Building Secure Applications Greg Ponto & Tom Shippee - - PowerPoint PPT Presentation

building secure applications
SMART_READER_LITE
LIVE PREVIEW

Building Secure Applications Greg Ponto & Tom Shippee - - PowerPoint PPT Presentation

Mar 19, 2024 173 likes •465 views

Esri International User Conference San Diego, California Technical Workshops | July 26, 2012 Building Secure Applications Greg Ponto & Tom Shippee Presentation agenda Overview - Exploring 10.1 architecture Beginners: - Using 10.1

slide-1
SLIDE 1
slide-2
SLIDE 2

Technical Workshops |

Esri International User Conference

San Diego, California

Building Secure Applications

Greg Ponto & Tom Shippee

July 26, 2012

slide-3
SLIDE 3

Presentation agenda

  • Overview
  • Exploring 10.1 architecture
  • Beginners:
  • Using 10.1 pre-configured security
  • Experts:
  • Leveraging existing web security
slide-4
SLIDE 4

Thomas Shippee

Section A

Exploring 10.1 architecture

slide-5
SLIDE 5

ArcGIS 10.1 for Server architecture

  • Self-contained
  • Simplified
  • Standards-based
  • Synergized
slide-6
SLIDE 6

Proxy Page

ArcGIS tokens

GIS Tier Application Tier

Architecture at 10.0

GIS Services

Data Tier Internal Network DMZ Web

HTTPS LAN DCOM LAN

SQL Server users & roles

External Web Tier

HTTPS

Internal Web Tier

Windows security store

ArcGIS Web

custom code for ArcGIS tokens

SOM SOC SOC

IIS IIS

Reverse proxy

Enterprise Geodatabase Service Authorization

slide-7
SLIDE 7

GIS Tier Application Tier

Architectural transition

GIS Services

Data Tier Internal Network DMZ Web

HTTPS LAN DCOM LAN

Service Authorization SQL Server users & roles

External Web Tier

HTTPS

Internal Web Tier

Windows security store

Proxy Page

ArcGIS tokens

ArcGIS Web

custom code for ArcGIS tokens

SOM SOC SOC

IIS IIS

Reverse proxy GIS Servers ArcGIS Server Site

Built-in store

Web Tier

IIS

Web Adaptor

Application Tier

Wizard builder Identity manager Enterprise Geodatabase

slide-8
SLIDE 8

GIS Tier

Default 10.1 security configuration

GIS Services

Data Tier Internal Network DMZ Web

HTTPS LAN

Service Authorization

HTTPS

GIS Servers

Built-in store

ArcGIS Server Site

Web Tier Application Tier

Wizard builder Identity manager

IIS

Web Adaptor

Enterprise Geodatabase

slide-9
SLIDE 9

Thomas Shippee

Section B

Using 10.1 pre-configured security

slide-10
SLIDE 10

Default 10.1 security workflow

Create site

Define Primary Site Administrator

Configure administrative security

Define “Administrator” and “Publisher” type roles Assign user to appropriate roles Create Desktop connections & publish services

Configure service access security

Define “User” type roles Assign as permissions to folders/services Assign users to appropriate roles

Build Web Applications

Create web apps (Web API viewer-builders)

slide-11
SLIDE 11

Demo

Create site

Define Primary Site Administrator

Configure administrative security

Define “Administrator” and “Publisher” type roles Assign user to appropriate roles Create Desktop connections & publish services

Configure service access security

Define “User” type roles Assign as permissions to folders/services Assign users to appropriate roles

Build Web Applications

Create web apps (Web API viewer-builders)

slide-12
SLIDE 12

Administrative Security

Alex Primary Site Administrator (PSA)

myAdmins

myAdmin

Penny

Default

myPubs

myPubs

Paul

myPubs

Pat

myPubs

Site Admin

Accounts Roles Privileges

Services Services

slide-13
SLIDE 13

Demo

Create site

Define Primary Site Administrator

Configure administrative security

Define “Administrator” and “Publisher” type roles Assign user to appropriate roles Create Desktop connections & publish services

