Securinig ArcGIS Web Services - Tech Doc
I've seen a number of questions recently on securing web services hosted by ArcGIS Server. At 9.1 we've added an article to the EDN doc library that should help you get started. This isn't a supplement for fully understanding web server and web services security but it'll certainly help you get your head around the ArcGIS Server security infrastructure.
This article describes the types of web services that can use ArcGIS Server, considerations when implementing security, some methodologies for applying security to web services, and instructions for how to implement security methodologies.
While you're there you might check out the 'What's new at 9.1 for ArcGIS Developers".
Also, before someone else points it out i'll direct you to a little spelling error in one of our interface names. If you browse to the type changes page you'll notice that the first interface I3DAnalaystProtectNames looks a little fishy. For a while this drove Eleanor, our developer doc lead, crazy (she's over it now). Unfortunately the type had been in the system and pretty well burned in when we caught it right before release. It was too late to make the necessary changes through the entire system -and- make our ship date. Looks like we need to start incorporating spell check into our MIDL / build process.
Have thoughs on improving the system? Send us some feedback either here on the blog or via the on-line feedback page.