13 Replies Latest reply: Mar 29, 2010 1:57 PM by Mark Kimmerly RSS

    anonymous access

    yiling1990

      Hi everyone,

      I have Qlikview Server 9 installed and using IIS as the web server instead of the default QVWS. in order for qlikview to work, i need to enable windows integrated authentication and disable anonymous access.

      however, this would mean i would need to enter a password everytime I wanted to access qlikview from outside the server box. is there a way to somehow let qlikview accept authentication tokens from windows so that if i log in as a user on an active directory that has access to qlikview, qlikview will automatically extract the user information and give me access without me having to type a username and password again.

      Thanks in advance for any insight,

      Yiling

        • anonymous access
          Karl Humma

          Yes. A local user should have been created with installation it is called IQVS_[machinename] . If you give this user access (in ntfs) to your qvw folder or direct access to the qvws you would like to show on AccessPoint then you can set the security in the QMC >User Documents >Authorization to Always anonymous. Click on the green plus sign and the option will be available there. If you are allowing anonymous in IIS this should work.

          Hope this helps!

           

          /Karl

            • anonymous access
              yiling1990

              Thanks for your reply Karl. Unfortunately, it doesnt seem to work. The only way that Authorization options will even show up in the User Documents settings is if Qlikview is set to DMS authorization. But once I do this, wouldn't Qlikview just control file authorization directly and not even check the ntfs settings?

              In any case, i tried it with setting only Anonymous access in IIS and I would always immediately get the "You are not authorized to see this page" error when I tried to access the AccessPoint page in a browser.

              However, if I give the Virtual directory Qlikview integrated windows authentication, I dont get that page, but when accesspoint opens up, only the header picture is shown, nothing else. In Internet Explorer, it reports there is an error on the page on the botton left corner and clicking on the details says something about "Qva is undefined"

              Is there something I'm missing?

              Thanks,

              Yiling

                • anonymous access
                  Mahasweta

                  Hi Yiling,

                  Did you get the solution for the same issue you have raised here?

                  If so please do provide me the solution as i need the same to implement.

                  Thanks in advance,

                  Mahasweta

                    • anonymous access
                      yiling1990

                      no not yet. i'm still working on a solution. if i find it, i will post it here

                        • anonymous access
                          Mahasweta

                          Hi Yiling,

                          I got the same through NTNAME section access.And it works for me.

                          You can check the same if it helps you.

                          The script is as below,

                          Section Access;
                          Load
                          'USER' as ACCESS,
                          DOMAINNAME AS NTNAME,SCEN
                          Resident USERINFO;

                          Section Application;
                          Load SCEN Resident USERINFO;

                          Here my domain name and access info is coming from the database, so which all users NTNAME is mentioned in the database, they only can open the file.

                          And when the allowed user tries to open the file its not asking him the userid and password again, as the same is fetched from the windows NT login.

                          Hope it may help you.

                          Thanks,

                          Mahasweta

                           

                           

                            • anonymous access

                              I put all zerofoot print in a password protected folder , and front page before user logons shows a image located in this protected folder , thus forcing user to logon , if logon picture is green if not its red. then user need never logon agagain as im using ntusername.

                               

                               

                              • anonymous access
                                yiling1990

                                Thanks for the reply Mahasweta,

                                I'm looking for something more along the lines of just having a group have permissions to Qlikview, and specifically how many users or who the users are in the group isn't important. Therefore, I don't have a database with all the user info as it would mean someone who have to keep track of new users being added and older users leaving. However, I'm trying to get it so that all user within that group will automatically have their credentials taken by Qlikview without having to enter in a username and password each time. Can section access be set to allow all users of a group and then check if users that try to access the QVW are members of that group?

                                Thanks again,

                                Yiling

                        • anonymous access
                          Karl Humma

                          im sorry i mixed and matched here. The Authorization to Always anonymous in the User Documents is for DMS only.

                          Assuming your Directory Service Connector is set to you Active Directory adding the IQVS_[machinename] user to the NTFS permissions of your document folder should allow anonymous access. Be sure to check the settings of your System >Setup >QlikView Web Services ?AccessPoint ta as well for Authentication. Setting to Never is anonymous for AccessPoint...

                          But reading further into this thread that is not exactly what you want to do, is it?

                           

                          Sorry for the confusion.

                           

                          Can you clarify what your directory service resource is, i.e. dms, local, domain, custom... As there are a few ways to get this working.

                           

                          /Karl

                            • anonymous access
                              yiling1990

                              I am using Active Directory for the directory service. Currently I'm using dms authorization but i'm willing to use whatever works best/easiest.

                              thanks,

                              Yiling

                                • anonymous access
                                  Karl Humma

                                  If you are using dms then in the QlikView Management Console > User Documents tab when you click on an application you should see an option on the right for Authorization here is where you can add the anonymous access via the green plus sign and the pencil (when you hover it it will say Change)...

                                  /Karl

                                    • anonymous access
                                      yiling1990

                                      Thanks for your reply Karl. I actually ended up solving the issue and that was part of the fix. The main problem for me was that the setting I had for the Qlikview Virtual Directories wasnt set up correctly for anonymou access. Since I am using IIS as the web server, the anonymous user set in IIS must be the IIS anonymous user, not Qlikview's. Also, the local Authenticated Users group had to have logon permission to the server machine. Once that was set up, I had to set AccessPoint authentication to something other than Always, and then everything sort of went smoothly. However, I'm still missing the final part that gets Qlikview to read the User's token and have AccessPoint only show the documents that the user is authorized to see.

                                        • anonymous access

                                          Hello Yiling,

                                          I know this is an old thread, please pardon the step back in time...

                                          I am attempting to set up a system that sounds very similar to your described system. We are trying to integrate QV into an ASP.NET application. Our ASP.NET app uses forms authentication, and I'm looking for a way to 'pass through' either the user's credentials or an auth token to the QV server after our app authenticates the user. I don't necessarily need QV to worry about user-level access or permissions - our web app will handle permissions and filtering content for the user. All I want to accomplish is a 'behind the scenes' authentiation for a QV session so the user only has to deal with one authentication prompt. (Our implementation uses an IFrame to contain the QV document, so when the QV server gets the request, it's coming directly from the user's browser.)

                                          Do you have any advice for me on this?

                                          Has anyone else out there tried and/or succeeded in setting up system similar to what I've described above?

                                          Much gratitude for any advice/help anyone can provide,
                                          -Mark