Common Security

How to use

If the sample has associated data, you will find that the sample's zip file includes a "data" folder alongside the language folders. However, you will need to update the sample to point to the location of the data once you have extracted all the files.

1. Verify that the Web ADF for the .NET Framework is installed and functioning properly. For information on installing and configuring the Web ADF, consult the installation guide. To use the included Structured Query Language (SQL) Server Express database, Microsoft SQL Server Express 2008 must be installed.
2. In Windows Explorer, navigate to <ArcGIS Developer Kit install location>\Samples\ServerNET\Common_Security. This folder contains the sample's CSharp and VBNet folders.
3. Open the folder of the language you are going to use (that is, CSharp or VBNet) and copy the Common_Security_<language> folder to c:\inetpub\wwwroot. The <language> variable can be CSharp or VBNet.
4. Open the IIS Manager from Control Panel, Administrative Tools, Internet Information Services (IIS) Manager, or Internet Information Services.
5. In the console tree view on the left, navigate to Local Computer, Web Sites, Default Web Site. Expand Default Web Site. Right-click the Common_Security_<language> folder and click Properties. The Properties dialog box appears.
6. Click the Directory tab, click the Create button in the Application Settings section, then click OK to close the Properties dialog box.
7. Start Visual Studio 2010 and open the Common_Security_<language><vs_version> solution (for example, Common_Security_CSharp2010.sln).
8. In the Solution Explorer, right-click Default.aspx, and select Set As Start Page.
9. Open the Default.aspx page in design view, open the properties window for the MapResourceManager control, and click the ellipsis next to the ResourceItems property. The ResourceItem Collection Editor dialog box appears.
10. Add or change the MapResourceItem associated with a map service (for example, ArcGIS for Server, ArcIMS, and so on). This sample was created using the ArcGIS for Server Internet service USA, based on the USA.mxd available in the <ArcGIS Developer Kit install location>\Samples\data\USA folder. Using this service avoids having to change the settings on the Web page.
11. If an ArcGIS for Server local resource was added in the previous step, set the run time identity of the Web application by following one of the next two steps. If not necessary, proceed to Step 14.
12. At design time, the identity of the user running Visual Studio is used to connect to an ArcGIS for Server local data source. At run time, that identity is established by the Web application. Only one identity can be used to define access to the ArcGIS for Server local data sources in a single Web application. This identity can be explicitly defined when building the Web ADF application in Visual Studio by right-clicking the Web project in the Solution Explorer, and selecting the Add ArcGIS Identity option. Add the identity credentials that will be used to access ArcGIS for Server local resources at run time. This information is added to the web.config file in a standard ASP.NET identity tag. If the Encrypt identity in web.config check box is selected, the identity tag will be encrypted; otherwise, the username and password are stored as clear text.
13. Open the web.config file, add an <identity> element in <system.web>, set the impersonate attribute to true, add a username and password attribute, and set them to a valid user account. Ensure the account is in the agsusers and agsadmin account on the ArcGIS for Server machine.
14. If the USA map service described in Step 10 is not used, follow the steps in the "Use a different map service" section in this sample.
15. Save the project.
16. Add permissions for the user database by following the steps in the "Add database permissions" section in this sample.
17. In Visual Studio, click the Debug drop-down menu, and click Start Debugging.

1. Open Default.aspx in design view, click QueryAttributesTask1, click the smart tag (small arrow) in the upper right of the control, and click Edit the Query in the context menu. A dialog box appears.
2. Modify the query so that it applies to a resource and layer in your application.
3. Repeat Steps 1 and 2 for QueryAttributesTask2 (in the LoginView control in the upper left of the page).
4. Open the Default.aspx.cs or Default.aspx.vb code-behind page, find the variable layerToHide, and set it to the name of a layer that is present in a map resource (service) in the Web application.
5. Save the project.

1. In Windows Explorer, navigate to the location of your Web site in C:\inetpub\wwwroot, right-click the App_Data folder, and choose Properties. The Properties dialog box appears.
2. Click the Security tab and click Add. The Select Users, Computers, or Groups dialog box appears.
3. Add the ASPNET service account if using Windows XP. Add the Network Service account if using Windows Server 2003 and 2008. If necessary, use the Advanced button to find these accounts. Click OK.
4. On the Security tab, highlight each of the ASPNET and Network Service accounts, select the Modify check box under Allow, then click OK. The security settings are saved.

1. Browse to the viewer uniform resource locator (URL), for example, http://localhost/Common_Security_CSharp. You will be redirected to the login page.
2. Add a valid login. The included database has two users; manager1 (password manager1$) in the Managers group; and staff1 (password staff1$), which is not in the Managers group. Upon a successful login, you are redirected to the main default.aspx page. If logged in as a user in the Managers role, the items described in the following "Additional information" section are available. If logged in as a user not in the Managers group, the page removes a layer, the Map Info tool, and the two tasks from the page.
3. Interact with the map and other items on the page. The Map Info tool, if available, displays fields and names of vector layers in the map services (including graphics layers, if present after using tasks).
4. Use the Change Password link to modify the current user's password.
5. Click Log Off. The login page reappears. If necessary, you can log in again with a different account.
6. Use the Create User link to create an account. The new account is not added to any role by default, so it cannot access the optional content that is available only to the Managers role. You can use the Web Site Administration Tool to add the user to a role.

Additional information

• Map layer—The highways layer is hidden on the map and its entry removed from the Toc control.
• Toolbar item—The custom Map Info command is removed from the toolbar.
• Task—Two QueryAttributesTask controls are removed from the page.

• Login control—Used in Login.aspx to log in users.
• LoginName control—Used in Default.aspx to display the logged-in username.
• LoginStatus control—Used in Default.aspx to display a log-out hyperlink.
• CreateUserWizard control—Used in CreateUser.aspx to enable new users to create an account. A hyperlink from the login page leads to this page.
• ChangePassword control—Used in ChangePassword.aspx to allow logged-in users to change their password. A hyperlink from the Default.aspx leads to this page.

• manager1 (password: manager1$)—Member of the Managers role, so this user can see all content on the page.
• staff1 (password: staff1$)—Not in the Managers role and has items hidden as previously described.