Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Rejected when making POST calls.

Dear Qlik users.

I'm trying to integrate with our Qlik Sense service in a .NET-program.

I don't have problem running these tutorials / examples:

Creating a working ASP.NET MVC example ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/Plugins/Content/GettingStarted/CreatingWo...

Connecting using Microsoft Windows authentication ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

But things seem to get more convoluted for doing POST operations.

I've been trying to copy an app with this request:

POST http://[servername]/QRS/app/0f2e9f6d-360f-475e-a446-f0a7f1da69b6/copy?name=NewPlayground&xrfkey=0123...

This is the result:

Error 403 - Forbidden

The initial authentication request must be a GET request in order to be redirected to the authentication module.

OK, so I tried sending this GET-request prior to the POST:

GET http://[servername]/QRS/app?xrfkey=0123456789abcdef&qlikTicket=0MMtH8KE5W6swG8K

This went fine, the server returned the list of apps but this is apparently not enough to create a "session cookie" for the subsequent POST as described here:

Issuing POST commands via the proxy ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

The word "session" is also mentioned here:

Authentication ‒ Qlik Sense

https://help.qlik.com/en-US/sense/2.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-...

"Using the Session API, whereby an external module can transfer web sessions that identify the user and the user's attributes to Qlik Sense."

Is this somehow connected to the "session cookie" I need for making POST calls? If so, what could this "external module" be?

Someone has asked a similar question less than a week ago:

Qlik Sense Engine API Authorization | Qlik Community

https://community.qlik.com/message/1049837#1049837

...and the answer is suggesting OP to have a look at QlikAuthNet but it seems to be based on "ticket authentication". But surely, it must be enough authenticate using Windows authentication as described in the following links below?

Default authentication module ‒ Qlik Sense

https://help.qlik.com/en-US/sense/2.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-...

Authenticating with a Windows user account ‒ Qlik Sense

https://help.qlik.com/en-US/sense-developer/2.2/Subsystems/RepositoryServiceAPI/Content/RepositorySe...

I can see another person solved this by "using certificates":

Duplicate App using .NET SDK | Qlik Community

https://community.qlik.com/message/732327#732327

But then... what is the Windows authentication for? Only for GET-requests?

12 Replies
gustavgager
Partner - Creator II
Partner - Creator II

Ok. But are you connecting directly to the Engine, or are you going trough the proxy? This error only occurs becuase POSt command have some issues while going trough the proxy. And to go directly, you need the certificates.

Im not programming in C# and i have never done so. Im scripting in a language called autoit and I have only got this to work trough the proxy

Edit: Here is my working code for a standard GET request.

This uses a standard web request with username and password and i query the Proxy, and i get a response.

$key = "ABCDEFGHIJKLMNOP"

$password = "password"

$objHTTP = ObjCreate("Msxml2.XMLHTTP.6.0")

$objHTTP.open("GET","http://servername/qrs/about/?Xrfkey=" & $key, False,@UserName,$password)

$objHTTP.setRequestHeader("X-Qlik-Xrfkey",$key)

$objHTTP.send()

ConsoleWrite("Sense API Output: " & $objHTTP.responseText & @CRLF)

But if i do this:

$key = "ABCDEFGHIJKLMNOP"

$password = "password"

$objHTTP = ObjCreate("Msxml2.XMLHTTP.6.0")

$objHTTP.open("POST","http://servername/qrs/task/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/start/?Xrfkey=" & $key, False,@UserName,$password)

$objHTTP.setRequestHeader("X-Qlik-Xrfkey",$key)

$objHTTP.send()

ConsoleWrite("Sense API Output: " & $objHTTP.responseText & @CRLF)

I get HTML code. The code is basicly a standard page that say i need to make a GET request first.

So does that mean that I need to query the Repository directly? I tried but i just get diffrent errors.

josecardenas
Contributor III
Contributor III

Hi Gustav

I've tried with Postman and no getting result using header config.  I've got cookie and everything seems to be alright, but for some reason I've got a XSRF msg and 403 forbidden.  Any Ideas?

s29124141
Partner - Creator II
Partner - Creator II

If you are using WebClient for you QRS API operations use below code to attach cookie to all your HTTP requests.

public class CookierAwareWebClient : WebClient

    {

        public CookieContainer QRSCookieContainer = new CookieContainer();

        protected override WebRequest GetWebRequest(Uri address)

        {

            HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);

            request.CookieContainer = QRSCookieContainer;

            request.UserAgent = "Windows";

            return request;

        }

    }