Vishful thinking…

Digging a little deeper into Google Fusion Tables – A technical GIS perspective

Posted in GIS by viswaug on February 14, 2011

Before I start getting into too much details about Google Fusion Tables, I will provide a link out to Google Fusion Tables. If you haven’t heard/played around with it yet, i would strongly encourage that you take a little time to do so. It will definitely not disappoint you and is definitely worth the time. It is still in ‘Beta’, but it is looking good.

The ‘Map’ and the ‘Intensity Map’ visualization of the table data should be of special interest to all the GIS folks. It makes the process of mapping data real easy. The ‘Location’ field type in Fusion Tables supports both street address strings and KML string representation of geometries. The street addresses entered into the location field get automatically geocoded and are viewable on the map visualization.

  • Even though the documentation doesn’t explicitly state it, the Location field supports the ‘MultiGeometry‘ representation in it’s Location field alongside the Point, LineString and the Polygon representations
  • This might be pretty obvious, but it supports only the WGS 84 Geographic coordinate system just like KML.

The map visualization also currently simple thematic rendering of maps based on certain column values. Some of the documentation on how to acheive it and available options are not very easy to find. So, I thought a link to the documentation might help later. The list of the available map markers are here. There are also a very good collection of publicly available data on Fusion Tables also. Check out the USA State and County boundaries here. There is also a wealth of other information out there already on Fusion Tables that are publicly available and can be easily location with a simple search. You can also upload ‘.csv’, ‘.kml’, spreadsheet files to Fusion Tables. The ‘ShpEscape‘ site also allows us to upload ‘.shp’ files to Fusion Tables. Once uploaded, data can simply be shared via an URL rather than emailing ‘.shp’ files around as attachments. Government agencies are also taking to Fusion Tables. Check out data from USDA NRCS, State of California and Natural Earth Vector data. I am hoping that the list gets bigger. Apart from just sharing data, it allows us to easily apply different chart visualizations to the data to glean useful trends and analytics for better informed decision making. Pretty powerful tools to unleash the power of data.

Fusion Tables also allows us to merge/join two tables in Fusion Tables based on a shared key. Fusion Tables also allows us to create views from base tables where only a filtered list of rows or columns are visible.

The views feature in Fusion Tables enables us to set user permissions based on columns and rows. To accomplish this, keep the base table private and create views that display only a filtered set of rows or columns. Now, the views alone can be shared with users. Users get access to different views as per their permission set.

The Google Fusion Tables also provides a simple and powerful API over HTTP to administer and manage your data in Fusion Tables. Public tables can be easily managed via simple HTTP requests to Fusion Tables identifying the table. Private tables can also be managed pretty easily using OAuth authenticated requests. The API does have some missing features also. The major one being that Fusion Tables does not support ‘OR’ queries. This missing functionality arises from the fact that Fusion Tables is built on top of Google’s DataStore.

  • Views cannot be created from Merged tables, but only from base tables
  • The resulting data from querying data from Fusion Tables is a comma delimited list of field values. Text column values are not normally not inside quotes unless they contain commas as a part of their field value. The Location field values are returned as KML string representations and they can contain commas in them. So, beware of this return format which throws a monkey wrench into the code needed for splitting the field values from the Fusion Tables response.

Google maps api v3 also supports displaying Fusion Tables data as overlays. The maps api pop-up bubble can be customized via Fusion Tables using any built-in templates or by providing custom HTML templates. The data being displayed on the map can also be filtered by providing a query string.

  • Note that the Fusion Tables query used in the maps api does not like queries of the type ‘Select * FROM’. It doesn’t like the ‘*’ and requires a column name to be specified
  • All Fusion Tables layers on the map get drawn on the map as a single overlay. That is, even if you have 10 Fusion Tables layers added to your google map, the api does not make ‘n’ tile requests for the 10 layers individually making the number of images being requested n*10, but the api only request ‘n’ tiles for all the Fusion Tables layers. This is just like how KML layers are handled in the maps api.

