Qlik Community

QlikView Integration

Discussion Board for collaboration on QlikView Integration.

Announcements
Coming your way, the Qlik Data Revolution Virtual Summit. October 27-29. REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Creator
Creator

Authentication Problem - Asp.Net - Qlikview Workbench

Hi,

I'm trying to load documents and their obejcts using QvAjax library. I achieved to do this in IE but in chrome and firefox the page just gives an "Error". In the log there are following lines:

<<Error Log begins>>

XMLHttpRequest cannot load http://localhost/QVAJAXZfc/Authenticate.aspx?keep=. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.


XMLHttpRequest cannot load http://localhost/QVAJAXZfc/QvsViewClient.aspx?mark=&host=Local&view=metrics&slot=&platform=WORKBENCH.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.

Uncaught TypeError:   Cannot call method 'getElementsByTagName' of null               QvAjax.js:25 Qva.PageBinding.Ready              QvAjax.js:25

Qva.PageBinding.Ready              QvAjax.js:25

c.onreadystatechange                   QvAjax.js:25

XMLHttpRequest cannot load http://localhost/QVAJAXZfc/DocList.aspx?xrfkey=fb4yrpIT0VFoIqHC.            No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.0.151' is therefore not allowed access.

<<Error Log ends>>


The code I'm using:

Qv.InitWorkBench({ View: '[docName]', BodyOnLoadFunctionNames: ['init'] });

         

function init() {

  try {

  var select = document.getElementById("selectDocument");

  if (select.options.length > 1) {

  select.options.length = 0; //Empty the select box if filled before

  //select.size = 0;

  var el = document.createElement("option");

  }

  Qv.GetAllDocuments(function (docs) {

  for (var i = 0; i < docs.length; i++) {

  var doc = docs;

  var title = doc.title.substring(0, doc.title.length - 4);

  var el = document.createElement("option");

  el.textContent = title;

  el.value = title;

  select.appendChild(el);

  }

  });

  }

  catch (err) {

  txt = "There was an error on this page.\n\n";

  txt += "Error description: " + err.message + "\n\n";

  txt += "Click OK to continue.\n\n";

  alert(txt);

  }

}

}


From error logs it seems like this is an authentication issue. But I coulnd't figure how to deal with authentication.


You help is very much appreciated!


1 Solution

Accepted Solutions
Highlighted
Creator
Creator

We have achieved to see document and object names using QvAjax file by,

  1. changing all of the address references'' initial part to qlikview(our machine name) as you advised.
  2. adding an ldap account on Mgmt console which let us authenticate

So we've used Active Directory option to authenticate user.

In the future we will need to have our application and qlikview server on different machines, in that case we might use web ticketing and proxy.

Thanks for your help.

View solution in original post

9 Replies
Highlighted
Employee
Employee

you are opening a URL on localhost and but this page contains content from another origin, in this case an IP adress.

Some browsers block out content for security reasons if not from the same origin.

What would happen if you used the IP adress in the URL you open the page with instead of localhost?

Highlighted
Creator
Creator

Actually there are 2 cases:

1. When I run the page from localhost:xxxxxx/myApp address

     In IE it works without error

     In Chrome and Firefox gives the error in my previous post

2. When I run the page from its ip address

     All of the browsers I use gives the same error

Is there anything we need to do on IIS ?

Highlighted
Employee
Employee

strange. The error points to something to do with the origin.

The only thing I can think of would be to run fiddler and see if there is any call to some "origin" that you haven't thought of.

Highlighted
Creator
Creator

I ran the page and copied request and response headers for the both cases. And log created in the both cases is accessible here: http://goo.gl/3dC3cS

WHEN I RUN FROM VISUAL STUDIO(LOCALHOST)

REQUEST HEADER:

GET /promushub/Authenticated/DashboardNoGridster.aspx HTTP/1.1

Accept: text/html, application/xhtml+xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Accept-Encoding: gzip, deflate

Host: localhost

DNT: 1

Connection: Keep-Alive

Cookie: qlikmachineid=bb2aa344-31fa-4aa2-8197-db797e0xxxxx; .ASPXAUTH=D45D3BFBB4C8B0F0432EC05C726E384E78860B138A8ADC806514E5579318F6FA42CA373FACF817CC02010055F397CA93C5867390018E07EE148E8BBE767291929F603CC111A6FDEAE7B6D859C6D4A07F23B3B7A3613BB276C555FF0833C4D12E4124CC182EA3D7420E45B793FA91DC04628A3B516DCD86DA8C71235506CB405C7FB2282A; ASP.NET_SessionId=kybnkbgmolkku0tqj4ffaold; AccessPointSession=36ad6937-33b4-0807-83b6-e4b1d7e9c793; xrfkey=nRI0KoD9eVBpueI4

