Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
rascs001
Contributor II
Contributor II
‎2019-04-04 12:48 AM

GetScript() with .NET SDK resulting in empty string [Solved]

I am using Qlik .NET SDK and attempting to get load script using GetScript() method of IApp. I've noticed that when I attempt to GetScript(), load script is received for one or two applications but not for any other ones. I am not sure why that would be. 

Is there a way to get load script for apps that are not owned by the user connecting to Qlik Server? Does the user need a specific permission? From my observations, GetScript() works only on apps that are owned by authenticated user. Is there a way to temporarily change the owner with .NET SDK?

Qlik Server version is Nov 2018 Patch 2 (qliksenseserver: 12.44.3). The user has rootAdmin rights. Following is the code I am using:

using System;
using System.IO;
using System.Net;
using Qlik.Engine;
using Qlik.Sense.Client;
using System.Security;

namespace QlikAPI
{
    class Program
    {
        static void Main(string[] args)
        {
            ILocation location = Location.FromUri(new Uri("https://the.qliksense.server-url.com"));
            var domain = "the-domain";
            var user = "the-user";
            SecureString s = new SecureString();            
            s.AppendChar('e');
            s.AppendChar('x');
            s.AppendChar('a');
            s.AppendChar('m');
            s.AppendChar('p');
            s.AppendChar('l');
            s.AppendChar('e'); 
            s.AppendChar(' ');
            s.AppendChar(' ');

            location.AsNtlmUserViaProxy(proxyUsesSsl:true, loginCredentials: new NetworkCredential(user, s, domain));

            var app = location.AppWithId("guid-of-the-app");
            var app2 = location.App(app);
            var script = app2.GetScript();
            Console.WriteLine(script);

            Console.Read();
        }
    }
}

I'll appreciate any leads you can provide.

My goal is to take a nightly snapshot of load script and version control it.

Thank you.

Labels (2)
Labels
1,112 Views
0 Likes
1 Solution

Accepted Solutions
Øystein_Kolsrud
Employee
Employee
‎2019-04-04 04:39 AM

Yes, I'm pretty sure this is a permission issue. There are rules that prevent you from seeing the script of apps you do not own.

There are two options available for you I believe:

  1. You can configure the security rules and/or the permissions of the user you are connecting as in the QMC. If your user has admin privileges, then you should be able to see the scripts.
  2. You can connect as a service account using direct connection to the engine using certificates. That would allow you to connect using a service account which would give the admin privileges. The account "INTERNAL\sa_api" is typically the one used in such cases.

View solution in original post

1,091 Views
0 Likes
2 Replies
Øystein_Kolsrud
Employee
Employee
‎2019-04-04 04:39 AM

Yes, I'm pretty sure this is a permission issue. There are rules that prevent you from seeing the script of apps you do not own.

There are two options available for you I believe:

  1. You can configure the security rules and/or the permissions of the user you are connecting as in the QMC. If your user has admin privileges, then you should be able to see the scripts.
  2. You can connect as a service account using direct connection to the engine using certificates. That would allow you to connect using a service account which would give the admin privileges. The account "INTERNAL\sa_api" is typically the one used in such cases.
1,092 Views
0 Likes
rascs001
Contributor II
Contributor II
‎2019-04-04 05:58 PM
Author

In response to Øystein_Kolsrud

Solved.

I used Option 2. 

This URL https://help.qlik.com/en-US/sense/February2019/Subsystems/ManagementConsole/Content/Sense_QMC/export... helped me create a certificate for the machine I was going to run this C# application on.

I continued using the same user I used previously and was able to successfully get script. I didn't have to use INTERNAL\sa_api. Getting the authentication to work using certificates required 2 specific things:

  1. Using port 4747 as seen in the code snippet below
  2. Ensuring that certificate validation was set to false

In case someone runs into the same issue, here's the code I used.

using System;
using System.IO;
using System.Net;
using Qlik.Engine;
using Qlik.Sense.Client;
using System.Security;
using System.Security.Cryptography.X509Certificates;

namespace QlikAPI
{
    class Program
    {
        static void Main(string[] args)
        {
            ILocation location = ConnectWithCertificate();
            ListOneApp(location, "761ebe60-b7b6-4bf1-961b-d2180970a6ce");

            Console.WriteLine("Done");
            Console.ReadKey();
        }

        static ILocation ConnectWithCertificate()
        {
            var uri = new Uri("https://the.qliksense.server-url.com:4747");
            ILocation location = Qlik.Engine.Location.FromUri(uri);

            var x509 = new X509Certificate2();
            byte[] rawData = ReadFile(@"C:\path\to\client.pfx");
            x509.Import(rawData, "", X509KeyStorageFlags.UserKeySet);
            X509Certificate2Collection certificateCollection = new X509Certificate2Collection(x509);
            location.AsDirectConnection("the-domain", "the-user", certificateCollection: certificateCollection, certificateValidation: false);

            return location;
        }

        static void ListOneApp(ILocation location, string guid)
        {
            var app = location.AppWithId("761ebe60-b7b6-4bf1-961b-d2180970a6ce");
            var app2 = location.App(app);
            var script = app2.GetScript();
            Console.WriteLine(script);
        }

        static byte[] ReadFile(string fileName)
        {
            FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read);
            int size = (int)f.Length;
            byte[] data = new byte[size];
            size = f.Read(data, 0, size);
            f.Close();
            return data;
        }
    }
}

For those who are visiting https://help.qlik.com/en-US/sense-developer/February2019/Subsystems/NetSDKAPI/Content/Sense_NetSDKAP... to understand how to connect to Qlik server using certificates, note that ReadFile is not a built-in functionality in C# or Qlik. It's a method listed https://github.com/AptkQlik/PublicExamples/blob/master/ConnectDirectRemoteServer/Program.cs.

Thank you, Yko, for your help.

I did notice that the user I used previous had rootAdmin rights. I assume that is admin privileges. I also gave additional rights to this user and still was not able to get script using the code in my original post. That's when I switched to this 2nd option and am able to get scripts for all apps.

I greatly appreciate your pointing me in the right direction!

1,079 Views