When ArcGIS web services are secured using ArcGIS token-based authentication, the client software must be able to obtain and use the token. Esri client applications, such as ArcGIS Desktop, automatically handle the process of acquiring tokens from the token service and presenting tokens to the secured ArcGIS web service. The behavior of ArcGIS clients when connecting to an ArcGIS web service secured using token-based authentication is described below.
- ArcGIS Desktop (ArcMap, ArcCatalog): The user enters a valid user name and password into the connection dialog box. If no user name or password is entered, or if the login is incorrect, the software prompts the user to enter correct credentials.
- JavaScript applications (ArcGIS API for JavaScript and other REST-based applications): The client must be capable of providing a token to access the service that requires a token. In most cases, it will not be appropriate to embed the user name and password for the service into the client-side JavaScript. Instead, a long-lived token can be obtained from the token server, and this token can be included in the client-side page. The token is then included in the request for the service. For details on acquiring the token, see Acquiring ArcGIS tokens. For information on requesting a resource with a token, see the appropriate API help.
- SOAP-based applications: Applications that use a SOAP toolkit to access the WSDL of the GIS web service need to acquire and use tokens explicitly. See the ArcGIS Server Developer Help for information and examples.
- ArcGIS Web Applications (Java or Microsoft .NET): The web application uses the credentials previously entered into the ArcGIS Web Applications Manager or in the developer environment.