Security considerations

ArcGIS server allows GIS services access based on security settings. How your agency has chosen to configure these settings determines which XML format you use. If security has not been enabled, then no security-related information must be provided. If your agency has enabled security, additional information may be required, depending on whether you're using Active Directory ESRI security or one of the token security methods.

If you're using Active Directory security, the services will attach the credentials of the application pool by default. Alternatively, you can use the user (user ID), pw (password), and domain attributes in the configuration. These attributes override the anonymous authentication credentials.

This example shows how to access a layer using different credentials:

<CONFIG mapservice="http://sampleserver1/ArcGIS/services/Map/MapServer"
geometryservice="http://sampleserver1/ArcGIS/services/GeometryServer">
<SERVICE user="user123" pw="password123" domain="domain123">
<DATASET id="Parcels" />
<DATASET id="Hydrants" />
</SERVICE>
</CONFIG>

This example shows how to access a layer using a different service and different credentials:

<CONFIG mapservice="http://sampleserver1/ArcGIS/services/Map/MapServer"
  geometryservice="http://sampleserver1/ArcGIS/services/GeometryServer">
<SERVICE mapservice="http://sampleserver2/ArcGIS/services/Map/MapServer" 
geometryservice=”http://sampleserver2/ArcGIS/services/GeometryServer"
user="user123" pw="password123" domain="domain123">
<DATASET id="Roadways" />
<DATASET id="Water_Mains" />
</SERVICE>
</CONFIG>