2 Replies Latest reply: Dec 13, 2012 10:26 AM by Daniel Lipkie RSS

    QlikView Server 11 SDK sample code authentication

      Hi

       

      I'm trying to get started using the QlikView Server 11 SDK towards the QvManagementService.

      I'm not very familiar with windows authentication schemes.

       

      When I'm trying to run the command line app from the sample code I get as far as trying to get the Service Key.

       

      apiClient.GetTimeLimitedServiceKey();

       

      This failes with "

      An exception occurred: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

      "

       

      By default the client code is set to NTLM authentication. As far as I understand this hashes a password and puts it in the HTTP header. This should imply that the client must be running a user on the same domain as the server or at least has some relation beween the user running the client and a user on the server side.

      I believe I might need to set the service up to use NTLM as well.

       

      A better solution might be to use a certificate, though, but I'm only trying to get a small test app up and running to start with.

       

      Does anyone have any tips on how to get started?

       

      I feel like one of those guys posting 'My computer doesn't work please help", but I'm rather in the dark here and need a few pointers to get going.

       

      Thanks guys!

        • QlikView Server 11 SDK sample code authentication

          When I run the console app on the server and set the endpoint in the config to

          localhost:4799/QMS/Service

          I manage to get the service key.

           

          If I set the endpoint to be the url though (mydomain.com:4799/QMS/Service) I get the same NTLM message as I get when calling the service from my local machine.

            • Re: QlikView Server 11 SDK sample code authentication
              Daniel Lipkie

              This may be what is happening.

               

              You login to windows and run your client, i.e. your client is running "under a user/password". The client communicates to the service running on a host system. The NTLM handshaking goes something like this: Client tries to connect, host returns "fail, let's try NTLM, here is a string, hash it and return it'. The client send the string off to windows which uses the current user to look up a password and then uses the password to hash the string. The client then sends back the user name, the string, the hash. The service host then send the user name and the string off to its OS which then uses the user name to look up a password on the host, and hash the string. The service then compares the hash from the client with the hash from the Host OS ... and if they match says "OK, here use this session id and from now on and I will accept calls from you if they contain this session id."

               

              I have found that if am using separate machines to host the client and the service things go just fine as long as both machines have an account with the same username/password.

               

              I have found this behavior to be common among QMSAPI, Desktop and the OCX.