Qlik Sense .NET SDK connection with NTLM via proxy

vlian — Sun, 23 Nov 2025 22:16:43 GMT

Hi team, I tried the sample code provided but still keep getting a 403 error when connecting to Qlik Sense.

I have tried with certificate, without certificate, with username/password and without them. I have Qlik Sense installed on my local and I can see the corresponding user in QMC. I've attached screenshot of the virtual proxy in case it's the virtual proxy configuration that is missing.

public List<IAppIdentifier> GetLocalQlikApps() { var uri = new Uri("https://qlik-local.fraedom-dev.com:444"); var location = Location.FromUri(uri); location.AsNtlmUserViaProxy(certificateValidation: false); using (var hub = location.Hub()) { Console.WriteLine(hub.EngineVersion().ComponentVersion); } return null; }

403 error screenshot:

Virtual Proxy screenshot:

For information the following CURL to the qrs works, so I would imagine the credentials would work.

curl -v -L --ntlm --negotiate -u : --insecure https://qlik-local.fraedom-dev.com:444/qrs/app?xrfkey=0123456789abcdef --header "x-qlik-xrfkey: 0123456789abcdef" --header "User-Agent: Windows" * Host qlik-local.fraedom-dev.com:444 was resolved. * IPv6: (none) * IPv4: 127.0.0.1 * Trying 127.0.0.1:444... * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * ALPN: server did not agree on a protocol. Uses default. * Connected to qlik-local.fraedom-dev.com (127.0.0.1) port 444 * using HTTP/1.x > GET /qrs/app?xrfkey=0123456789abcdef HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > < HTTP/1.1 302 Authenticate at this location < Cache-Control: no-cache, no-store, must-revalidate < Location: https://qlik-local.fraedom-dev.com:444/internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb < Content-Length: 0 < Access-Control-Allow-Origin: * * Ignoring the response-body * setting size while ignoring < * Connection #0 to host qlik-local.fraedom-dev.com left intact * Issue another request to this URL: 'https://qlik-local.fraedom-dev.com:444/internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb' * Re-using existing https: connection with host qlik-local.fraedom-dev.com > GET /internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > * Recv failure: Connection was aborted * schannel: recv returned CURLE_RECV_ERROR * Connection died, retrying a fresh connect (retry count: 1) * Request completely sent off * shutting down connection #0 * Issue another request to this URL: 'https://qlik-local.fraedom-dev.com:444/internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb' * Hostname qlik-local.fraedom-dev.com was found in DNS cache * Trying 127.0.0.1:444... * ALPN: curl offers http/1.1 * ALPN: server did not agree on a protocol. Uses default. * Connected to qlik-local.fraedom-dev.com (127.0.0.1) port 444 * using HTTP/1.x > GET /internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > < HTTP/1.1 401 Unauthorized < Content-Length: 0 < Server: Microsoft-HTTPAPI/2.0 < WWW-Authenticate: NTLM < Date: Sun, 23 Nov 2025 22:11:18 GMT < Access-Control-Allow-Origin: * * Ignoring the response-body * setting size while ignoring < * Connection #1 to host qlik-local.fraedom-dev.com left intact * Issue another request to this URL: 'https://qlik-local.fraedom-dev.com:444/internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb' * Re-using existing https: connection with host qlik-local.fraedom-dev.com * Server auth using NTLM with user '' > GET /internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Authorization: NTLM TlRMTVNTUAABAAAAB7IIogQABAAyAAAACgAKACgAAAAKAF1YAAAAD1dXLUg5UVBKUjNWSVNB > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > < HTTP/1.1 401 Unauthorized < Content-Length: 0 < Server: Microsoft-HTTPAPI/2.0 < WWW-Authenticate: NTLM TlRMTVNTUAACAAAACAAIADgAAAAFwomi7VgHIUdOK/Q6CwEAAAAAAI4AjgBAAAAACgBdWAAAAA9WAEkAUwBBAAIACABWAEkAUwBBAAEAFABXAFcALQBIADkAUQBQAEoAUgAzAAQAEAB2AGkAcwBhAC4AYwBvAG0AAwAmAFcAVwAtAEgAOQBRAFAASgBSADMALgB2AGkAcwBhAC4AYwBvAG0ABQAYAHYAaQBzAGEAYwBvAHIAcAAuAG4AZQB0AAcACAD/zjcYxlzcAQAAAAA= < Date: Sun, 23 Nov 2025 22:11:18 GMT < Access-Control-Allow-Origin: * * Ignoring the response-body * setting size while ignoring < * Connection #1 to host qlik-local.fraedom-dev.com left intact * Issue another request to this URL: 'https://qlik-local.fraedom-dev.com:444/internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb' * Re-using existing https: connection with host qlik-local.fraedom-dev.com * Server auth using NTLM with user '' > GET /internal_windows_authentication/?targetId=f274fac0-2157-45cc-a055-24ef4c0d49eb HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Authorization: NTLM TlRMTVNTUAADAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAABcKIogoAXVgAAAAPAu+wCaXtovyy19fdTJHawQ== > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > * Request completely sent off < HTTP/1.1 302 Found < Cache-Control: no-cache, no-store, must-revalidate < Transfer-Encoding: chunked < Location: https://qlik-local.fraedom-dev.com:444/qrs/app?xrfkey=0123456789abcdef&qlikTicket=HzqwuQf1VWkIdL.T < Server: Microsoft-HTTPAPI/2.0 < Date: Sun, 23 Nov 2025 22:12:03 GMT < Access-Control-Allow-Origin: * * Ignoring the response-body < * Connection #1 to host qlik-local.fraedom-dev.com left intact * Issue another request to this URL: 'https://qlik-local.fraedom-dev.com:444/qrs/app?xrfkey=0123456789abcdef&qlikTicket=HzqwuQf1VWkIdL.T' * Re-using existing https: connection with host qlik-local.fraedom-dev.com * Server auth using NTLM with user '' > GET /qrs/app?xrfkey=0123456789abcdef&qlikTicket=HzqwuQf1VWkIdL.T HTTP/1.1 > Host: qlik-local.fraedom-dev.com:444 > Accept: */* > x-qlik-xrfkey: 0123456789abcdef > User-Agent: Windows > * Request completely sent off < HTTP/1.1 200 OK < Set-Cookie: X-Qlik-Session=85508311-952a-4cab-9951-a0cc951e5275; Path=/; HttpOnly < Cache-Control: private, must-revalidate, max-age=0 < Transfer-Encoding: chunked < Content-Type: application/json; charset=utf-8 < Expires: Sun, 23 Nov 2025 22:12:03 GMT < Server: Microsoft-HTTPAPI/2.0 < Date: Sun, 23 Nov 2025 22:12:03 GMT < Access-Control-Allow-Origin: * < [{"id":"cf506d27-5883-4fcd-92ef-6a23bacb369c","name":"CI_department_spend_6314bcf7-af8c-e911-8481-00155d67f500","appId":"","publishTime":"2023-12-19T03:29:36.922Z","published":true,"stream":{"id":"b4f08930-8be1-4c6f-adf1-cee895e0a7ac","name":"Insights User Apps","privileges":null}

