HTTPS for your ArcGIS Server map services and web apps up, all you'll want to start forcing all requests to go through HTTPS.  You know, people have old links (with plain HTTP) saved as links and when they get to your site, it won't work properly.  Its pretty simple to add a URL Rewrite to your webserver to make 100% certain your map services and apps are served via HTTPS, regardless of how your users get there.  For IIS, first make sure you have Rewrite extension installed.  After that, all you need to do is add a filter to find all http requests and rewrite them as https.  You can go a little crazy using the IIS interface to test for all sorts of things - but see below for a simple addition to the web.config that sits at the root of your website.  If you don't have one (a web.config file), you can create a new one like seen below:


<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

 

 

Topics: Application Development, arcGIS, ArcGIS Hosting, arcgis https, ArcGIS JS API, arcgis security, ArcGIS Server, ArcGIS Server Hosting, arcgis ssl, Cloud, Dojo, jQuery, mobile, Mobile Applications, ROK Mobile

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all