Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
pamaxeed
Partner - Creator III
Partner - Creator III
‎2017-02-02 04:03 AM

Qliksense .NET SDK - Authentication

Hi,

i have a question for you guys.

We have developed an external software which uses .NET SDK for Qliksense.

We tested it on our environment and it is working correctly.

For the authentication we are using NTLM with network credentials.

We tried to deploy the app on the customer server and we got following message:

"Message":"Connection failed after 4 attempts, Error message:\r\n LicenseAccessDenied, Fatal: Access to the app is denied: NoVailableAccessType!

We are using a dedicated qliksense user with a valid User Access Pass with all the necessary rights to access the Apps (he is a ContentAdmin).

Now I have a doubt that it can be related to the Qliksense Server License:

On our site we have a Partner License, the customer on the other site has following license (token from the LEF code):

OVERAGE;NO;;

TIMELIMIT;VALUE;;2017-02-03

SPECIAL_EDITION;EVALUATION;;

It is a special edition license. Is this the cause of the error or it is related to another issue? Can somebody confirm that the authentication is working fine, but that the problem relies on the License type/App access ?

Thanks and regards,

Patric

2,079 Views
0 Likes
6 Replies
Øystein_Kolsrud
Employee
Employee
‎2017-02-02 09:36 AM

Can you access the app with that user through Qlik Sense?

And by the way, did you copy/paste that error message? Looks like a typo in there, so if you did, then we should look into it.

1,278 Views
0 Likes
pamaxeed
Partner - Creator III
Partner - Creator III
‎2017-02-03 04:05 AM
Author

In response to Øystein_Kolsrud

Hi,

the error message is:

Capture2.PNG

And yes I can definitely access the app from the hub with that user.

I have doubts that the Evaluation license has some restrictions.

The other thing I would like to know about this error if the authentication versus QPS (Proxy Service) is working correctly, whereby the access on the app fails.

Same configuration works on our environment the only difference we have a partner license :-).

Thanks for your help!

Patric

1,278 Views
0 Likes
Øystein_Kolsrud
Employee
Employee
‎2017-02-06 03:29 AM

In response to pamaxeed

There should be nothing special about the evaluation license from what I understand. Following up on that proxy service authentication track sounds like a better approach. Try to run the short program below. The final WriteLine should tell you which user the proxy considers you to be when you are logged in.

using System;


using System.Net;




class Program


{


    static void Main(string[] args)


    {


        var client = new WebClient();


        client.UseDefaultCredentials = true;


        client.Headers.Add("User-Agent", "Windows");


        var url = <your url>:


        var dummyResponse = client.DownloadString(url + "/qmc"); // Used to collect cookie


        client.Headers.Add("Cookie", client.ResponseHeaders[HttpResponseHeader.SetCookie]);


        var theUser = client.DownloadString(url + "/qps/user");


        Console.WriteLine(theUser);


    }


}

You might want to modify the credential setup based on your configuration. The "UseDefaultCredentials" will try to log you on through NTLM using your current user.

1,278 Views
0 Likes
pamaxeed
Partner - Creator III
Partner - Creator III
‎2017-02-06 04:28 AM
Author

In response to Øystein_Kolsrud

Why I have to use the proxy authentication and why it is the better way to go?
I would like to use the standard .NET SDK libraries for our project.


If you are saying that the license does not matter so I have to investigate where the problem relies.

I implmented all kind of different authentication methods in my code:

  • NtlmUserViaProxy with Network Credentials
  • Static Header authentication using a custom virtual proxy
  • Certificate Authentication using Qlik Client certificate

All this authentication methods are working fine in our environment and we can access Apps and traverse them without any problems.

he goal of this project is to run a service app which are exporting in diff. time intervals the object data (type=table) into different file formats (e.g. .xls, .csv).

For that we are using a dedicated service app user (AD User), with a valid Access Pass allocated. That user has access to all Apps as he is defined as ContentAdmin in our QMC. This 3thd party software is running as a service and has to use the own credentials when authenticating to the server.

I will be on-site at customer side in the next time and I would like to analyze the issue more in detail.

Anyway I have tried your code btw. and in our environment it is not working: 401 is returned:

            var client = new WebClient();


            client.UseDefaultCredentials = false;


            client.Credentials = new System.Net.NetworkCredential("userID", "pwd", "domain");


            client.Headers.Add("User-Agent", "Windows");


            var url = "ServerIP";


            var dummyResponse = client.DownloadString(url + "/hub"); // Used to collect cookie


            client.Headers.Add("Cookie", client.ResponseHeaders[HttpResponseHeader.SetCookie]);


            var theUser = client.DownloadString(url + "/qps/user");


            Console.WriteLine(theUser);

Kind regards,

Patric

1,278 Views
0 Likes
Øystein_Kolsrud
Employee
Employee
‎2017-02-06 05:15 AM

In response to pamaxeed

I realizes that the intention of my previous message might not have been entirely obvious, but the goal was to follow up on the "if the authentication versus QPS (Proxy Service) is working correctly" part you mentioned earlier. It was intended to diagnose what user you actually end up with when connecting through the SDK. It could for instance have been the case that you ended up as an anonymous user, which could have explained the licensing issues.

At what row in the program do you get the 401? Is it the at the client.DownloadString call at line 6 in your code above? Or is it at the QPS endpoint call? If it is the first, you might want to check what the traffic looks like when you do the access in a browser (make sure you are not already logged in to Qlik Sense when you do so). That call is basically the same as you do when you access the same url in the browser. If you bring up the traffic log, you should see a redirect message like this:

  1. Request URL:https://<the url>/hub/
  2. Request Method:GET
  3. Status Code:302 Authenticate at this location
  4. Remote Address:<remote ip>:443


Also, which version of Qlik Sense are you trying to access?

1,278 Views
0 Likes
m_s
Partner - Creator II
Partner - Creator II
‎2017-09-19 10:27 AM

Hello Patric,

I'm facing a similiar issue as you when hosting my web application in IIS. Did you solve yours?

When starting the application from Visual Studio (using Local IIS Express) I'm able to connect via location.AsNtlmUserViaProxy() but as soon as I publish it to IIS I'm getting (german error message):

LicenseAccessDenied [Fatal]: Kontakt zu Repository Service nicht möglich, um App-Zugriff anzufordern


If I change this to location.AsNtlmUserViaProxy(loginCredentials:new NetworkCredential("user", "pass", "domain") I am able to connect but then impersonation will not work. 


I also tried the snipped provided by Øystein and everything seems to be working correctly (getting no errors and my username inside the json as response).


I'm using June 2017 Patch 2.


Mathias

1,278 Views
0 Likes