Fusion Tables does cluster your data into points on the map automatically at high scale levels. There are also some data serialization limits built-in to the Fusion Tables API. There is currently no way to display private Fusion Tables data overlayed in the google maps api v3. But that feature is supposed to be coming for google maps premier customer. I have submitted a list of Feature Requests (see below) with the Fusion Tables team, please star them if you would like to see them also.

That said, Fusion Tables is teh awesome.


Well Known Text (WKT) representation for MultiPoint

Posted in GIS, SQL Server 2008 by viswaug on February 13, 2011

Adding to my experience with Oracle from the last post. Turns out that the ‘Well Known Text’ (WKT) representation of MultiPoint geometries differs between Oracle and MS SQL Server,MySQL. Consider the ‘STMPointFromText‘ method in MS SQL Server, the representation of the MultiPoint geometry it expects is like the example shown below.

MULTIPOINT(-122.360 47.656, -122.343 47.656)

As you can see, the Latitude & Longitudes are separated by a space and the coordinate pairs are separated by a comma and that’s it. Here is how Oracle expects the WKT for a MultiPoint geometry to be represented.

MULTIPOINT((-122.360 47.656), (-122.343 47.656))

Oracle expects the coordinate pairs to also be enclosed with parenthesis. Wikipedia seems to agree with the Oracle representation also. Apparently, the initial OGC specifications were not clear and the community started using the first representation for MultiPoint geometries. Some of the .NET GIS libraries I work with use the first version of the MultiPoint geometry WKT. But OGC has clarified the specifications and accordingly, the second version used by Oracle is the correct one. MS SQL Server and MySQL use the first version of the MultiPoint geometry WKT. This has turned out to be a pain for us and probably for other gis developers out there also.

Oracle spatial and the web mercator spatial reference system

Posted in ArcGIS, ESRI, GIS by viswaug on February 11, 2011

We have been attempting to streamline the way we store and process spatial data in Oracle. Normally, we would create our spatial tables as FeatureClasses from ArcCatalog and create plain old Oracle tables for our business/attribute data that would be joined with the spatial data in the FeatureClasses through a shared key field to create a SDE spatial view. This works just fine, but there are some drawbacks to this approach

  • SDE creates unnecessary fields on the FeatureClass table in Oracle, like the field cad annotation that just don’t need to be there.
  • Creating FeatureClasses manually from ArcCatalog is a process that cannot be automated as a part of the build process. Ideally, we like to execute a command from our build scripts that will delete our entire model from the database and run another command to recreate the entire model to start off with a clean slate for testing our every build. These scripts will also be used during the deployment process when the database needs to be recreated in another environment.
  • FeatureClasses will need to be edited through ArcObjects (versioned/unversioned) or ArcMap(versioned) which would need an ESRI license on any client machine wanting to edit the spatial data. In a web environment, this would mean a ESRI license on the web server.

We wanted our setup to try and work around some of the drawbacks above. So, we wrote SQL scripts that would

  1. Create the spatial table
  2. Insert metadata about the spatial table into the Oracle geometry metadata table USER_SDO_GEOM_METADATA
  3. Create a spatial index on the table
  4. Register the Oracle spatial table with ArcSDE as a FeatureClass using the ‘sdelayer -0 register’ command

Here is some sample SQL scripts to perform the first three steps with Oracle

CREATE TABLE customers (
  customer_id NUMBER,
  last_name VARCHAR2(30),
  first_name VARCHAR2(30),
  street_address VARCHAR2(40),
  city VARCHAR2(30),
  state_province_code VARCHAR2(2),
  postal_code VARCHAR2(9),
  cust_geo_location SDO_GEOMETRY);
     (SDO_DIM_ELEMENT('LONG', -180.0, 180.0, 0.5),
     SDO_DIM_ELEMENT('LAT', -90.0, 90.0, 0.5)),

CREATE INDEX customers_sidx ON customers(cust_geo_location)
  INDEXTYPE IS mdsys.spatial_index;

