Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

The remote server returned an error: (403) Forbidden.

Hi All

I am trying to set up webtickets for our Qlik sense installation. I have a working virtual proxy set up pointing to my authentication application in the cloud.

A request to Qlik via the proxy redirects to auth app.

The app trys to request a ticket from myqlikserver.net:4243/qps/ticket but I get the error message The remote server returned an error: (403) Forbidden.

Is myqlikserver.net:4243/qps/ticket where i should be requesting the ticket from?  Am I missing some part of the process or a setting that needs enabling?

Below if the code used to request the ticket.

private string GetTicket(string user, string method, string ticketinguser, string ticketingpassword, string apiUrl)

        {

            string result = string.Empty;

            XDocument doc = new XDocument();

            try

            {

                string webTicketXml = string.Format("<Global method=\"GetWebTicket\"><UserId>{0}</UserId></Global>", user);

                System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);

                HttpWebRequest client = (HttpWebRequest)WebRequest.Create(new Uri(apiUrl));

                X509Store keystore = new X509Store(StoreLocation.CurrentUser);

                X509CertificateCollection certs = keystore.Certificates.Find(X509FindType.FindBySubjectName, "QlikClient", true);

                client.PreAuthenticate = true;

                client.Method = method;

                client.ClientCertificates = certs;

                client.UserAgent = "thars-auth";

                client.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;

                client.Credentials = new NetworkCredential(ticketinguser, ticketingpassword);

                client.UseDefaultCredentials = true;

                if (method == "POST")

                {

                    using (StreamWriter sw = new StreamWriter(client.GetRequestStream()))

                        sw.WriteLine(webTicketXml);

                }

                StreamReader sr = new StreamReader(client.GetResponse().GetResponseStream());

                result = sr.ReadToEnd();

                doc = XDocument.Parse(result);

                return doc.Root.Element("_retval_").Value;

            }

            catch (Exception e)

            {

                var sb = new StringBuilder();

                sb.Append("<h1>An error occured contacting the Qlik Sense Server</h1>");

                sb.Append("<p>");

                sb.Append(e.Message);

                if (e.InnerException != null)

                {

                    sb.Append("</br>");

                    sb.Append(e.InnerException);

                }

                sb.Append("</p>");

                sb.Append(result);

                sb.Append(Environment.NewLine);

                sb.Append(apiUrl);

                apiURL = apiUrl;

                ContentDiv.InnerHtml = sb.ToString();

            }

            return null;

        }

6 Replies
Not applicable
Author

Enable MRSProxy

1. Open the Exchange Management Shell. 

2. Run the following command to enable MRSProxy:

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $true

3. Restart Internet Information Services (IIS) by using the iisreset command.

Disable and then enable MRSProxy

1. Open the Exchange Management Shell. 

2. Run the following command to disable MRSProxy:

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $false

3. Wait a few minutes, and then run the following command to enable MRSProxy:

Set-WebServicesVirtualDirectory "<ServerName>\EWS (Default Web Site)" -MRSProxyEnabled $true

4. Restart Internet Information Services (IIS) by using the iisreset command.

Add the following line:

request.UseDefaultCredentials = true;

This will let the application use the credentials of the logged in user to access the site. If it's returning 403, clearly it's expecting authentication.

It's also possible that you (now?) have an authenticating proxy in between you and the remote site. In which case, try:

request.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

Not applicable
Author

As far as I am aware Qlik snese is not running on IIS in our installation. I think it is running on the built in webserver.

gainkarthi
Partner - Specialist
Partner - Specialist

Where do you have your authentication application deployed ?

Not applicable
Author

Hi Karthikeyan currently the Authentication site is hosted as an Azure Web Application. Qlik sense is deployed on an Azure Virtual Server

gainkarthi
Partner - Specialist
Partner - Specialist

Got it. Can you share the Virtual proxy and Proxy configuration settings ?

Not applicable
Author

Here are the settings of the proxy

proxy.PNG

and the linked virtual proxy

vproxy.PNG