17 Replies Latest reply: Mar 30, 2015 6:39 AM by Andrea Gigliotti RSS

    GetTicket Authentication still asking me for credentials to log in

    Paulo Hersan

      Hey all, I need your assistance.

       

      I am currently using Qlikview 10 SR2 with IIS as my webserver. I am also using a Custom Directory with a prefix of TEST\ for all my users. (ex: test\johndoe, test\user2, etc)

       

      I've written some code in VB.NET that acts as a landing page, and gets a ticket for authentication from the QlikView Server. You can find the code snippet I used here: http://community.qlik.com/message/117147#117147

      So the main point of the code is that it makes a request for a ticket in the following structure: '<Global method="GetTicket"><UserId>' + username + '</UserId></Global>'

      And the server replies with a ticket like so: 510EA55C2DB723DC04C16C6FB3CDAB24F3390792

      Now, you're supposed to be able to use that ticket as a method of authentication for the user that you passed into the GetTicket request.

       

      My code is running fine and I can retrieve a ticket without any problems.

      However, when I try to access my AccessPoint by using the ticket parameter, it still asks me to log in. It's not an IIS authentication issue because when I change the log in settings in the QEMC to the alternate web form, it'll bring up the alternate web form asking me to log in; if I change it to the regular log in using browser authentication, the browser prompts me for a user name and password. If I type in my custom users, I can log into the AccessPoint.

      I've also tried opening a specific document with a ticket and it still asks me to log in.

      http://localhost/QlikView/?ticket=510EA55C2DB723DC04C16C6FB3CDAB24F3390792

      http://localhost/QvAJAXZfc/AccessPoint.aspx?open=&id=QVS@qvcustom|AP/SalesTest.qvw&client=Ajax&ticket=510EA55C2DB723DC04C16C6FB3CDAB24F3390792

       

      The weird thing is, is that I had it working before the weekend where it would log me into the AccessPoint by using nothing more than my ticket, and it suddenly stopped working this week when I booted up my server.

       

      I've set my security for DMS authorization, authentication for Custom Users with a prefix of TEST\. Like I said, I had it working, and now it's stopped when I rebooted my system on the weekend. Did any QlikView config files change once I rebooted? What could cause something to stop working? I've wasted plenty of time playing with the QEMC already, did I miss something? Do I need to add anything to my code or my IIS settings?

       

      I'm retrieving the tickets just fine, so why isn't the QlikView server accepting them?

       

      Any thoughts are appreciated. Thanks.

        • GetTicket Authentication still asking me for credentials to log in
          Paulo Hersan

          Just to clarify what I'm doing at the moment:

           

          1. I built a webpage that a user inputs his Custom Username

          2. the VB code passes a GetTicket call to the QlikView server using the username typed in by the user (ex: TEST\user1)

          3. the QlikView server returns a ticket that should authenticate the user (ex: ticket=510EA55C2DB723DC04C16C6FB3CDAB24F3390792 would be tied to the user TEST\user1)

          4. I pass that ticket into a URL to open up the AccessPoint or a QVW (ex: http://localhost/QlikView/?ticket=510EA55C2DB723DC04C16C6FB3CDAB24F3390792 or

          http://localhost/QvAJAXZfc/AccessPoint.aspx?open=&id=SalesTest.qvw&client=Ajax&ticket=510EA55C2DB723DC04C16C6FB3CDAB24F3390792)

           

           

          5. I get prompted for a user name and password, when I should already be authenticated.

           

          Like I've mentioned, I had it working before, but when I booted up my machine this week, this log in issue surfaced.

           

          I've noticed that my WebServer config.xml file has the following attribute

          <QvsAuthenticationProt>Negotiate</QvsAuthenticationProt>

           

          Do I want it to be negotiate? Would that have anything to do with it?

            • GetTicket Authentication still asking me for credentials to log in
              Daniel Rozental

              The form asking you for your logins credentials, is it a qlikview's or windows/IE form?

                • GetTicket Authentication still asking me for credentials to log in
                  Paulo Hersan

                  Thanks for the reply,

                   

                  The form depends on the settings I choose in the QEMC found in: System > Setup > QlikView Web Servers > Authentication > Login Address

                   

                  If I set it for Default login page (browser authentication), then IE asks me for the credentials

                  if I set it for Alternate login page (web form), then it redirects me to the QlikView login webpage that looks like this:

                  Login.png

                   

                  Like I said, i'm using a custom directory in QV10 where you can create your users right on the QEMC. This is not AD or Local Windows users.

                   

                  I want to be able to use the ticket to authenticate me, not username/password. It's strange because I'm looking at the logs from the web server and it's dishing out a ticket and doing group lookups on my user. So it's finding the right user when it assigns a ticket... so why can't I navigate to a document/accesspoint using the ticket parameter? I was able to last week.

                   

                  FROM WEBSERVER LOG FILE:

                  6/1/2011 16:37:02.1000342          Information          <Global method="GetTicket"><UserId>AXIS\phersan</UserId><GroupList><string>AXIS\Admins</string><string>AXIS\Users</string></GroupList><GroupListIsNames>true</GroupListIsNames></Global>

                  6/1/2011 16:37:02.1000342          Information          <Global><_retval_>6CECCCF1FE8ADACBF12A7743AD47CD1EB938D341</_retval_></Global>

                   

                  I bolded my groups, meaning it found my user in the directory when I requested a ticket. And I also bolded the ticket, meaning it was able to request and retrieve one.