Configure service access security

Define “User” type roles Assign as permissions to folders/services Assign users to appropriate roles

Build Web Applications

Create web apps (Web API viewer-builders)

slide-14
SLIDE 14

Service security: Use case

  • Gina (Guide) – Edit:
  • Trails
  • Campgrounds
  • Public – View Only:
  • Trails
  • Campgrounds
  • Rick (Ranger) – Edit:
  • Trails
  • Campgrounds
  • Restricted Areas
slide-15
SLIDE 15

GIS service security

guides

Rick Gina

Site Admin

Accounts Roles Permissions

rangers

guides guides rangers

George

guides

Service Root

Secured

guides

Trails

guides rangers

Restricted Areas Natural Resources

guides

slide-16
SLIDE 16

Demo

Create site

Define Primary Site Administrator

Configure administrative security

Define “Administrator” and “Publisher” type roles Assign user to appropriate roles Create Desktop connections & publish services

Configure service access security

Define “User” type roles Assign as permissions to folders/services Assign users to appropriate roles

Build Web Applications

Create web apps (Web API viewer-builders)

slide-17
SLIDE 17
  • Automatically manages

ArcGIS tokens

  • Flex API & Viewer 2.5.1+

(works with ArcGIS 10.0 SP-1+)

Web App Token Secured Service Token Secured Service

slide-18
SLIDE 18

SECTION C

Leveraging existing web security:

Gregory Ponto

slide-19
SLIDE 19

GIS Tier

Web tier single-sign-on at 10.1

GIS Services

Data Tier Internal Network DMZ Web

HTTP LAN

Service Authorization

HTTP

GIS Servers ArcGIS Server Site

Web Tier Application Tier

Single sign-on

IIS

Web Adaptor

Enterprise Geodatabase Shared key Active Directory security store

slide-20
SLIDE 20

Workflow

Configure Security Store

Users & Roles = Active Directory Authentication Tier = Web Adaptor

Define Shared Key

Grant Role Access to Services Configure Web Adaptor

Specify Shared Key Configure Integrated Windows (IIS)

Build Web Applications

slide-21
SLIDE 21

Demo

Configure Security Store

Users & Roles = Active Directory Authentication Tier = Web Adaptor

Define Shared Key

slide-22
SLIDE 22

Demo

  • Grant Role Access to Services
slide-23
SLIDE 23

Demo

  • Configure Web Adaptor

Specify Shared Key Configure Integrated Windows (IIS)

slide-24
SLIDE 24

Demo

  • Build Web Applications
slide-25
SLIDE 25

What Architecture is Right for Me?

Capability Security Store Authentication Tier Authentication Method Application Tier Encryption (HTTPS) Single Sign On Active Directory Web Tier (IIS) Integrated Windows (IIS) Any w/ SSO Support Optional Public/Private Services Any GIS Tier ArcGIS Tokens Any * Recommended Enterprise Users & Roles Active Directory, LDAP Any Any Any * Recommended Web Editing Any Any Any Any * Recommended Mobile Applications Any Any Any Any * Recommended SharePoint Any Any Any Any * Recommended Enterprise Users & Built In Roles Active Directory, LDAP Any Any Any * Recommended Linux LDAP, Built-In Any Any Any * Recommended ArcGIS Online Any Any Any Any * Recommended * Silverlight & SharePoint require use of Proxy Page for token management.

slide-26
SLIDE 26

Steps to evaluate UC sessions

  • My UC Homepage >

“Evaluate Sessions”

  • Choose session from planner

OR

  • Search for session

www.esri.com/ucsessionsurveys

slide-27
SLIDE 27
  • Thank you for attending
  • Have fun at UC2012
  • Open for Questions
  • Please fill out the evaluation:

www.esri.com/ucsessionsurveys First Offering ID: 809 Second Offering ID: 1928

slide-28
SLIDE 28

Wrap-up & Questions

RELATED PRESENTATIONS

  • Securing ArcGIS: Best Practices for Security Implementations

Wed @ 3:15 PM (20 minute)

  • ???

?? @ ?:??