Securing the cache directory
Release 9.3 E-mail This Topic Printable Version Give Us Feedback

ArcGIS Server supports pre-creating map and globe images for faster performance when users are viewing your services. See What is map caching? for information on creating map caches.

When you secure a map or globe service that has a cache, you should also secure the cache directory. The basic principle is that you should not allow anonymous (unrestricted) access to the cache through a virtual directory. When cache tiles are available in a virtual directory, then Web clients can access tiles using URLs on the Web server, without going through the Web service for the map service. For example, with a map service called MyService1, a tile might be available on your Web server through a URL such as http://www.example.com/arcgiscache/MyService1/Layers/_alllayers/L00/R00004be4/C00003088.png.

The approach outlined below will allow only permitted users to access the cache tiles for your secured services. Since the performance for tile access will be slightly slower than when tiles are accessed directly through JavaScript by the client, you should implement this method only when you need to secure tile access for your secured services.

Using a cache directory with no virtual directory

In this approach, the secured services use a cache directory that has no virtual directory. The application, such as a Web ADF application or ArcGIS Desktop, will request the map or globe tile from the GIS Web service. The service will retrieve the tile from disk after verifying the client's permissions to access the service.

Note that if a cache directory is created during installation of ArcGIS Server, this cache directory will have a virtual directory. A new cache directory that has no virtual directory must be created for use with this approach.

The following steps may be used to create a cache directory and assign services to the cache directory.

  1. Create a new cache directory. Do NOT set a virtual directory for this cache directory. See the steps in Creating a server directory for instructions. Be sure that the accounts used to run the Server Object Manager (SOM) and Server Object Container (SOC) have write access to the directory. If you create the new folder within the arcgisserver folder (e.g., C:\arcgisserver\arcgiscacheSecure), then it will inherit the correct permissions for the SOM and SOC.
  2. In Manager or ArcCatalog, edit the properties of the secured service to set the server cache directory to the directory created earlier that has no virtual directory. You can set the cache directory in the Parameters tab of the service (in ArcCatalog, the service must be stopped to change its properties).
  3. If cache tiles have already been created for the service in a cache directory with a virtual directory, move them to the newly set cache directory on disk. See the Help topic Copying caches for details. For example, if you originally created the service cache in the default folder C:\arcgisserver\arcgiscache, and you created the new cache directory as C:\arcgisserver\arcgiscacheSecure, you can move the folder to the new cache directory. You should not leave a copy in the cache directory with the virtual directory, since the files in that directory will be available with no security.
  4. Repeat the steps two and three for each service that is secured.

When creating a new service, you can specify the cache directory when using the Add New Service wizard. If you use the Publish GIS Resource or Publish to ArcGIS Server wizards to create the service, you can edit the service properties after creating it in order to set the cache directory.