The sample sde command to register the table as a multi-polygon FeatureClass with ArcSDE specifying the bounds

sdelayer -o register -l CUSTOMERS,CUST_GEO_LOCATION -e a+M -C CUSTOMER_ID -i sde:oracle11g -s SERVER_NAME -u XXX -p YYY@orcl -t SDO_GEOMETRY -P High -x -180,-90,11132000

As you can see from the commands above the spatial table is registered with Oracle to have an SRID (spatial reference id) of 8307 which denotes the WGS 84 Geographic Coordinate Systems. Oracle maintains its own CS_SRS table where it maintains a list of Oracle supported spatial reference systems. The SRID specified when adding the geometry metadata with Oracle is expected to be present in the CS_SRS table, else Oracle will insert the metadata into its tables. The bounds specified when registering the spatial table as a FeatureClass with ArcSDE also reflects the WGS 84 GCS.

So far so good. The above solution works like a charm. Now that the ArcGIS Online base maps have moved to the Web Mercator projection system used by google and bing, we also wanted to maintain our data in Web Mercator so that the GIS server doesn’t have to reproject the data when rendering maps and also so that we could serve out spatial data as GeoJSON/ArcJSON from our custom web services to consumed by web clients. Here is where trouble started. Oracle does not have a SRID for the web mercator projection system. We ran through the CS_SRS table to check for it maintained under a different id but with no luck. The process of registering a new SRID with Oracle is not documented anywhere as far as I can tell. Apparently, it is not as simple as adding an entry into the CS_SRS table which we tried unsuccessfully.

So, to work around this issue, we registered our spatial table with the Oracle geometry metadata table without an SRID. So, Oracle thinks the SRID for the spatial table in NULL. This becomes a problem when we try to insert geometries with ESRI’s SRID 102113 into the spatial table. Oracle doesn’t let us insert geometries into the spatial table whose is not NULL to match the entry in its geometry metadata tables. So, we are forced to insert geometries with a NULL SRID into the table. But ArcSDE needs to know that the spatial table is in the Web Mercator projection system. To do this, we registered the spatial table using the ‘sdelayer -o register’ specifying the projection file “WGS 1984 Web Mercator (Auxiliary Sphere).prj” from ESRI. See the sample below

sdelayer -o register -l CUSTOMERS,CUST_GEO_LOCATION -e a+M -C CUSTOMER_ID -i sde:oracle11g -s SERVER_NAME -u XXX -p YYY@orcl -t SDO_GEOMETRY -P High -G file=”C:\TEMP\WGS 1984 Web Mercator (Auxiliary Sphere).prj”

The insert statement for the Oracle geometry metadata tables look like this




(SDO_DIM_ELEMENT(‘X’, -20037700, 20037700, 0.1),

SDO_DIM_ELEMENT(‘Y’, -20037700, 20037700, 0.1)));

This is ugly, but it works. We were able to view and edit the data in ArcMap just fine.

Here are some more things discovered along the way

  • Oracle makes all the table names and the field names all upper case by default even when you specify the names in lower case in the SQL statements. We can force Oracle to use lower cases alphabets in the table/field names by specifying the table/field names in the SQL statements by enclosing them in quotes.
  • If you use the technique above to use table/field names in lower case for the spatial tables, you will not be able to register the geometry metadata for the table with Oracle. This is because Oracle expects the spatial table/field name to be in all upper case for insertion into the geometry metadata table. This is just a crazy crazy thing and i can’t imagine this requirement being intentional.
  • Oracle spatial SQL syntax is ugly. Very ugly. They can definitely learn from the sweet SQL syntax in MS SQL SERVER 2008.
  • The free version of Oracle called Oracle XE does support the spatial data types. That is, in Oracle XE we can store columns whose data type is MDSYS.SDO_GEOMETRY. Oracle XE also allows us to perform some spatial operations on these spatial columns but not all spatial operations that are available in the enterprise edition of Oracle. The spatial features that are available in the XE edition is not documented anywhere as far as I can tell. Oracle spatial extensions bring more spatial features to Oracle enterprise edition like raster support etc.
  • The MDSYS.Oracle ST_GEOMETRY is different from the ESRI ST_GEOMETRY and is a wrapper around MDSYS.SDO_GEOMETRY

If you are aware of a better way to do things with Oracle and SDE for the web mercator projection, please let me know, I am all ears. I hope this post save some other poor soul some pain and suffering.

