Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Rejected when making POST calls.

Dear Qlik users.

I'm trying to integrate with our Qlik Sense service in a .NET-program.

I don't have problem running these tutorials / examples:

Creating a working ASP.NET MVC example ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/Plugins/Content/GettingStarted/CreatingWo...

Connecting using Microsoft Windows authentication ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

But things seem to get more convoluted for doing POST operations.

I've been trying to copy an app with this request:

POST http://[servername]/QRS/app/0f2e9f6d-360f-475e-a446-f0a7f1da69b6/copy?name=NewPlayground&xrfkey=0123...

This is the result:

Error 403 - Forbidden

The initial authentication request must be a GET request in order to be redirected to the authentication module.

OK, so I tried sending this GET-request prior to the POST:

GET http://[servername]/QRS/app?xrfkey=0123456789abcdef&qlikTicket=0MMtH8KE5W6swG8K

This went fine, the server returned the list of apps but this is apparently not enough to create a "session cookie" for the subsequent POST as described here:

Issuing POST commands via the proxy ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

The word "session" is also mentioned here:

Authentication ‒ Qlik Sense

https://help.qlik.com/en-US/sense/2.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-...

"Using the Session API, whereby an external module can transfer web sessions that identify the user and the user's attributes to Qlik Sense."

Is this somehow connected to the "session cookie" I need for making POST calls? If so, what could this "external module" be?

Someone has asked a similar question less than a week ago:

Qlik Sense Engine API Authorization | Qlik Community

https://community.qlik.com/message/1049837#1049837

...and the answer is suggesting OP to have a look at QlikAuthNet but it seems to be based on "ticket authentication". But surely, it must be enough authenticate using Windows authentication as described in the following links below?

Default authentication module ‒ Qlik Sense

https://help.qlik.com/en-US/sense/2.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-...

Authenticating with a Windows user account ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

I can see another person solved this by "using certificates":

Duplicate App using .NET SDK | Qlik Community

https://community.qlik.com/message/732327#732327

But then... what is the Windows authentication for? Only for GET-requests?

12 Replies
gustavgager
Partner - Creator II
Partner - Creator II

Hi! Did you ever get this to work? Im having the exat same issue. GET request works fine but it doesnt return any cookies and there are no special headers or anything that i can use.

Not applicable
Author

Hi Gustav.

No I still haven't figured out what to do yet. But I've read the documentation again and I think I understand the concept now. Basically, in my case, Windows authentication is used as the "middle man" to retrieve a ticket from the proxy service but not for authenticating the proxy directly.

It also helps I have access to our QMC so I can see what you can configure in the administration.

I'm going to look a bit further into the "ticket" solution which seems to require a certificate. It can easily be exported from the QMC but it's not enough "just" to install it in your local repository and expect QlikAuthNet to work.

gustavgager
Partner - Creator II
Partner - Creator II

Hi Jack.

Yes im currently working on something similar. I have created a certificate on the server and imported it on my client and now i try to authenticate using the certificate. Im not have much luck though. And i would like to skip tye certificates if i can.

The strange thing is that if i use Postman i can get a POST command working with no problem at all...

Not applicable
Author

Hi Gustav.

How did you get the POST command working? I'm using Fiddler.

Request: /GET http://[SERVERNAME:8081]/sense/app/0f2e9f6d-360f-475e-a446-f0a7f1da69b6

First response:

HTTP/1.1 302 Authenticate at this location

Location: http://[SERVERNAME:4248]/form/?targetId=8375dd73-c7e9-4ff9-b7e7-6dd9040b2d9c

Content-Length: 0

Access-Control-Allow-Origin: http://[SERVERNAME:8081]

Then the second response is a HTML page, seemingly for entering username and password. I'm wondering if the right GET-parameters would lead me to /windows_authentication.

Can you do stuff like CopyApp using POST?

I've gotten hold of the .NET SDK and I can easily do CreateApp but apparently CopyApp, ImportApp and others are only available through the REST API [1] so I'm back to square one.

/Jack

[1] Publishing an app using the .Net API - why not ... | Qlik Community

https://community.qlik.com/message/872234#872234

gustavgager
Partner - Creator II
Partner - Creator II

Hi Jack!

I did not try Copy App, but i got the "start task" working using Postman (a add-in to google chrome). If i have time later, i can try copy app for you. Post man uses just standard Windows authentication, witch is exactly what i want. But as you know, we cant get it to work.

Have you tried exporting certificates from the server and use thoose with authentication?

Not applicable
Author

Hi again.

Dunno how I've managed to oversee this page but it looks like a full code sample for retrieving a ticket using server certificates

Connecting to the QPS API using certificates ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/P...

For the arguments to the TicketRequest method, 'user' and 'userDirectory', I had to read their definitions here:

Qlik Sense User Directory Connector API ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/UserDirectoryConnectorAPI/Content/UDCAPI/...

Anyway, the good thing is I can see the program is fetching the QlikClient certificate from my local store. The lesser good thing is that I'm still getting "403 Forbidden" from the QPS.


I had Fiddler running in the background at the same time and this seems to be the underlying cause:

HTTP/1.1 403 No client certificate supplied!

Cache-Control: private, must-revalidate, max-age=0

Expires: Wed, 15 Jun 2016 15:34:23 GMT

Server: QPS/2.1.1.0 Microsoft-HTTPAPI/2.0

Date: Wed, 15 Jun 2016 15:34:22 GMT

Content-Length: 0

Considering the code added the certificate to the request I don't know why I get this... Well, that's enough testing for today.

Not applicable
Author

So, not sure if either Fiddler or re-exporting the certificate actually helped but..

1) I re-exported the certificate from the QMC. I didn't add a secret key nor password. Installed the client.pfx on my developer machine.

2) Ran the code again and this time it works woohoo!

Then because I wanted to see how a proper request/response flow looks like I enabled Fiddler again... This time it returned the "403 Forbidden" error message again. I suppose Fiddler is using its own certificate for https communication which is not what the server expected or something?

So I'm not sure if the code would have worked yesterday if I didn't have Fiddler enabled (i.e. didn't need to re-export the certificate) but I'm getting a proper response including the ticket. So hopefully, now comes the fun part...

gustavgager
Partner - Creator II
Partner - Creator II

This is great news!

So you basicly just exported the Server certs from the QMC and imported them on you local machine? In my case im building a small application that will run on the local server itself and the certificates are already there so i should be ok.

But did you write your code in C#? Or what did you write it in?

Not applicable
Author

Yeah, I only imported client.pfx, not the server's. But sounds like you should be ok, assuming you're also developing on the Qlik-server too?

Yes, I'm coding in C#. Code sample can be found here:

Connecting to the QPS API using certificates ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/P...