It's possible you have Windows Authentication turned on in IIS on the QvAjaxZfc virtual folder. This is required if you are using windows authentication to authorize users to QlikView. If you are using web ticketing or http header injection for authorization, set windows Authentication to disabled and anonymous to enabled.
Here is a configuration document for IIS if using web ticketing or header injection.
How do you have your webticket code formatted? Are you sending along client credentials to IIS? Have you whitelisted the server requesting a ticket from getWebTicket.aspx? Here is a sample webticket aspx page that you can evaluate against your code. Notice that if the whitelist is set up, default credentials do not need to be supplied to IIS because Windows Auth is disabled and Anonymous enabled.
It may help to watch this webinar as well: QVInPractice1_Authorization.mp4 - Google Drive
This page is for solution architects and integration architects implementing web ticketing in a QlikView 11.2 deployment.
- You have added IIS to the Windows Server.
- You have installed QlikView 11.2 with IIS components.
- You know the ip addresses to add to the whitelist.
- On the server with QlikView web services installed, Navigate to %ProgramData%\QlikTech\WebServer.
- Open the file named Config.XML in notepad or your favorite text editor.
- Search for the tag labeled .
- Change this tag from the above to .
- In between the opening and closing tags, enter a <TrustedIP> tag. Enter an ip address and add a closing tag. The result appears like this:
- After adding all of the appropriate trusted IP addresses, save the config.xml file and restart the QlikView Settings Service.
webticketsample.aspx 4.8 K
With your above solution -
1. Disable Windows Authentication
2. Enable Anonymous Authantication
3. Enter a <TrustedIP> tag under %ProgramData%\QlikTech\WebServer\Congig.XML
I was able to avoid the Windows Authantication Popup. But, I still get "Failed to authenticate" popup.
Is it because, I am manually deleting the AccessPointSession from Cookie to test the Windows Authentication?
Go through the below link, its around 1 hour webinar. I think its worth watching.
You can find the same link in Jeffrey Correct Answer
Now that you have set everything for anonymous and you have whitelisted the ip, I'd start by testing with the sample aspx page I attached earlier. You will need to change the ip address or hostname to obtain the webticket (QlikViewServerUrl variable) to your IIS server running Qlik web components. If that works, then it's possible that your cookie deletion code is now removing the accesspoint session cookie you need to stay authorized.
If you receive an error when using the attached aspx page, then there remains something amiss with the configuration.
Do you mind sharing your webticket code?
I believe the web ticket code is running good. I was getting the Windows Authentication popup only 5/100 times, 95% its running good.
I don't mind sharing but I don't have ownership of same.
What I observed is, if the portal is remain idle of 10~15 mins then the Windows Authentication popup was coming (earlier), now the Failed to authenticate.
Is there content in the QlikView app or in the web page you are embedding Qlik content that may trigger windows auth? The only other thing I can think of is you have set a session timeout and for whatever reason because of the windows auth settings in IIS it prompted you.
I suspect the reason you are receiving an authenticate failure message is that you still have the equivalent lines of code in your web ticket request:
client.PreAuthenticate = true;
client.Credentials = new NetworkCredential(ticketinguser,ticketingpassword);
These lines are required if you are using windows authentication against the webticket code. You will notice the sample, the instructions I provided, and the video all remove these lines because you are trusting the requesting IP in the config.xml. The above lines are no longer required via the instructions I have provided.
I was able to extract the Webticket implementation from Portal Code. Please find below the pseudo code for same.
Webticket = http://<QLIKVIEWSERVERNAME>/QvAjaxZfc/GetWebTicket.aspx?cmd=<Global method='GetWebTicket'><UserId>QLIKVIEW_USER</UserId></Global>
Webticket = lcXb/KLvZ5trBTtwTxliVcqiZLCsPIKAcQFpSiwt
What I observed is, if the portal is remain idle of 10~15 mins then the Failed to authenticate Popup is coming and this happens when the 2nd AccessPointSession is created in Cookie under Qlikview Server.
Now, this 2nd AccessPointSession is created For QLIKVIEWSERVER. Is it possible to avoid creation of 2nd AccessPointSession?
I too have similar issue but differnt context.. To solve my issue , I thought of restricting the accesspoint login screebn, but to do so, I want to know that, " how to know if user has access to particular .qvw file on qlikview server using webticket?"
As of now, I am using below url to open any report/document(.qvw file)..
All this, I am doing in Java based web application.
In nutshell, I want to know upfront that, if user has access to particular document using webticket before displaying the report.
Your ehlp is highly appreciable and indeed required for me.
When using web tickets you are using DMS. You control access to QlikView applications through the QlikView Management Console. You set named access on QlikView applications by setting up a directory service connection (DSC) containing the userids and groups for the host application you are using to authenticate before requesting the web ticket for authorization.
Please watch this webinar: QlikView in Practice 1: Authorization Webinar for QlikView 11.X
For an example of how to configure an ODBC directory service connection and the format for the tables/views for QlikView to read go here: Dropbox - QVConfigODBCDSP