Drag & Drop support for graphics in the ESRI Silverlight API

Posted in Uncategorized by viswaug on June 30, 2010

I have recently added drag and drop support for graphics in the ESRI Silverlight API to the ESRI Silverlight API Contrib library. The library has also been upgraded to ESRI Silverlight API Beta 2. Will soon upgrade it to RC. The drag & drop functionality can be added to specific graphics or to all the graphics in a graphics layer. Enabling drag and drop is real easy. Just call the ‘MakeDraggable(map)’ method on either a Graphic object or a GraphicsLayer object. ‘MakeDraggable’ is an extension method that takes a reference to the ESRI Silverlight API map control to do it’s magic. The return from the method call is an ‘IDisposable’. To stop the graphic or the graphics on the graphics layer from being draggable, just call ‘Dispose’ on the ‘IDisposable’ object returned above. The map remains entirely usable when the graphics are draggable, so no worries there.

I am also currently looking into adding custom drawing tools to the library that will have the map be pannable when drawing and allow adding new drawing tools like circle etc if needed. If you want to see some new interesting features added to the ESRI Silverlight API Contrib library, let me know 🙂

Helper classes for mock testing WebClient

Posted in Uncategorized by viswaug on May 17, 2010

The WebClient class in .NET and Silverlight is used for fetching (GET) resources from the web or sometimes locally. This scenario inherently does not lend itself very well to unit testing since it means the component being written is dependent on an external resource. Unit testing seeks to test the component by itself and eliminate the request to the external resource. Mock testing comes to our rescue in such scenarios by letting us mock the touch-points where the component interfaces with the external resource. But, the use of WebClient to make the request to the external resource makes mocking tricky, since WebClient does not implement interfaces or virtual methods to expose its functionality. Most of the widely used mocking frameworks can only mock members of an interface or virtual methods. To overcome this short-comming, I have created and used the following helpers classes to help mock web requests made using WebClient. It consists of a ‘WrappedWebClient’ class that wraps the methods supported by WebClient and implements interfaces defined alongside to help with the mocking of those methods.

The sample below contains a service class that fetches stories from the Digg web service using a search term.

  1. public interface IServiceRequest<T, K>
  2. {
  3.     void Run( T input );
  5.     event EventHandler<ServiceRequestEventArgs<K>> SelectionCompleted;
  7.     object State
  8.     {
  9.         get;
  10.         set;
  11.     }
  12. }
  1. public class DiggSearchService : IServiceRequest<string, IEnumerable<DiggStory>>
  2. {
  3.     string template ={0}&count={1}&appkey=”;
  5.     public IWebDownloader WebDownloader
  6.     {
  7.         get;
  8.         set;
  9.     }
  11.     public int StoryCount
  12.     {
  13.         get;
  14.         set;
  15.     }
  17.     public DiggSearchService()
  18.     {
  19.         WebDownloader = new WrappedWebClient();
  20.         StoryCount = 10;
  21.     }
  23.     #region IServiceRequest<string,IEnumerable<DiggStory>> Members
  25.     public void Run( string input )
  26.     {
  27.         WebDownloader.DownloadStringCompleted += new EventHandler<WrappedDownloadStringCompletedEventArgs>( WebDownloader_DownloadStringCompleted );
  29.         Uri address = new Uri(string.Format(template, input,StoryCount));
  30.         WebDownloader.DownloadStringAsync( address, State );
  31.     }
  33.     void WebDownloader_DownloadStringCompleted( object sender, WrappedDownloadStringCompletedEventArgs e )
  34.     {
  35.         if( e.Error != null )
  36.         {
  37.             RaiseSelectionCompletedEvent( null, e.Error );
  38.             return;
  39.         }
  41.         XDocument xmlStories = XDocument.Parse( e.Result );
  43.         IEnumerable<DiggStory> stories = from story in xmlStories.Descendants( “story” )
  44.                       select new DiggStory
  45.                       {
  46.                           Id = ( int ) story.Attribute( “id” ),
  47.                           Title = ( ( string ) story.Element( “title” ) ).Trim(),
  48.                           Description = ( ( string ) story.Element( “description” ) ).Trim(),
  49.                           HrefLink = new Uri( ( string ) story.Attribute( “link” ) ),
  50.                           NumDiggs = ( int ) story.Attribute( “diggs” ),
  51.                           UserName = ( string ) story.Element( “user” ).Attribute( “name” ).Value,
  52.                       };
  53.         RaiseSelectionCompletedEvent( stories, null );
  54.     }
  56.     public event EventHandler<ServiceRequestEventArgs<IEnumerable<DiggStory>>> SelectionCompleted;
  58.     public object State
  59.     {
  60.         get;
  61.         set;
  62.     }
  64.     #endregion
  66.     private void RaiseSelectionCompletedEvent( IEnumerable<DiggStory> data, Exception ex )
  67.     {
  68.         if( SelectionCompleted != null )
  69.             SelectionCompleted( this, new ServiceRequestEventArgs<IEnumerable<DiggStory>>( data, ex ) );
  70.     }
  71. }

