Authentication Web Service validates access to ArcWeb Services. Before a client accesses an ArcWeb service, it must call Authentication Web Service with a user name and password over a Secure Hypertext Transfer Protocol (HTTPS) Secure Sockets Layer (SSL) connection. These security measures minimize the risk that an unauthorized user can access an ArcWeb service by stealing valid login information. If the user and password are valid, Authentication Web Service returns a time-limited token. The token is a binary encoded string that the client application uses to call ArcWeb services. See ArcWeb Services authentication for more information on the authentication process.
There are three basic steps for using Authentication Web Service to access ArcWeb services.
Step 1: Use the getToken method or the getCustomExpirationToken method to get a token from Authentication Web Service.
Note: You must an active ArcWeb Services account to access Authentication Service and any other ArcWeb service (other than Place Finder Sample Web Service).
If the login information is correct, the Authentication Web Service sends back a token string.
Step 2: Call an ArcWeb service with an argument that passes in the token.
If the ArcWeb service recognizes the token, it sends back the requested response. If the token expires during a session, Authentication Web services sends back error 1021: Token has expired.
Step 3: Call Authentication Web Service with a new getToken request if the current token has expired.
Visit the Feedback page to give comments or suggestions about the ArcWeb Developer's Guide.