I am using ArcGIS Viewer for Flex 3.1 with secured services. The viewer connects to the secured ArcGIS Server 10.1 services, but when the site loads the user is prompted to login to the service. I am securing the application using IIS authentication, so I don't want the user to be challenged for both the IIS application security and the secured service security. When I generated the token I specified the HTTP referer as the domain of my web server. I then included the generated token with the address of my map service in the config.xml file. I thought that doing this would mean the user would not be challenged to access the secured service because the token is passed through from the config.xml file. Is this not the case? How can I make it so the user is not prompted to login when accessing the application? If they were to access the services directory they would of course have to login there.
↧