The service class above uses the WrappedWebClient instead of the WebClient class itself. This enables the service class to be unit tested by mocking out the web request to the digg service. The WrappedWebClient implements the following interfaces

  • IWebDownloader
  • IWebUploader
  • IWebReader
  • IWebWriter

This enables us to mock the various types of operations that can be performed by the WebClient. The Digg service class above exposes an IWebDownloader property which makes it clear that the service class uses the ‘DownloadStringAsync’ method on the WebClient to access the service. To test the service class above, a sample response for the request can be downloaded beforehand and saved as a XML file. This file can then be compiled as a ‘Resource’ into the test assembly. During the test, the XML file can be retrieved from the test assembly and can be used as the return value from the mock object for the IWebDownloader interface. The Silverlight unit test below illustrates how the service class can be unit tested using the helper classes and the Silverlight mocking framework ‘Moq’.

  1. [TestClass]
  2. public class DiggSearchServiceTest : SilverlightTest
  3. {
  4.     [Asynchronous]
  5.     [TestMethod]
  6.     public void DiggSearchServiceSuccessTest()
  7.     {
  8.         DiggSearchService target = new DiggSearchService();
  10.         StringBuilder sb = new StringBuilder();
  11.         StringWriter sw = new StringWriter( sb );
  12.         XDocument.Load( “/WrappedWebClient;component/Tests/stories.xml” ).Save( sw );
  14.         var mock = new Mock<IWebDownloader>();
  15.         mock.Setup( foo => foo.DownloadStringAsync( null ) ).Verifiable();
  16.         target.WebDownloader = mock.Object;
  18.         bool isLoaded = false;
  19.         IEnumerable<DiggStory> result = null;
  20.         target.SelectionCompleted += ( sender, e ) =>
  21.         {
  22.             isLoaded = true;
  23.             //Get the results from the service
  24.             result = e.EventData;
  25.         };
  26.         target.Run( “LSU” );
  28.         EnqueueDelay( 1000 );
  29.         //Mock the service request results
  30.         EnqueueCallback( () => mock.Raise
  31.             (
  32.                 bar => bar.DownloadStringCompleted += null,
  33.                 new WrappedDownloadStringCompletedEventArgs( sb.ToString(), null, false, null )
  34.             ) );
  36.         EnqueueConditional( () => isLoaded );
  37.         EnqueueCallback( () => Assert.IsNotNull( result ) );
  38.         EnqueueCallback( () => Assert.IsTrue( result.Count<DiggStory>() == 10 ) );
  39.         EnqueueTestComplete();
  40.     }
  41. }

Suggestions welcome…

Download the source code with the helper classes here

Issues encountered and solved while building a comprehensive web-based map printing solution