              • GetTicket Authentication still asking me for credentials to log in
                Daniel Rozental

                My own solution for this was to build my own AP but maybe things have changed since QV10, perhaps you should check with support.

                 

                Also, I don't know how QV carries the custom user from the login page for to the AP, maybe you can look into that, I don't believe they are using ticketing, if they're using a cookie or something like that maybe you can reproduce that as well and then use the standard AP.

                • GetTicket Authentication still asking me for credentials to log in

                  Same issue here. Can anyone provide insight.

                   

                  Thanks

                  • Re: GetTicket Authentication still asking me for credentials to log in
                    Andrea Gigliotti

                    Hi,

                    I have the same problem with my web app using web ticketing authentication: trying to open my qvw document the windows authentication comes up with username/password requests.

                    If I press Cancel the document is being opened correctly.


                    How can I remove this windows pop-up ?


                    I'm using QVWS with DMS authentication method.


                    I already tried passing the "anonymous=true" parameter in the URL, but inside my web app it doesn't works while taping the entire URL in browser address bar the qvw document is opened successfully with no authentication requests.


                    Below the .net code:


                     

                    using System;

                    using System.Collections.Generic;

                    using System.Linq;

                    using System.Web;

                    using System.Web.UI;

                    using System.Web.UI.WebControls;

                    using System.Text;

                    using System.Xml.Linq;

                    using System.IO;

                    using System.Net;


                    protected void Page_Load(object sender, EventArgs e)

                        {

                     

                         String servernameEST="bi1.mdf.it";

                                String username = "DB DSP TEN\\LRASPINI";

                         String groupname = "123456";

                                string Ticket = btnGetWebTicket(servernameEST, username, groupname);

                     

                     

                                if (Ticket == "")

                                {

                                    //ERRORE non c'è ticket

                                    return;

                                }

                     

                                str_accpoint = lnkCallAccesspoint(servernameEST, username, groupname, Ticket);

                         Response.Redirect(str_accpoint);

                     

                     

                      }

                    //////////////////////////////////////////////////////

                     

                        protected string btnGetWebTicket(string servername, string username, string groupname)

                        {

                            string gruppi = "";

                            StringBuilder groups = new StringBuilder();

                            if (!string.IsNullOrEmpty(gruppi))

                            {

                                groups.Append("<GroupList>");

                                foreach (string group in gruppi.Split(new char[] { ';' }))

                                {

                                    groups.Append("<string>");

                                    groups.Append(group);

                                    groups.Append("</string>");

                                }

                                groups.Append("</GroupList>");

                                groups.Append("<GroupsIsNames>");

                                groups.Append("true");

                                groups.Append("</GroupsIsNames>");

                            }

                            string webTicketXml = string.Format("<Global method=\"GetWebTicket\"><UserId>{0}</UserId>{1}</Global>", username, groups);

                     

                            bool chkAnonymous = false; //true;

                            string result = CommHelper.Execute(webTicketXml, new Uri("https://" + servername + "/QvAJAXZfc/GetWebTicket.aspx?anonymous=true"), chkAnonymous, 10000);

                     

                          string Ticket = "";

                            if (string.IsNullOrEmpty(result))

                            {

                                return "";

                            }

                            else

                            {

                                XDocument doc = XDocument.Parse(result);

                     

                                if (doc.Root.Element("_retval_") != null)

                                {

                                    Ticket = doc.Root.Element("_retval_").Value;

                                    return Ticket;

                                }

                     

                                if (doc.Root.Element("message") != null)

                                {

                                    XAttribute xatt = doc.Root.Element("message").FirstAttribute;

                                    return "";

                                }

                                return "";

                            }

                     

                        }

                     

                      protected string lnkCallAccesspoint(string servername, string username, string groupname, string ticket)

                      {

                            string docName = "Gestione Tenute";

                            if (groupname != "")

                                docName = docName + "_" + groupname;

                            string txtTry = @"https://" + servername + @"/QvAJAXZfc/opendoc.htm?document=" + docName + @".qvw&anonymous=true&host=QVS@bi1";

                            string txtBack = "http://connect.mdf.it/Admin/QlikView_Tenute.aspx";

                            return "https://" + servername + string.Format("/QvAJAXZfc/Authenticate.aspx?type=html&anonymous=true&webticket={0}&try={1}&back={2}", ticket, txtTry, txtBack);

                        }

                     

                    public class CommHelper

                    {

                        public static string Execute(string question, Uri iAddress, bool anonymous, int timeoutms)

                        {

                            try

                            {

                                HttpWebRequest client = (HttpWebRequest)WebRequest.Create(iAddress);

                                if (!anonymous)

                                {

                                    client.UseDefaultCredentials = true;

                                    client.PreAuthenticate = true;

                                }

                                client.Method = "POST";

                                client.Timeout = timeoutms;

                                client.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;

                                using (System.IO.StreamWriter sw = new StreamWriter(client.GetRequestStream()))

                                    sw.WriteLine(question);

                                System.IO.StreamReader sr = new StreamReader(client.GetResponse().GetResponseStream());

                                return sr.ReadToEnd();

                            }

                            catch (Exception)

                            {

                                return null;

                            }

                        }

                    }


                    Thanks

                    Andrea