Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Dear Qlik users.
I'm trying to integrate with our Qlik Sense service in a .NET-program.
I don't have problem running these tutorials / examples:
Creating a working ASP.NET MVC example ‒ Qlik Sense
Connecting using Microsoft Windows authentication ‒ Qlik Sense
But things seem to get more convoluted for doing POST operations.
I've been trying to copy an app with this request:
This is the result:
Error 403 - Forbidden
The initial authentication request must be a GET request in order to be redirected to the authentication module.
OK, so I tried sending this GET-request prior to the POST:
GET http://[servername]/QRS/app?xrfkey=0123456789abcdef&qlikTicket=0MMtH8KE5W6swG8K
This went fine, the server returned the list of apps but this is apparently not enough to create a "session cookie" for the subsequent POST as described here:
Issuing POST commands via the proxy ‒ Qlik Sense
The word "session" is also mentioned here:
Authentication ‒ Qlik Sense
"Using the Session API, whereby an external module can transfer web sessions that identify the user and the user's attributes to Qlik Sense."
Is this somehow connected to the "session cookie" I need for making POST calls? If so, what could this "external module" be?
Someone has asked a similar question less than a week ago:
Qlik Sense Engine API Authorization | Qlik Community
https://community.qlik.com/message/1049837#1049837
...and the answer is suggesting OP to have a look at QlikAuthNet but it seems to be based on "ticket authentication". But surely, it must be enough authenticate using Windows authentication as described in the following links below?
Default authentication module ‒ Qlik Sense
Authenticating with a Windows user account ‒ Qlik Sense
I can see another person solved this by "using certificates":
Duplicate App using .NET SDK | Qlik Community
https://community.qlik.com/message/732327#732327
But then... what is the Windows authentication for? Only for GET-requests?
Ok. But are you connecting directly to the Engine, or are you going trough the proxy? This error only occurs becuase POSt command have some issues while going trough the proxy. And to go directly, you need the certificates.
Im not programming in C# and i have never done so. Im scripting in a language called autoit and I have only got this to work trough the proxy
Edit: Here is my working code for a standard GET request.
This uses a standard web request with username and password and i query the Proxy, and i get a response.
$key = "ABCDEFGHIJKLMNOP"
$password = "password"
$objHTTP = ObjCreate("Msxml2.XMLHTTP.6.0")
$objHTTP.open("GET","http://servername/qrs/about/?Xrfkey=" & $key, False,@UserName,$password)
$objHTTP.setRequestHeader("X-Qlik-Xrfkey",$key)
$objHTTP.send()
ConsoleWrite("Sense API Output: " & $objHTTP.responseText & @CRLF)
But if i do this:
$key = "ABCDEFGHIJKLMNOP"
$password = "password"
$objHTTP = ObjCreate("Msxml2.XMLHTTP.6.0")
$objHTTP.open("POST","http://servername/qrs/task/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/start/?Xrfkey=" & $key, False,@UserName,$password)
$objHTTP.setRequestHeader("X-Qlik-Xrfkey",$key)
$objHTTP.send()
ConsoleWrite("Sense API Output: " & $objHTTP.responseText & @CRLF)
I get HTML code. The code is basicly a standard page that say i need to make a GET request first.
So does that mean that I need to query the Repository directly? I tried but i just get diffrent errors.
Hi Gustav
I've tried with Postman and no getting result using header config. I've got cookie and everything seems to be alright, but for some reason I've got a XSRF msg and 403 forbidden. Any Ideas?
If you are using WebClient for you QRS API operations use below code to attach cookie to all your HTTP requests.
public class CookierAwareWebClient : WebClient
{
public CookieContainer QRSCookieContainer = new CookieContainer();
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
request.CookieContainer = QRSCookieContainer;
request.UserAgent = "Windows";
return request;
}
}