Posted in ArcGIS, ESRI, GIS by viswaug on March 30, 2010

Web-based map printing has been one of those problems that, so far, doesn’t have a COMPLETE solution that meets all the needs of the different users out there. We had created various solutions in the past to meet web-based printing needs on a per-project basis. But, we didn’t have one single comprehensive solution that was capable enough to meet all requirements regardless of the unique complexities involved in each of them. A little while ago, we set out to build one such comprehensive web-based map printing solution and ran into some issues along the way that I thought might be worth sharing here. I am not going to go into what we built here, but just the issues/oddities we encountered…

Here are the issues we faced while developing the printing component and some details into how we worked-around them.

  • Printing token secure layers – This is a problem that we initially didn’t see coming because we were using the Silverlight client api to print. When using token layers, the client (which is the browser) requests a token from the GIS server using it’s IP address (or a web address) as the optional ClientID. When using a token generated with a ClientID, the AGS server checks for the origin of the request to confirm identity. So, when we tried to use the token generated by the client browser with it’s IP address as the ClientID in the server-side printing component, the requests were denied by AGS as it rightfully should since the server’s IP address doesn’t match the one in the token. We did not initially see this problem with Silverlight clients because, Silverlight clients currently request tokens without the optional ClientID. To work around this, we had to request token without the ClientID or had to spoof the Referrer in the HTTP request for the image.
  • Max Image Size constraints – The size of map image requests that need to be made can get quite large depending on the size of the map on the print layout and also on the DPI required on the map print output. AGS has default max image size limits set to 2048 X 2048. Bing maps maximum image size is around ~800. Increasing the maximum image size limit in AGS will only take you so far. Eventually, your image size requests can be big enough (think plotter size) to either cause AGS to crash or just take an unacceptably long time to return. So, to work around this limitation, we had to resort to cutting the big image requests into a series reasonably sized tile requests. Once all the tiles to cover the big area arrive, the tiles can be stitched back together using GDI+ to produce a seamless big image that the map print layout needs.
  • Bing logo – The above solution to split big image requests into works for AGS MapServices and WMS services, but Bing map layers add another twist to the problem. Image responses from Bing contain the Bing logo on the bottom right corner of the image. This caused the Bing logo to appear multiple times on the map when the numerous smaller tile images were stitched together. To solve this issue, we had to get special permission from Bing to access their tile images directly which do not have the Bing logo on them and stitch those together to produce the seamless image required.
  • Custom legends – The swatches for legend image for an AGS MapService can be obtained pretty easily using the AGS SOAP API. But more custom work is needed to stitch together the swatch and legend text information from multiple map services. Also, to add to it, there was no easy way to generate swatches for graphics layers. So, we ended up writing a custom Server Object Extension (we call it LegendServer) exposed over SOAP that takes in the information needed to produce swatches for the graphics layers and produces swatch images. The legend service consumed the swatches information from the AGS MapService and the custom SOE and stitched them together into one legend image handling the font styles etc and wrapping as necessary. We still have the issues here that ArcObjects is not able to generate the swatches at the required DPI. For e.g. we can’t request for swatches in 300 DPI etc.
  • Missing legend symbol markers in AGS – When writing the custom Server Object Extension described above to produce legend swatches, we discovered that ArcObjects doesn’t support triangle markers. But triangle markers were supported on the client-side APIs. So, to overcome that limitation, we can handle just the triangle markers as picture marker symbols and handle it with a special image service that produces a triangle image in the required dimensions, fill and border color.
  • Overflowing legends – Sometimes the legend for a map just can’t fit on a single page. In those cases, we had to make sure that we build the legend in parts that can fit on the page and stick the overflowing legend into new pages as needed. The trick here is to not build one single legend image and chop it to overflow to the next page. Because, we decide to chop off the legend at an arbitrary height, we might end up chopping the text or swatch on the legend. So, we will have to build the legend in parts and then assemble them into the different pages.
  • Printing Graphics layers – Printing graphics layers on the map turned out to be a little tricker than expected. We went down the path of rendering the graphic layers as PDF graphics on top of the map. It seemed to do everything we needed until we had to print polygons with holes in it. Then we used the AGS SOAP API to generate an image for the graphics on the map and overlay it on top of the map. We ended up pulling back that solution because that technique did not support transparency in graphics. So, eventually, we ended up writing a custom Server Object Extension (we call it GraphicsServer) that produces images from the graphics layer geometries and symbology respecting their transparency.
  • Overview Map – Printing overview map doesn’t sound too complicated until you consider the fact that we might have a totally different set of layers on the overview map than we do on the map itself. Also, the overview map can be static or dynamic, meaning it can always be at the same extent (world extent for example) or it may have it’s extent set at levels that closely follow the extent of the map itself. Also, keep in mind that the overview map will also need to have a small rectangle graphic inside it that highlights to current extent of the map.
  • Print Rendering – In most cases, we will want to have the option of being able to render to PDF or an image as the user requires. When implementing these renderers, please keep in mind that the co-ordinates axis for the PDF and the image GDI graphics are reversed. PDF is bottom-up and image GDI graphics is top-down.

