Solved: Authentication Problem - Asp.Net - Qlikview Workbe... - Qlik Community

omerfaruk · ‎2014-04-14

Hi,

I'm trying to load documents and their obejcts using QvAjax library. I achieved to do this in IE but in chrome and firefox the page just gives an "Error". In the log there are following lines:

<<Error Log begins>>

XMLHttpRequest cannot load http://localhost/QVAJAXZfc/Authenticate.aspx?keep=. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.

XMLHttpRequest cannot load http://localhost/QVAJAXZfc/QvsViewClient.aspx?mark=&host=Local&view=metrics&slot=&platform=WORKBENCH.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.

Uncaught TypeError: Cannot call method 'getElementsByTagName' of null QvAjax.js:25 Qva.PageBinding.Ready QvAjax.js:25

Qva.PageBinding.Ready QvAjax.js:25

c.onreadystatechange QvAjax.js:25

XMLHttpRequest cannot load http://localhost/QVAJAXZfc/DocList.aspx?xrfkey=fb4yrpIT0VFoIqHC. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.

<<Error Log ends>>

The code I'm using:

Qv.InitWorkBench({ View: '[docName]', BodyOnLoadFunctionNames: ['init'] });
          
function init() {
  try {
  var select = document.getElementById("selectDocument");
  if (select.options.length > 1) {
  select.options.length = 0; //Empty the select box if filled before
  //select.size = 0;
  var el = document.createElement("option");
  }


  Qv.GetAllDocuments(function (docs) {
  for (var i = 0; i < docs.length; i++) {
  var doc = docs;
  var title = doc.title.substring(0, doc.title.length - 4);
  var el = document.createElement("option");
  el.textContent = title;
  el.value = title;
  select.appendChild(el);
  }
  });
  }
  catch (err) {
  txt = "There was an error on this page.\n\n";
  txt += "Error description: " + err.message + "\n\n";
  txt += "Click OK to continue.\n\n";
  alert(txt);
  }
}
}

From error logs it seems like this is an authentication issue. But I coulnd't figure how to deal with authentication.

You help is very much appreciated!

omerfaruk · ‎2014-04-28

We have achieved to see document and object names using QvAjax file by,

changing all of the address references'' initial part to qlikview(our machine name) as you advised.
adding an ldap account on Mgmt console which let us authenticate

So we've used Active Directory option to authenticate user.

In the future we will need to have our application and qlikview server on different machines, in that case we might use web ticketing and proxy.

Thanks for your help.

View solution in original post

mls · ‎2014-04-16

you are opening a URL on localhost and but this page contains content from another origin, in this case an IP adress.

Some browsers block out content for security reasons if not from the same origin.

What would happen if you used the IP adress in the URL you open the page with instead of localhost?

omerfaruk · ‎2014-04-16

Actually there are 2 cases:

1. When I run the page from localhost:xxxxxx/myApp address

In IE it works without error

In Chrome and Firefox gives the error in my previous post

2. When I run the page from its ip address

All of the browsers I use gives the same error

Is there anything we need to do on IIS ?

mls · ‎2014-04-16

strange. The error points to something to do with the origin.

The only thing I can think of would be to run fiddler and see if there is any call to some "origin" that you haven't thought of.

omerfaruk · ‎2014-04-16

I ran the page and copied request and response headers for the both cases. And log created in the both cases is accessible here: http://goo.gl/3dC3cS

WHEN I RUN FROM VISUAL STUDIO(LOCALHOST)

REQUEST HEADER:

GET /promushub/Authenticated/DashboardNoGridster.aspx HTTP/1.1

Accept: text/html, application/xhtml+xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Accept-Encoding: gzip, deflate

Host: localhost

DNT: 1

Connection: Keep-Alive

Cookie: qlikmachineid=bb2aa344-31fa-4aa2-8197-db797e0xxxxx; .ASPXAUTH=D45D3BFBB4C8B0F0432EC05C726E384E78860B138A8ADC806514E5579318F6FA42CA373FACF817CC02010055F397CA93C5867390018E07EE148E8BBE767291929F603CC111A6FDEAE7B6D859C6D4A07F23B3B7A3613BB276C555FF0833C4D12E4124CC182EA3D7420E45B793FA91DC04628A3B516DCD86DA8C71235506CB405C7FB2282A; ASP.NET_SessionId=kybnkbgmolkku0tqj4ffaold; AccessPointSession=36ad6937-33b4-0807-83b6-e4b1d7e9c793; xrfkey=nRI0KoD9eVBpueI4

