Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Dear Qlik users.
I'm trying to integrate with our Qlik Sense service in a .NET-program.
I don't have problem running these tutorials / examples:
Creating a working ASP.NET MVC example ‒ Qlik Sense
Connecting using Microsoft Windows authentication ‒ Qlik Sense
But things seem to get more convoluted for doing POST operations.
I've been trying to copy an app with this request:
This is the result:
Error 403 - Forbidden
The initial authentication request must be a GET request in order to be redirected to the authentication module.
OK, so I tried sending this GET-request prior to the POST:
GET http://[servername]/QRS/app?xrfkey=0123456789abcdef&qlikTicket=0MMtH8KE5W6swG8K
This went fine, the server returned the list of apps but this is apparently not enough to create a "session cookie" for the subsequent POST as described here:
Issuing POST commands via the proxy ‒ Qlik Sense
The word "session" is also mentioned here:
Authentication ‒ Qlik Sense
"Using the Session API, whereby an external module can transfer web sessions that identify the user and the user's attributes to Qlik Sense."
Is this somehow connected to the "session cookie" I need for making POST calls? If so, what could this "external module" be?
Someone has asked a similar question less than a week ago:
Qlik Sense Engine API Authorization | Qlik Community
https://community.qlik.com/message/1049837#1049837
...and the answer is suggesting OP to have a look at QlikAuthNet but it seems to be based on "ticket authentication". But surely, it must be enough authenticate using Windows authentication as described in the following links below?
Default authentication module ‒ Qlik Sense
Authenticating with a Windows user account ‒ Qlik Sense
I can see another person solved this by "using certificates":
Duplicate App using .NET SDK | Qlik Community
https://community.qlik.com/message/732327#732327
But then... what is the Windows authentication for? Only for GET-requests?
Hi! Did you ever get this to work? Im having the exat same issue. GET request works fine but it doesnt return any cookies and there are no special headers or anything that i can use.
Hi Gustav.
No I still haven't figured out what to do yet. But I've read the documentation again and I think I understand the concept now. Basically, in my case, Windows authentication is used as the "middle man" to retrieve a ticket from the proxy service but not for authenticating the proxy directly.
It also helps I have access to our QMC so I can see what you can configure in the administration.
I'm going to look a bit further into the "ticket" solution which seems to require a certificate. It can easily be exported from the QMC but it's not enough "just" to install it in your local repository and expect QlikAuthNet to work.
Hi Jack.
Yes im currently working on something similar. I have created a certificate on the server and imported it on my client and now i try to authenticate using the certificate. Im not have much luck though. And i would like to skip tye certificates if i can.
The strange thing is that if i use Postman i can get a POST command working with no problem at all...
Hi Gustav.
How did you get the POST command working? I'm using Fiddler.
Request: /GET http://[SERVERNAME:8081]/sense/app/0f2e9f6d-360f-475e-a446-f0a7f1da69b6
First response:
HTTP/1.1 302 Authenticate at this location
Location: http://[SERVERNAME:4248]/form/?targetId=8375dd73-c7e9-4ff9-b7e7-6dd9040b2d9c
Content-Length: 0
Access-Control-Allow-Origin: http://[SERVERNAME:8081]
Then the second response is a HTML page, seemingly for entering username and password. I'm wondering if the right GET-parameters would lead me to /windows_authentication.
Can you do stuff like CopyApp using POST?
I've gotten hold of the .NET SDK and I can easily do CreateApp but apparently CopyApp, ImportApp and others are only available through the REST API [1] so I'm back to square one.
/Jack
[1] Publishing an app using the .Net API - why not ... | Qlik Community
Hi Jack!
I did not try Copy App, but i got the "start task" working using Postman (a add-in to google chrome). If i have time later, i can try copy app for you. Post man uses just standard Windows authentication, witch is exactly what i want. But as you know, we cant get it to work.
Have you tried exporting certificates from the server and use thoose with authentication?
Hi again.
Dunno how I've managed to oversee this page but it looks like a full code sample for retrieving a ticket using server certificates
Connecting to the QPS API using certificates ‒ Qlik Sense
For the arguments to the TicketRequest method, 'user' and 'userDirectory', I had to read their definitions here:
Qlik Sense User Directory Connector API ‒ Qlik Sense
Anyway, the good thing is I can see the program is fetching the QlikClient certificate from my local store. The lesser good thing is that I'm still getting "403 Forbidden" from the QPS.
I had Fiddler running in the background at the same time and this seems to be the underlying cause:
HTTP/1.1 403 No client certificate supplied!
Cache-Control: private, must-revalidate, max-age=0
Expires: Wed, 15 Jun 2016 15:34:23 GMT
Server: QPS/2.1.1.0 Microsoft-HTTPAPI/2.0
Date: Wed, 15 Jun 2016 15:34:22 GMT
Content-Length: 0
Considering the code added the certificate to the request I don't know why I get this... Well, that's enough testing for today.
So, not sure if either Fiddler or re-exporting the certificate actually helped but..
1) I re-exported the certificate from the QMC. I didn't add a secret key nor password. Installed the client.pfx on my developer machine.
2) Ran the code again and this time it works woohoo!
Then because I wanted to see how a proper request/response flow looks like I enabled Fiddler again... This time it returned the "403 Forbidden" error message again. I suppose Fiddler is using its own certificate for https communication which is not what the server expected or something?
So I'm not sure if the code would have worked yesterday if I didn't have Fiddler enabled (i.e. didn't need to re-export the certificate) but I'm getting a proper response including the ticket. So hopefully, now comes the fun part...
This is great news!
So you basicly just exported the Server certs from the QMC and imported them on you local machine? In my case im building a small application that will run on the local server itself and the certificates are already there so i should be ok.
But did you write your code in C#? Or what did you write it in?
Yeah, I only imported client.pfx, not the server's. But sounds like you should be ok, assuming you're also developing on the Qlik-server too?
Yes, I'm coding in C#. Code sample can be found here:
Connecting to the QPS API using certificates ‒ Qlik Sense