I am pretty sure that I am leaving out some more. I will add them to the list above as and when I remember them. But I am happy to say that we did solve/work-around all the problems that came our way and have been re-using the printing component in various projects with great success. The printing component is also being used by all Silverlight, Flex and Javascript clients.

Please let me know, if you ran across other issues when you implemented your print feature or if you solved any of the issues above in a different way.

CI Starter Kit

Posted in .NET, Agile by viswaug on March 30, 2010

I have made the template following the project directory structure I described in my ESRI Developer Summit 2010 Continuous Integration Talk and the build scripts to along with it ready for download here. Couple that with VisualStudio shortcuts I described here and that should help any project get started quick. In latter posts, I will detail how you can get the above project & build scripts in the template setup on the TeamCity Continuous Integration server

One overlooked feature that is coming in ArcGIS Server 10

Posted in ArcGIS, ESRI, GIS by viswaug on March 29, 2010

At the ESRI devsummit last week, there were a lot of new features in ArcGIS Server (AGS) version 10 that were getting a lot of attention. There was a lot of fan-dare around geodatabase editing over the web with the new Feature Service in AGS 10 and the flashy demos with all the new RIA clients for editing with the REST API. There are also a lot of articles & blog posts that have been written to cover those features in details. So, I thought I would stay off the beaten path and direct your attention towards a new feature in AGS 10 that is getting little to no attention. That new feature in AGS v10 is support for exporting PNG32 (32 bit PNG) map images from the REST API and other APIs offered by AGS. This should provide the complete support 8-bit transparency in PNGs and should help us avoid issues like the ones here. Printing maps functionality should also benefit from this new feature both in terms of quality and to avoid transparency issues when layering images.

Just check out the ‘Image Format’ drop-down here for proof of 32 bit PNG support . And as you can see here, AGS 9.3.1 only supported PNG24. Hope that helps someone… 🙂

Working with ESRI token secure services

Posted in ArcGIS, ESRI, GIS, Uncategorized, Web by viswaug on March 29, 2010

At the ESRI developer summit this past week, I ran into some people that were either having a hard time with using the ESRI token authentication or were leaving their systems vulnerable to hacks given their use/abuse of long lived tokens. I thought it might be useful to share one way that we have been using ESRI token secured services in our web mapping applications.

Token secure services require the client to request a token with their username & password which should then be used/included in all other future requests to access the services. The token provided to the user by AGS is also valid only for the time period requested by the user. The AGS server also applies a upper limit to how long the token can be valid.

