What you could consider is to configure the QVS in DMS mode. Add the users to for example the custom directory.
Before you open the Ajax QVW in the frame, first request a ticket from QVS for the particular user that you authenticated in the .NET app.
QlikView will return a ticket that you can append to the document URL (http://server/qvajaxzfc/opendoc.htm?document=xxx&ticket=xxx
The userid that you passed in for the ticket will be available in the NTNAME field in the QVW file. This you can further use in section access to reduce the data for a particular user.
Example code to request a ticket in .NET using QvsNetRemote.DLL:
private string GetTicket(string userId)
QvClient client = new QvClient("localhost", QvClient.Mode.Admin);
request = "<Global method=\"GetTicket\">";
request += " <UserId>" + userId + "</UserId>";
request += "</Global>";
string response = client.Execute(request);
XmlDocument result = new XmlDocument();
Additional point: for security reasons only a member of the "Qlikview Administrator" Group on your QVS (in DMS-Mode) is allowed to retrieve such a ticket.
So if your webportal is run by some other serviceuser, you might not be able to retrieve the ticket directly from the QVS. I normally use a webservice to proxy the ticketrequest.
Here is an example to request a ticket through qvsviewclient (HTTP based). The example uses impersonification. This means you can specify in the name of which user you want to do the request. Make sure this user is a member of QlikView Administrators on the QVS.
You can use this in situations where you work with a separate webserver that is out of domain or for example when you can not change the identity of an IIS application pool.
private string GetTicket(string qlikviewserver, string username)
string postData = "<Global method=\"GetTicket\"><UserId>" + username + "</UserId></Global>";
byte buffer = System.Text.Encoding.ASCII.GetBytes(postData);
System.Net.WebRequest request = System.Net.HttpWebRequest.Create(qlikviewserver + "/qvajaxzfc/qvsviewclient.asp?admin=");
request.ContentType = "text/xml";
request.Method = "POST";
request.ContentLength = postData.Length;
request.Credentials = new NetworkCredential("USERNAME", "PASSWORD");
System.IO.Stream st = request.GetRequestStream();
st.Write(buffer, 0, buffer.Length);
WebResponse res = request.GetResponse();
StreamReader sr = new StreamReader(res.GetResponseStream());
System.Xml.XmlDocument doc = new System.Xml.XmlDocument();
if (doc.InnerText.Length > 0)
throw new Exception("Could not get ticket");
throw new Exception("Could not get ticket, invalid response");
i'm tring to make an example with workbench. I successfully tested the access to qv documents from objects in a workbench asp page.
Now i would access to a document with section access: i writed a page for requesting ticket, passed ticket throw GET to workbench asp page that include objects of protected qv document.
I put the tiket into browser querystring:
When i try to open asp page, i receive next error message: "Failed to open document, You don't have access to this document." (ones for all objects of the documents).
It appear as a credential error but if i use the same username and password for open the same document in qv server, all works fine.
Any idea for help me?
i have a new: i set the security to anonymous access (IQVS_*) for folder that contains document data source.
Now i can view a single object of protected document with workbanch. But, if i put some objects of the same documents, the first object is also readable but other are not. None errors are displayed.
Is there a way for putting some objects of a protected document in a single workbech page?
thank you for your attention. I'm doing a lot of tests and i found next conclusion:
- some objects that have more than 10 columns are not displayed (or, in general, all the objects with long width columns). I try to adjust properties of QV objects (width and height) with no effect.
It appears as a problem of rendering, infact i can see the object if i cut a column at time in the original object and try to display it in aspx page. is there a guideline for the correct setting of qv workbench object?
Another similar problem is the next: if i access to the aspx page with my credential, i can see all the objects that i insert, and some other users-credential can. But two users can't see one particular object in the page: first i think about a problem of browser but it isn't the cause becouse if i test the same page with my usual browser with there credential i can't see the object too.
You can hand over selections in the AJAX-url in QVS9SR2. It's not really save solution, but maybe a startingpoint.
The example selects "germany" in Listbox "LB1462" and "2007" in Listbox "LB1446"
· Separate selections with "&"
Separate text to select with ","
White spaces matters
Selections in the url always clears any other selections in the list box
// qva.Set("Document.LB1462.LOC", "action", "", true);
For a safe solution you really should go for Ticketing in DMS-Mode of QVS! Then you can utilize the NTNAME-column in your SectionAccess-Table within the .qvw! Retrieve a ticket from the QVS for the logged in username! With this ticket in the URL you can have a singlesignon into qlikview and can restrict data as defined in section access --> Ping me if you need an example for this..
Regarding the Hyperlink with selections.
When I try the link on my server I am getting an error saying that I don't have access to the document. When I open through Access point then I don't see the message.
I assume that I have to grant access to the opendoc.htm but I'm not sure who to grant the rights to and what privileges are needed
I am using the Qlikview web server and not IIS if that makes a difference