Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

DMS Header Authentication - Windows Authentication Prompt

Hello,

I am trying to implement Header Authentication with DMS for a SSO (SiteMinder) implementation.  I have followed the documentation I have received and it implements wonderfully on my Windows 7 laptop but having issues with impelmenting on 2008 r2.  I have the following configuration:

  • QVS
    • Authentication = DMS
    • Prohibit Anonymous
  • Directory Service - custom only, users have access to accesspoint documents
  • Web Server - IIS
    • Performed install of QV 10 with IIS support which automatically creates application pools and necessary sites
    • Authentication (from QEMC)
      • Authentication = Always
      • Type = Header
      • Header Name = 'QVUSER'
      • Prefix = blank

Tested that the DMS / Custom Directory worked by 1st configuring web server to use "Custom Header" type.  This required that I modify the Authenticate.aspx  authentication configuration in IIS to the following:

jing1.png

Authentication / Authorization works great with the above.  So, now I want to move onto header authentication.  If I keep the config settings for the Authentication.aspx as above and issue a request from Fiddler with 'QVUSER' header parameter, I breifly see the AccessPoint but am immediately taken to a page that says "Login Failed"

Jing2.png

If I re-configure the Authenticate.aspx page in IIS back to it's original Authentication settings (see below) (which is the way it is setup on my Win 7 machine and works great)

jing3.png

I get the following when issuing a Fiddler request with proper header parameter:

jing4.png

I would expect this since "Windows Authentication" is chosen on the Authenticate.aspx page but my question is - how can I utilize a header w/o getting the windows prompt AND not being redirected to "Login Failed" page...

I'm sooo close, I'm just missing something small I'm sure...  And the frustrating part is that I can reference my Win 7 machine with same config that works fine...

Thank you for your help,

Ben

19 Replies
Not applicable
Author

Yes. We are trying to point the users to access point (bypassing the login page since users are already authenticated by external program). How to do this by using WebTicket? Can you share any document with me plz?

danielrozental
Master II
Master II

Here's a document that mentions webtickets and the sample code that comes with it.

Not applicable
Author

Thanks for the document. I could implement SSO using this document. Facing a small issue now. When I click on any application for the first time, I get windows Security popup asking for userid and pwd. When I click OK (without enetring user id and pwd) it open the application without any problem. How to remove this windows security pop up?

Thanks!

Sanjay

Not applicable
Author

hi ,

  Sanjay ,

  how can u resolve it?

Not applicable
Author

Hi liu,

By any chance, is your problem solved? If so, please could you send me the steps.

Thanks

Not applicable
Author

Hi Sanjay,

Could you send the steps you followed to resolve your issue?

Thanks

Not applicable
Author

waiting

Not applicable
Author

Hi Liu,

we have configured the DMS authentication per SSO document, then when I tried to open the document, through fiddler, I was able to open successfully, wheres as when I tried through my web application, i got error message that "Login Failed".

Let me know if, you have any thoughts on that.

agigliotti
Partner - Champion
Partner - Champion

Hi,

I have the same problem with my web app using web ticketing authentication: trying to open my qvw document the windows authentication comes up with username/password requests.

If I press Cancel the document is being opened correctly.


How can I remove this windows pop-up ?


I'm using QVWS with DMS authentication method.


Below the .net code:


using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Text;

using System.Xml.Linq;

using System.IO;

using System.Net;


protected void Page_Load(object sender, EventArgs e)

    {

     String servernameEST="bi1.mdf.it";

            String username = "DB DSP TEN\\LRASPINI";

     String groupname = "123456";

            string Ticket = btnGetWebTicket(servernameEST, username, groupname);

            if (Ticket == "")

            {

                //ERRORE non c'è ticket

                return;

            }

            str_accpoint = lnkCallAccesspoint(servernameEST, username, groupname, Ticket);

     Response.Redirect(str_accpoint);

  }

//////////////////////////////////////////////////////

    protected string btnGetWebTicket(string servername, string username, string groupname)

    {

        string gruppi = "";

        StringBuilder groups = new StringBuilder();

        if (!string.IsNullOrEmpty(gruppi))

        {

            groups.Append("<GroupList>");

            foreach (string group in gruppi.Split(new char[] { ';' }))

            {

                groups.Append("<string>");

                groups.Append(group);

                groups.Append("</string>");

            }

            groups.Append("</GroupList>");

            groups.Append("<GroupsIsNames>");

            groups.Append("true");

            groups.Append("</GroupsIsNames>");

        }

        string webTicketXml = string.Format("<Global method=\"GetWebTicket\"><UserId>{0}</UserId>{1}</Global>", username, groups);

        bool chkAnonymous = false; //true;

        string result = CommHelper.Execute(webTicketXml, new Uri("https://" + servername + "/QvAJAXZfc/GetWebTicket.aspx?anonymous=true"), chkAnonymous, 10000);

      string Ticket = "";

        if (string.IsNullOrEmpty(result))

        {

            return "";

        }

        else

        {

            XDocument doc = XDocument.Parse(result);

            if (doc.Root.Element("_retval_") != null)

            {

                Ticket = doc.Root.Element("_retval_").Value;

                return Ticket;

            }

            if (doc.Root.Element("message") != null)

            {

                XAttribute xatt = doc.Root.Element("message").FirstAttribute;

                return "";

            }

            return "";

        }

    }

  protected string lnkCallAccesspoint(string servername, string username, string groupname, string ticket)

  {

        string docName = "Gestione Tenute";

        if (groupname != "")

            docName = docName + "_" + groupname;

        string txtTry = @"https://" + servername + @"/QvAJAXZfc/opendoc.htm?document=" + docName + @".qvw&anonymous=true&host=QVS@bi1";

        string txtBack = "http://connect.mdf.it/Admin/QlikView_Tenute.aspx";

        return "https://" + servername + string.Format("/QvAJAXZfc/Authenticate.aspx?type=html&anonymous=true&webticket={0}&try={1}&back={2}", ticket, txtTry, txtBack);

    }

public class CommHelper

{

    public static string Execute(string question, Uri iAddress, bool anonymous, int timeoutms)

    {

        try

        {

            HttpWebRequest client = (HttpWebRequest)WebRequest.Create(iAddress);

            if (!anonymous)

            {

                client.UseDefaultCredentials = true;

                client.PreAuthenticate = true;

            }

            client.Method = "POST";

            client.Timeout = timeoutms;

            client.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;

            using (System.IO.StreamWriter sw = new StreamWriter(client.GetRequestStream()))

                sw.WriteLine(question);

            System.IO.StreamReader sr = new StreamReader(client.GetResponse().GetResponseStream());

            return sr.ReadToEnd();

        }

        catch (Exception)

        {

            return null;

        }

    }

}



Thanks

Andrea

Anonymous
Not applicable
Author

I still faces issues when I try logging in using headerauthentication . NTLM works fine.Any one got it fixed