Re: Qlik Sense .NET SDK connection with NTLM via proxy

vlian — Fri, 28 Nov 2025 00:03:00 GMT

I have some further information to add now, when looking into the logs, I found the proxy audit logs always shows this when a request is sent in. Suggesting that it's the cross-site websocket hijacking module that's denying the request. Does anyone know how to configure QMC on my local to allow requests sent by the SDK (I've attached mine in the screenshot)

1847 20251128T124017.450+1300 ERROR WW-H9QPJR3 Audit.Proxy.Proxy.Core.RequestHandler 100 cad3636e-8921-4da8-a51b-56b472e0094d WW-H9QPJR3\Qlik_svc Cross-Site Websocket Hijacking attack prevention check failed. Possible Cross-Site Websocket Hijacking attack(CSWSH) discovered. ConnectionId: 49dc9a61-9022-457a-99cb-24de01ab3bc6 0 49dc9a61-9022-457a-99cb-24de01ab3bc6 ::ffff:127.0.0.1 {} ac2665dbf929f930699829c11d64d21c988cf28a 1848 20251128T124017.728+1300 ERROR WW-H9QPJR3 Audit.Proxy.Proxy.Core.RequestHandler 268 7b528e55-207f-45b5-8436-ae65079855e8 WW-H9QPJR3\Qlik_svc Cross-Site Websocket Hijacking attack prevention check failed. Possible Cross-Site Websocket Hijacking attack(CSWSH) discovered. ConnectionId: 3b463ddf-c919-4db2-b490-4222250648e7 0 3b463ddf-c919-4db2-b490-4222250648e7 ::ffff:127.0.0.1 {} b7f3f99c530fe1bba09f21f36553b5ab5691ddf6

Re: Qlik Sense .NET SDK connection with NTLM via proxy

vlian — Mon, 01 Dec 2025 23:12:08 GMT

After contact qlik support, I've found the issue to be that the .NET SDK version needs to be upgraded. The old version 16.0.2 no longer works after a breaking change for how to connect to WebSocket connections in Qlik Sense Enterprise May 2024. After upgrading the SDK into 16.11, the connection worked again.

Reference documents:

Cross-Site Websocket Hijacking attack prevention check failed. Possible Cross-Site Websocket Hijacking attack(CSWSH) discovered.)

https://community.qlik.com/t5/Support-Updates/Upgrade-advisory-for-Qlik-Sense-on-premise-November-2024/bc-p/2505282

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-Extended-WebSocket-CSRF/ta-p/2509211

topic Qlik Sense .NET SDK connection with NTLM via proxy in App Development

Qlik Sense .NET SDK connection with NTLM via proxy

Re: Qlik Sense .NET SDK connection with NTLM via proxy

Re: Qlik Sense .NET SDK connection with NTLM via proxy