QVUSER: wm\odemir

RESPONSE HEADER:

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

Access-Control-Allow-Origin: *

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Access-Control-Allow-Headers: Content-Type

Access-Control-Allow-Methods: POST,GET,OPTIONS

Date: Wed, 16 Apr 2014 13:29:04 GMT

Content-Length: 33937

============================================================================

WHEN I RUN FROM IP ADDRESS

REQUEST HEADER:

GET /promushub/Authenticated/DashboardNoGridster.aspx HTTP/1.1

Host: 192.168.0.151

Connection: keep-alive

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-GB,en;q=0.8,tr;q=0.6

Cookie: qlikmachineid=f6ba9c23-f03f-471f-9ac4-971357cxxxxx; ASP.NET_SessionId=3hgaihrq43zmkk2airbict2m; xrfkey=fb4yrpIT0VFoIqHC; .ASPXAUTH=A4F0CEC6678A3C1398FCB2BFAACB8B56ABAE5A08FAC9C4F1EA9D5F6FD14757663F4A8D6A03914C2A6C0371F001B6D782E0B0BE1F5493783F71F9FBAC75E82F9670B9359B514BCF65DDAF24C1146C6EF0CA24F6CE0F36787AA9367EC72B2C645B524F50AF334B02A3D99FA3DB087A9A9F253C9FBDBAEDFA9F2FD25EFADD426A3E35A88173; AccessPointSession=d7234f57-5c37-68c7-c5ca-c66665aeded3

QVUSER: wm\odemir

RESPONSE HEADER:

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

Access-Control-Allow-Origin: *

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Access-Control-Allow-Headers: Content-Type

Access-Control-Allow-Methods: POST,GET,OPTIONS

Date: Wed, 16 Apr 2014 13:18:59 GMT

Content-Length: 33937

mls · ‎2014-04-17

I think you need to use a proxy or have the Accesspoint installed on the same machine as you are running your site from. Especially in the second snippet it is clear that content is coming from two different sources, "localhost" and "qlikview":

4/16/2014 14:18:07.3761636 Information Request received [GET]: http://localhost/QVAJAXZfc/htc/QvAjax.js

4/16/2014 14:18:07.4425724 Information Request received [GET]: http://qlikview/QvAjaxZfc/htc/QvAjax.js

Also in the first log bit there is some reference to host "qlikview", not sure if that is enough to trigger the same origin error.

The workbench reference manual says:

If the AccessPoint (that is, the QvAjaxZfc virtual directory) is not on the same machine as the QlikView

WorkBench web site, a proxy must be used to avoid cross-site scripting issues. For asp.net sites,

Proxy.aspx can be used. If using a QlikView WorkBench template to create the web site, Proxy.aspx,

is automatically used.

As an alternative, a custom proxy can be created. See Using Custom Proxy (page 42) for more information.

mbj · ‎2014-04-25

Hi,

IE performs NTLM authentication out of the box, and I suspect that the security settings of IE allow localhost or some ip adress etc. --> that is the reason you see it working with IE and not with the other browsers.

all code should originate from the same source (webserver url, or ip adres etc.). The code of the initworkbench, makes a call to the QV javascript files. And I suspect that call might to localhost, or 127.0.0.1 or something and your browser prevents that.

see attachment (thanks to MRW)

mbj · ‎2014-04-25

BTW, starting SR5 there is a new proxy included in the workbench, in which you can modify the workings of the proxy your self. (e.g. get an authenticated user identity from another application, e.g. sharepoint)

omerfaruk · ‎2014-04-28

We have achieved to see document and object names using QvAjax file by,

changing all of the address references'' initial part to qlikview(our machine name) as you advised.
adding an ldap account on Mgmt console which let us authenticate

So we've used Active Directory option to authenticate user.

In the future we will need to have our application and qlikview server on different machines, in that case we might use web ticketing and proxy.

Thanks for your help.

omerfaruk · ‎2014-04-28

Yes Martijn, Just like you said, it worked when they are referenced from the same origin name even they are already on the same origin.

Thanks for your advice and the document..

Authentication Problem - Asp.Net - Qlikview Workbench