https://community.qlik.com/t5/QlikView/Header-authentication-with-SSL/m-p/1545487#M1291347 <P>OK, this one has stumped me for years. How the heck do you get header authentication working over HTTPS?? Works fine over HTTP. The minute I switch to HTTPS it doesn't let me authenticate to the AccessPoint. Using Fiddler, it does that thing where it presents an authentication dialog 3 times followed by "Login Failed." I'm pretty sure the issue is with Authenticate.aspx because&nbsp;the funny thing is that if I first submit the Fiddler request over HTTP, then open the session in IE, and <U>then</U> (after authentication) change the address in the browser bar to HTTPS, it works and preserves the header user correctly. So looks like it just has trouble getting past the Authenticate.aspx page while over HTTPS. I'm pretty sure that when you use HTTPS, the handshake happens before request headers are sent, which I'm guessing is at the root of the issue. Tried both QVWS and IIS. I'm sure there's something super simple I'm missing, but I'm stumped. Help!</P><P><BR />Thanks all.</P><P>VG</P> Mon, 26 Jan 2026 18:19:17 GMT vgutkovsky 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/Header-authentication-with-SSL/m-p/1545487#M1291347 <P>OK, this one has stumped me for years. How the heck do you get header authentication working over HTTPS?? Works fine over HTTP. The minute I switch to HTTPS it doesn't let me authenticate to the AccessPoint. Using Fiddler, it does that thing where it presents an authentication dialog 3 times followed by "Login Failed." I'm pretty sure the issue is with Authenticate.aspx because&nbsp;the funny thing is that if I first submit the Fiddler request over HTTP, then open the session in IE, and <U>then</U> (after authentication) change the address in the browser bar to HTTPS, it works and preserves the header user correctly. So looks like it just has trouble getting past the Authenticate.aspx page while over HTTPS. I'm pretty sure that when you use HTTPS, the handshake happens before request headers are sent, which I'm guessing is at the root of the issue. Tried both QVWS and IIS. I'm sure there's something super simple I'm missing, but I'm stumped. Help!</P><P><BR />Thanks all.</P><P>VG</P> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/Header-authentication-with-SSL/m-p/1545487#M1291347 vgutkovsky 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/Header-authentication-with-SSL/m-p/1545549#M1291348 <P>Posting on QlikCommunity is cathartic--been struggling with the issue for years, and just figured it out <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.qlik.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /> Was a cypher &amp; protocol problem. The solution was to download IIS Crypto on the web server, apply the default "Best Practices" and then reboot. Hope this helps someone else!</P><P>&nbsp;</P><P>Oh, and the Fiddler issue was a red herring. Fiddler doesn't attach request headers properly to HTTPS calls. Use ModHeaders for Chrome instead.</P> Sun, 17 Feb 2019 22:26:55 GMT https://community.qlik.com/t5/QlikView/Header-authentication-with-SSL/m-p/1545549#M1291348 vgutkovsky 2019-02-17T22:26:55Z