Skip to main content
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Showing results for 
Search instead for 
Did you mean: 
PierreSeiitra
Partner - Contributor II
Partner - Contributor II

Windows authentication and QRS API : works only using default credentials

Hi all,

I'm trying to automate application deployment using the QRS Api. Therefore i want to connect to the QRS API with a deployment user  (existing user in the domain and in Qlik)

 

I followed the following example : https://help.qlik.com/en-US/sense-developer/November2018/Subsystems/RepositoryServiceAPI/Content/Sen...

//Create the HTTP Request and add required headers and content in xrfkey
string xrfkey = "0123456789abcdef";
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(@"https://servername.com/QRS/app?xrfkey=" + xrfkey);
request.Method = "GET";
request.UserAgent = "Windows";
request.Accept = "application/json";
request.Headers.Add("X-Qlik-xrfkey", xrfkey);
// specify to run as the current Microsoft Windows user
request.UseDefaultCredentials = true;
// make the web request and return the content
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream stream = response.GetResponseStream();
Console.WriteLine(new StreamReader(stream).ReadToEnd());

 

 I worked well. But when i'm trying to change the user by switching line 

request.UseDefaultCredentials = true;

to something like 

request.Credentials = new System.Net.NetworkCredential(userInfo.Login, userInfo.Password, userInfo.Domain);

 i'm always getting an http 401 response, even when using the exact same login/pass/domain i used to log into the server (should be the same as default credential).

 

Strangely, when trying to access to the QPS API with the same credentials, il works well ...

 

Any ideas/advice how to fix this ?

 

Thanks

Pierre

 

Labels (3)
1 Solution

Accepted Solutions
Øystein_Kolsrud
Employee
Employee

I was finally able to figure this one out. I've also been wondering about this for quite some time. The trick was to add the credential to a credential cache, then pass along the right header in the request. Something like this:

 

var credentialCache = new CredentialCache();
credentialCache.Add(<url>, "ntlm", credential);
request.UseDefaultCredentials = false;
request.Headers[HttpRequestHeader.Authorization] = "ntlm";
request.Credentials = credentialCache;

I really can't give a good explanation for where that "ntlm" constant comes from though, but it seems like it's necessary. If anyone can point to a good site documenting that HTML authentication flow, then I would be happy to read it 🙂

Anyway, I've updated this project so that it now supports this type of authentication as well:

https://github.com/kolsrud/qlik_rest_sdk

Nuget package available here:

https://www.nuget.org/packages/QlikSenseRestClient

 

View solution in original post

4 Replies
Øystein_Kolsrud
Employee
Employee

I was finally able to figure this one out. I've also been wondering about this for quite some time. The trick was to add the credential to a credential cache, then pass along the right header in the request. Something like this:

 

var credentialCache = new CredentialCache();
credentialCache.Add(<url>, "ntlm", credential);
request.UseDefaultCredentials = false;
request.Headers[HttpRequestHeader.Authorization] = "ntlm";
request.Credentials = credentialCache;

I really can't give a good explanation for where that "ntlm" constant comes from though, but it seems like it's necessary. If anyone can point to a good site documenting that HTML authentication flow, then I would be happy to read it 🙂

Anyway, I've updated this project so that it now supports this type of authentication as well:

https://github.com/kolsrud/qlik_rest_sdk

Nuget package available here:

https://www.nuget.org/packages/QlikSenseRestClient

 

Øystein_Kolsrud
Employee
Employee

@PierreSeiitra: Were you able to try this out? I'm curious to learn if it works in other environments than simply on my machine.

PierreSeiitra
Partner - Contributor II
Partner - Contributor II
Author

Hello @Øystein_Kolsrud 

I haven't tried your suggestion yet. I ended up using powershell to remotly execute my deployment tool with the right user.

I'll give a try next time i'll work on this tool.

Pierre

PierreSeiitra
Partner - Contributor II
Partner - Contributor II
Author

Hello,

Good news, your fix works fine 🙂

Thanks !

 

Pierre