5 Replies Latest reply: Feb 6, 2017 5:15 AM by Øystein Kolsrud RSS

    Qliksense .NET SDK - Authentication

    Patric Amatulli

      Hi,

       

      i have a question for you guys.

      We have developed an external software which uses .NET SDK for Qliksense.

      We tested it on our environment and it is working correctly.

       

      For the authentication we are using NTLM with network credentials.

       

      We tried to deploy the app on the customer server and we got following message:

       

      "Message":"Connection failed after 4 attempts, Error message:\r\n LicenseAccessDenied, Fatal: Access to the app is denied: NoVailableAccessType!

       

      We are using a dedicated qliksense user with a valid User Access Pass with all the necessary rights to access the Apps (he is a ContentAdmin).

       

      Now I have a doubt that it can be related to the Qliksense Server License:

       

      On our site we have a Partner License, the customer on the other site has following license (token from the LEF code):

      OVERAGE;NO;;

      TIMELIMIT;VALUE;;2017-02-03

      SPECIAL_EDITION;EVALUATION;;

       

      It is a special edition license. Is this the cause of the error or it is related to another issue? Can somebody confirm that the authentication is working fine, but that the problem relies on the License type/App access ?

       

      Thanks and regards,

      Patric

       

        • Re: Qliksense .NET SDK - Authentication
          Øystein Kolsrud

          Can you access the app with that user through Qlik Sense?

           

          And by the way, did you copy/paste that error message? Looks like a typo in there, so if you did, then we should look into it.

            • Re: Qliksense .NET SDK - Authentication
              Patric Amatulli

              Hi,

               

              the error message is:

              Capture2.PNG

               

              And yes I can definitely access the app from the hub with that user.

               

              I have doubts that the Evaluation license has some restrictions.

              The other thing I would like to know about this error if the authentication versus QPS (Proxy Service) is working correctly, whereby the access on the app fails.

               

              Same configuration works on our environment the only difference we have a partner license :-).

               

              Thanks for your help!

               

              Patric

                • Re: Qliksense .NET SDK - Authentication
                  Øystein Kolsrud

                  There should be nothing special about the evaluation license from what I understand. Following up on that proxy service authentication track sounds like a better approach. Try to run the short program below. The final WriteLine should tell you which user the proxy considers you to be when you are logged in.

                   

                  using System;
                  using System.Net;
                  
                  class Program
                  {
                      static void Main(string[] args)
                      {
                          var client = new WebClient();
                          client.UseDefaultCredentials = true;
                          client.Headers.Add("User-Agent", "Windows");
                          var url = <your url>:
                          var dummyResponse = client.DownloadString(url + "/qmc"); // Used to collect cookie
                          client.Headers.Add("Cookie", client.ResponseHeaders[HttpResponseHeader.SetCookie]);
                          var theUser = client.DownloadString(url + "/qps/user");
                          Console.WriteLine(theUser);
                      }
                  }
                  

                   

                  You might want to modify the credential setup based on your configuration. The "UseDefaultCredentials" will try to log you on through NTLM using your current user.

                    • Re: Qliksense .NET SDK - Authentication
                      Patric Amatulli
                      
                      

                      Why I have to use the proxy authentication and why it is the better way to go?
                      I would like to use the standard .NET SDK libraries for our project.


                      If you are saying that the license does not matter so I have to investigate where the problem relies.

                       

                      I implmented all kind of different authentication methods in my code:

                      • NtlmUserViaProxy with Network Credentials
                      • Static Header authentication using a custom virtual proxy
                      • Certificate Authentication using Qlik Client certificate

                       

                      All this authentication methods are working fine in our environment and we can access Apps and traverse them without any problems.

                       

                      he goal of this project is to run a service app which are exporting in diff. time intervals the object data (type=table) into different file formats (e.g. .xls, .csv).

                      For that we are using a dedicated service app user (AD User), with a valid Access Pass allocated. That user has access to all Apps as he is defined as ContentAdmin in our QMC. This 3thd party software is running as a service and has to use the own credentials when authenticating to the server.

                       

                      I will be on-site at customer side in the next time and I would like to analyze the issue more in detail.

                       

                      Anyway I have tried your code btw. and in our environment it is not working: 401 is returned:

                       

                                  var client = new WebClient();
                                  client.UseDefaultCredentials = false;
                                  client.Credentials = new System.Net.NetworkCredential("userID", "pwd", "domain");
                                  client.Headers.Add("User-Agent", "Windows");
                                  var url = "ServerIP";
                                  var dummyResponse = client.DownloadString(url + "/hub"); // Used to collect cookie
                                  client.Headers.Add("Cookie", client.ResponseHeaders[HttpResponseHeader.SetCookie]);
                                  var theUser = client.DownloadString(url + "/qps/user");
                                  Console.WriteLine(theUser);
                      

                       

                       

                      Kind regards,

                      Patric

                        • Re: Qliksense .NET SDK - Authentication
                          Øystein Kolsrud

                          I realizes that the intention of my previous message might not have been entirely obvious, but the goal was to follow up on the "if the authentication versus QPS (Proxy Service) is working correctly" part you mentioned earlier. It was intended to diagnose what user you actually end up with when connecting through the SDK. It could for instance have been the case that you ended up as an anonymous user, which could have explained the licensing issues.

                           

                          At what row in the program do you get the 401? Is it the at the client.DownloadString call at line 6 in your code above? Or is it at the QPS endpoint call? If it is the first, you might want to check what the traffic looks like when you do the access in a browser (make sure you are not already logged in to Qlik Sense when you do so). That call is basically the same as you do when you access the same url in the browser. If you bring up the traffic log, you should see a redirect message like this:

                           

                          1. Request URL:https://<the url>/hub/
                          2. Request Method:GET
                          3. Status Code:302 Authenticate at this location
                          4. Remote Address:<remote ip>:443


                          Also, which version of Qlik Sense are you trying to access?