Most ArcGIS portals contain a considerable amount of content that is not public, but is instead secured and shared with the entire organization or specific groups. To access this secured content, users must authenticate with the portal.
The portal object will have access to all the secure content for which the user has access privileges and can be used to find out more information about the user, such as the user's full name (instead of the account user name). Additionally, information about the organization such as the name, banner image, description, and so on, can be read. Apps often make use of this information when a user connects to a specific portal, to show the user organization branding and context.
Typically, the portal object with the authenticated user is cached and used throughout the app session, to provide the app with a view of a portal that is centered around a single user. When the app is restarted, the credential must be reinstated, or the user must repeat the authentication process.
Access tokens
Accessing secured content requires an access token. The most common access tokens in ArcGIS are OAuth 2.0 tokens and API keys. For information on authentication in ArcGIS Maps SDK for .NET, see Security and Authentication in this guide. For steps to obtain user authentication or API key credentials, see Create developer credentials.
Accessing secured content in ArcGIS Online requires that you authenticate with the portal. You can do this by creating an ArcGISPortal instance. Then your app must apply the access token.
The workflow for accessing secured content is as follows:
- Apply the access token in your app code.
- Create an
ArcGISPortalinstance.
Access using OAuth
When accessing secured content using OAuth 2.0 credentials, the user's ArcGIS account must be of the correct user type and have the necessary privileges.
The following code attempts to create a new OAuth credential by prompting the user to log in using the configured OAuth settings (portal URL, client ID, redirect URL). Upon successful authentication, the new credential is added to the AuthenticationManager.
// Create a new OAuth configuration for ArcGIS Online.
var userConfig = new OAuthUserConfiguration
(
portalUrl: new Uri("https://www.arcgis.com/sharing/rest"),
redirectUrl: new Uri(OAuthRedirectUrl), // Redirect URL configured with app
clientId: AppClientId // Client ID configured for app
);
// Challenge the user to log in, then get the credential.
// (This invokes the challenge handler set with AuthenticationManager.Current.OAuthAuthorizeHandler)
Credential cred = await OAuthUserCredential.CreateAsync(userConfig);
// Add the credential to the AuthenticationManager.
AuthenticationManager.Current.AddCredential(cred);
You must set the AuthenticationManager.OAuthAuthorizeHandler in your application to handle the OAuth login UI. This is implemented with a custom IO to display a web view for the user to enter their credentials. See the Authenticate with OAuth (.NET MAUI) and Authenticate with OAuth (WPF) samples for an example implementation for each platform.
The code is the same whether connecting to ArcGIS Online or ArcGIS Enterprise. The only difference is the URL. For information on accessing ArcGIS Enterprise, see the Getting started using ArcGIS Enterprise.
Access using an API key
An API key must have the required privileges for the content being accessed. You can apply the key to the ArcGISRuntimeEnvironment class so it's available across the entire application. For information on using API Keys in your app, see Security and authentication in this guide.
For an example of API key use in an app, see any of the ArcGIS Maps SDK for .NET tutorials, such as Display a map.
ArcGISRuntimeEnvironment.ApiKey = "YOUR_ACCESS_TOKEN";