Configuring the viewer to use SSL
SSL is short for Secure Sockets Layer, a protocol for transmitting information securely over the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Many Web sites use the SSL protocol to obtain or transmit confidential information, such as user data and credit card information. By convention, URLs that require an SSL connection start with https.
To configure the Application Builder to create sites that access services over SSL, you simply need to update URLs in the configuraiton to use https rather than http. All ArcGIS Online services have SSL (https) equivalents.
Configure the Application Builder to create sites that use SSL
Use the following instructions to configure the Application Builder to always create sites that use SSL to access services.
- Open the Templates\Default\Config\Map.xml file in an appropriate editor, such as Notepad, Wordpad, or Visual Studio. In a default installation of the viewer, the full path will be C:\inetpub\wwwroot\Builder\Templates\Default\Config\Map.xml.
- Change the URL attribute of the basemap (ArcGISTiledMapServiceLayer) to use https instead of http, as shown in the following example.
<esri:ArcGISTiledMapServiceLayer Url="https://services.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer" esriExtensibility:Document.IsBaseMap="True" esriExtensibility:MapApplication.LayerName="Topographic"/>
Note:Only service URLs need to be updated in the configuration files. The other URLs you see are xml namespace identifiers (http://schemas.esri.com/arcgis/mapping/2009, e.g.). These URLs do not need to be updated to use https since they do not point to web content.
- Save and close Templates\Default\Config\Map.xml.
- Open the Templates\Default\Config\Tools.xml file. In a default installation of the viewer, the full path will be C:\inetpub\wwwroot\Builder\Templates\Default\Config\Tools.xml.
- Change the value of the Url element for each BaseMapInfo element in the BaseMapGallery tool configuration to use https, as shown in the following example.
<Tool.ConfigData> <BaseMaps> <BaseMapInfo> <DisplayName>Streets</DisplayName> <Name>Streets</Name> <ThumbnailImage>Images/basemaps/agol_streets.png</ThumbnailImage> <Url>https://services.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer</Url> <BaseMapType>ArcGISServer</BaseMapType> </BaseMapInfo> ... </BaseMaps> </Tool.ConfigData>
- Update the configuration for the SearchTool to use https for its geocode service URL. The easiest way to find this configuration text is to search the file for geocode.arcgis.com.
- Save and close Templates\Default\Config\Tools.xml.
- Start the Application Builder.
- Click the Settings link in the upper right of the page.
- In the Basemaps tab, select each ArcGIS Server basemap and update the URL value to use https. Click Save when finished.Note:
While all ArcGIS Online services can be accessed via https, some basemap types do not provide the option to use SSL. If you require all traffic in your apps to be encrypted, you need to remove such basemaps from the Application Builder.
- In the Application Settings tab, update the Geometry Service and ArcGIS Online Sharing URLs to use https. Click Apply when finished.
- In the Basemaps tab, select each ArcGIS Server basemap and update the URL value to use https. Click Save when finished.
All future Silverlight Viewer apps created with the Application Builder will use SSL for accessing services. To test the updated configuration settings, create a new Silverlight Viewer with the Builder and use a developer tool such as Fiddler to verify that the traffic is using HTTPS.
Update an existing site to use SSL
If you have an existing Silverlight Viewer app that needs to be updated to use SSL, you will need to follow a similar process to the one described previously. In this case, you will edit configuration files for the viewers themselves, and not the settings for the Application Builder.
- Open the Config\Map.xml file for the viewer in an editor. If your viewer is called My Viewer, for example, for a default installation the path would be C:\inetpub\wwwroot\Apps\My Viewer\Config\Map.xml.
- Change the URL attribute of the basemap (ArcGISTiledMapServiceLayer) to use https instead of http, as shown in the following example.
<esri:ArcGISTiledMapServiceLayer Url="https://services.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer" esriExtensibility:Document.IsBaseMap="True" esriExtensibility:MapApplication.LayerName="Topographic"/>
- Do the same for all other layers in your map.Note:
Only service URLs need to be updated in the configuration files. The other URLs you see are xml namespace identifiers (http://schemas.esri.com/arcgis/mapping/2009, e.g.). These URLs do not need to be updated to use https since they do not point to web content.
- When you have updated all service URLs to use https, save and close Map.xml.
- Open the Config\Tools.xml file. If your viewer is called My Viewer, the full path will be C:\inetpub\wwwroot\Apps\My Viewer\Config\Tools.xml.
- If your viewer includes the BaseMapGallery tool, change the value of the Url element for each BaseMapInfo element in the tool configuration to use https, as shown in the following example.
<Tool.ConfigData> <BaseMaps> <BaseMapInfo> <DisplayName>Streets</DisplayName> <Name>Streets</Name> <ThumbnailImage>Images/basemaps/agol_streets.png</ThumbnailImage> <Url>https://services.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer</Url> <BaseMapType>ArcGISServer</BaseMapType> </BaseMapInfo> ... </BaseMaps> </Tool.ConfigData>
- If your viewer uses the SearchTool, update the configuration in Config\Tools.xml to use https for the tool's geocode service URL. The easiest way to find this configuraiton text is to search the file for geocode.arcgis.com.
- Save and close the Config\Tools.xml file.
- Open the Config\Application.xml file. If your viewer is called My Viewer, the full path will be C:\inetpub\wwwroot\Apps\My Viewer\Config\Application.xml.
- Change the value of the ArcGISOnlineSharing, ArcGISOnlineSharingSecure, and GeometryService elements to use https, as shown in the following example.
<ArcGISOnlineSharing>https://www.arcgis.com/sharing/</ArcGISOnlineSharing> <ArcGISOnlineSharingSecure>https://www.arcgis.com/sharing/</ArcGISOnlineSharingSecure> <GeometryService>https://tasks.arcgisonline.com/ArcGIS/rest/services/Geometry/GeometryServer</GeometryService>
- Save and close Application.xml.
- Launch your viewer app. You can use developer tools in your favorite browser or a tool like Fiddler to verify that the traffic for your viewer is now using SSL.
You may need to clear your browser cache in order for the change to HTTPS to take effect.