QVUSER: wm\odemir

RESPONSE HEADER:

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

Access-Control-Allow-Origin: *

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Access-Control-Allow-Headers: Content-Type

Access-Control-Allow-Methods: POST,GET,OPTIONS

Date: Wed, 16 Apr 2014 13:29:04 GMT

Content-Length: 33937

============================================================================

WHEN I RUN FROM IP ADDRESS

REQUEST HEADER:

GET /promushub/Authenticated/DashboardNoGridster.aspx HTTP/1.1

Host: 192.168.0.151

Connection: keep-alive

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-GB,en;q=0.8,tr;q=0.6

Cookie: qlikmachineid=f6ba9c23-f03f-471f-9ac4-971357cxxxxx; ASP.NET_SessionId=3hgaihrq43zmkk2airbict2m; xrfkey=fb4yrpIT0VFoIqHC; .ASPXAUTH=A4F0CEC6678A3C1398FCB2BFAACB8B56ABAE5A08FAC9C4F1EA9D5F6FD14757663F4A8D6A03914C2A6C0371F001B6D782E0B0BE1F5493783F71F9FBAC75E82F9670B9359B514BCF65DDAF24C1146C6EF0CA24F6CE0F36787AA9367EC72B2C645B524F50AF334B02A3D99FA3DB087A9A9F253C9FBDBAEDFA9F2FD25EFADD426A3E35A88173; AccessPointSession=d7234f57-5c37-68c7-c5ca-c66665aeded3

QVUSER: wm\odemir

RESPONSE HEADER:

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

Access-Control-Allow-Origin: *

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Access-Control-Allow-Headers: Content-Type

Access-Control-Allow-Methods: POST,GET,OPTIONS

Date: Wed, 16 Apr 2014 13:18:59 GMT

Content-Length: 33937

Highlighted
Employee
Employee

I think you need to use a proxy or have the Accesspoint installed on the same machine as you are running your site from. Especially in the second snippet it is clear that content is coming from two different sources, "localhost" and "qlikview":

4/16/2014 14:18:07.3761636 Information Request received [GET]: http://localhost/QVAJAXZfc/htc/QvAjax.js

4/16/2014 14:18:07.4425724 Information Request received [GET]: http://qlikview/QvAjaxZfc/htc/QvAjax.js

Also in the first log bit there is some reference to host "qlikview", not sure if that is enough to trigger the same origin error.

The workbench reference manual says:

If the AccessPoint (that is, the QvAjaxZfc virtual directory) is not on the same machine as the QlikView

WorkBench web site, a proxy must be used to avoid cross-site scripting issues. For asp.net sites,

Proxy.aspx can be used. If using a QlikView WorkBench template to create the web site, Proxy.aspx,

is automatically used.

As an alternative, a custom proxy can be created. See Using Custom Proxy (page 42) for more information.

Highlighted
Employee
Employee

Hi,

IE performs NTLM authentication out of the box, and I suspect that the security settings of IE allow localhost or some ip adress etc. --> that is the reason you see it working with IE and not with the other browsers.

all code should originate from the same source (webserver url, or ip adres etc.). The code of the initworkbench, makes a call to the QV javascript files. And I suspect that call might to localhost, or 127.0.0.1 or something and your browser prevents that.

see attachment (thanks to MRW)

Highlighted
Employee
Employee

BTW, starting SR5 there is a new proxy included in the workbench, in which you can modify the workings of the proxy your self. (e.g. get an authenticated user identity from another application, e.g. sharepoint)

Highlighted
Creator
Creator

We have achieved to see document and object names using QvAjax file by,

  1. changing all of the address references'' initial part to qlikview(our machine name) as you advised.
  2. adding an ldap account on Mgmt console which let us authenticate

So we've used Active Directory option to authenticate user.

In the future we will need to have our application and qlikview server on different machines, in that case we might use web ticketing and proxy.

Thanks for your help.

View solution in original post

Highlighted
Creator
Creator

Yes Martijn, Just like you said, it worked when they are referenced from the same origin name even they are already on the same origin.

Thanks for your advice and the document..