Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
I am trying to implement Header Authentication with DMS for a SSO (SiteMinder) implementation. I have followed the documentation I have received and it implements wonderfully on my Windows 7 laptop but having issues with impelmenting on 2008 r2. I have the following configuration:
Tested that the DMS / Custom Directory worked by 1st configuring web server to use "Custom Header" type. This required that I modify the Authenticate.aspx authentication configuration in IIS to the following:
Authentication / Authorization works great with the above. So, now I want to move onto header authentication. If I keep the config settings for the Authentication.aspx as above and issue a request from Fiddler with 'QVUSER' header parameter, I breifly see the AccessPoint but am immediately taken to a page that says "Login Failed"
If I re-configure the Authenticate.aspx page in IIS back to it's original Authentication settings (see below) (which is the way it is setup on my Win 7 machine and works great)
I get the following when issuing a Fiddler request with proper header parameter:
I would expect this since "Windows Authentication" is chosen on the Authenticate.aspx page but my question is - how can I utilize a header w/o getting the windows prompt AND not being redirected to "Login Failed" page...
I'm sooo close, I'm just missing something small I'm sure... And the frustrating part is that I can reference my Win 7 machine with same config that works fine...
Thank you for your help,
Ben
Yes. We are trying to point the users to access point (bypassing the login page since users are already authenticated by external program). How to do this by using WebTicket? Can you share any document with me plz?
Here's a document that mentions webtickets and the sample code that comes with it.
Thanks for the document. I could implement SSO using this document. Facing a small issue now. When I click on any application for the first time, I get windows Security popup asking for userid and pwd. When I click OK (without enetring user id and pwd) it open the application without any problem. How to remove this windows security pop up?
Thanks!
Sanjay
hi ,
Sanjay ,
how can u resolve it?
Hi liu,
By any chance, is your problem solved? If so, please could you send me the steps.
Thanks
Hi Sanjay,
Could you send the steps you followed to resolve your issue?
Thanks
waiting
Hi Liu,
we have configured the DMS authentication per SSO document, then when I tried to open the document, through fiddler, I was able to open successfully, wheres as when I tried through my web application, i got error message that "Login Failed".
Let me know if, you have any thoughts on that.
Hi,
I have the same problem with my web app using web ticketing authentication: trying to open my qvw document the windows authentication comes up with username/password requests.
If I press Cancel the document is being opened correctly.
How can I remove this windows pop-up ?
I'm using QVWS with DMS authentication method.
Below the .net code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Text;
using System.Xml.Linq;
using System.IO;
using System.Net;
protected void Page_Load(object sender, EventArgs e)
{
String servernameEST="bi1.mdf.it";
String username = "DB DSP TEN\\LRASPINI";
String groupname = "123456";
string Ticket = btnGetWebTicket(servernameEST, username, groupname);
if (Ticket == "")
{
//ERRORE non c'è ticket
return;
}
str_accpoint = lnkCallAccesspoint(servernameEST, username, groupname, Ticket);
Response.Redirect(str_accpoint);
}
//////////////////////////////////////////////////////
protected string btnGetWebTicket(string servername, string username, string groupname)
{
string gruppi = "";
StringBuilder groups = new StringBuilder();
if (!string.IsNullOrEmpty(gruppi))
{
groups.Append("<GroupList>");
foreach (string group in gruppi.Split(new char[] { ';' }))
{
groups.Append("<string>");
groups.Append(group);
groups.Append("</string>");
}
groups.Append("</GroupList>");
groups.Append("<GroupsIsNames>");
groups.Append("true");
groups.Append("</GroupsIsNames>");
}
string webTicketXml = string.Format("<Global method=\"GetWebTicket\"><UserId>{0}</UserId>{1}</Global>", username, groups);
bool chkAnonymous = false; //true;
string result = CommHelper.Execute(webTicketXml, new Uri("https://" + servername + "/QvAJAXZfc/GetWebTicket.aspx?anonymous=true"), chkAnonymous, 10000);
string Ticket = "";
if (string.IsNullOrEmpty(result))
{
return "";
}
else
{
XDocument doc = XDocument.Parse(result);
if (doc.Root.Element("_retval_") != null)
{
Ticket = doc.Root.Element("_retval_").Value;
return Ticket;
}
if (doc.Root.Element("message") != null)
{
XAttribute xatt = doc.Root.Element("message").FirstAttribute;
return "";
}
return "";
}
}
protected string lnkCallAccesspoint(string servername, string username, string groupname, string ticket)
{
string docName = "Gestione Tenute";
if (groupname != "")
docName = docName + "_" + groupname;
string txtTry = @"https://" + servername + @"/QvAJAXZfc/opendoc.htm?document=" + docName + @".qvw&anonymous=true&host=QVS@bi1";
string txtBack = "http://connect.mdf.it/Admin/QlikView_Tenute.aspx";
return "https://" + servername + string.Format("/QvAJAXZfc/Authenticate.aspx?type=html&anonymous=true&webticket={0}&try={1}&back={2}", ticket, txtTry, txtBack);
}
public class CommHelper
{
public static string Execute(string question, Uri iAddress, bool anonymous, int timeoutms)
{
try
{
HttpWebRequest client = (HttpWebRequest)WebRequest.Create(iAddress);
if (!anonymous)
{
client.UseDefaultCredentials = true;
client.PreAuthenticate = true;
}
client.Method = "POST";
client.Timeout = timeoutms;
client.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;
using (System.IO.StreamWriter sw = new StreamWriter(client.GetRequestStream()))
sw.WriteLine(question);
System.IO.StreamReader sr = new StreamReader(client.GetResponse().GetResponseStream());
return sr.ReadToEnd();
}
catch (Exception)
{
return null;
}
}
}
Thanks
Andrea
I still faces issues when I try logging in using headerauthentication . NTLM works fine.Any one got it fixed