One of the main reasons for troubles with using such token secure services in a web mapping application is that the user logs into the web application that he is using and not actually the AGS server(s) that the web application is using map services from. So, in order to use the map services in the web application, the user has to log-in (again) to the AGS server also. Having the user log in again after they have already logged into the web application is highly undesirable. To prevent the user from having to enter in the credentials to access AGS services again, some may decide to use a long lived token and hard-code the token into the web application or hard-code the username & password to access AGS services in the mapping client application. I don’t think I need to explain why hard-coding the username & password in the client web mapping application is dangerous. But this still leaves the application highly vulnerable to hacks since anybody who can read the URL being used to access the services have access to the long-lived token. Using the long-lived token, anybody can obtain access to the AGS services since the only defense is the ClientID (or the HTTP Referrer header) and that can be spoofed easily since it is never verified. Also, the long-lived token doesn’t expire often and leaves the hackers a lot of time to get the token and access the secure AGS services

To get around this, there is an easy way to setup the web application to use and better secure the AGS services. We might have two main ways of sharing username & password between the web application and the web application. The first way is to have AGS and the web application share the membership/permission/roles datastore. In this case, the web application can use the same username & password combination to obtain a token from the AGS server. The second way is to have all users of the web application use the same name username & password to access the AGS services. The second way could work because the user has already been authenticated by the web application and so he can be trusted to access the AGS services also. In this case, the username & password that will be used to log-in all web application authenticated users can be stored in the web application configuration file (web.config). This credential can be used to obtain a token from AGS. This is generally how Bing map services are also handled. The Bing credentials are stored in the web.config and used to obtain a Bing token when the page with the map is loaded.

So, once the user logs into the web application, the username & password from the shared datastore/web.config can be used to make a request to the AGS ‘GetToken’ URL endpoint and obtain a short-lived token for AGS access. This token can then be sent down to the client as a part of the HTML / ASPX page. Another technique is to write a HTTPHandler that accepts a GET request without a username & password and uses credentials from the shared datastore/web.config to obtain a token to access AGS services and sends the token down to the web application client. Is method is secure because the HTTPHandler itself can be secured by either windows/forms authentication of the host web application.

Another thing to note about AGS tokens is that AGS does NOT require a ‘Referrer’ (IP address/ Site URL) to generate a short-lived token (long-lived tokens do require them). If you are generating a token from the AGS web page to generate a token, you will have an option to not specify the ‘Referrer’ (ClientID), but if you are just making a HTTP request to the GetTokens endpoint, you can obtain a short-lived token without the ClientID. When using short-lived tokens obtained without the ClientID, AGS does NOT enforce checks on where the calls are originating from. Actually, this is the reason why Silverlight clients are currently able to consume token secure map / AGS services. Silverlight 3 & under clients do not include the ‘Referrer’ HTTP Header for all outgoing HTTP requests, so ClientID origin checks are not enforced on Silverlight API clients. This issue has been fixed in Silverlight 4.

Unfortunately, the authentication tokens generated by ASP.NET to secure web applications and the ones generated by AGS are generated using different techniques. The key used to generate the token is different, ASP.NET uses the machineKey from web.config and AGS token uses a key from the AGS configuration file. If this wasn’t the case, we could technically have the ASP.NET web application and AGS share the same token…

User presentations at the ESRI Developer Summit 2010

Posted in ESRI by viswaug on February 1, 2010

ESRI has expanded the number of user presentations and the space available to these presentations at the ESRI Developer Summit 2010 compared to 2009. Given the large number of people who attended some of the user presentations last year and were left standing throughout the presentation, this will be a very well appreciated move on the part of the ESRI team running the developer summit this year. I had the privilege/pleasure of presenting at the devsummit last year at one of the user presentation sessions. My presentation last year was titled ‘Harnessing Server Object Extensions’ and I had a blast doing it. This year, people attending the event have been asked to vote on abstracts to select user presentations for the devsummit. I have submitted a couple of abstracts this year also and if you are interested in attending the presentation at the devsummit or in watching the recorded media after the devsummit, please vote for the abstracts below. You will have to create a new user account on the site before you can vote. Your ESRI global account id will not work there.

Building a Map Printing service for Web Clients – Recalling the journey

Continuous Integration 101: Streamline your software development process

Also, check out my colleagues presentation about another VERY exciting project we collaborated on.

Web-based Dynamic Thematic Mapping