Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
How to grant access to different data types while user authorizes online

Answered How to grant access to different data types while user authorizes online

  • Tuesday, December 15, 2009 12:33 PM
     
     
    Sign In to Vote
    0
    Hi,

    I'm building a web application for provider practice to view/modify the patient PHR from web application, used
    Connecting a Back-End Clinical System to HealthVault sample to build the application.

    I'm able to get the PHR and modify it from my web application using offline method.

    But when the patient visits https://account.healthvault.com/PatientWelcome.aspx and completes Indentity code validation, user is not able to control read, update, create and delete access for different data types such as Allergy, Conditions etc.

    How to grant different access (view to one data type, edit to another data type) to different data types?

    Thanks in Advance.


     

All Replies

  • Tuesday, December 15, 2009 12:52 PM
     
     Answered
    Sign In to Vote
    1

    Whether the user will be able to control the access while doing application authorizaton depends on how the application is configured.

    If the application is configured (@ http://config.healthvault-ppe.com)  WITHOUT optional rules, the user has no choice but to accept everything (or cancel the process).  Essentially, it is all or none in this case.

    If the application is configured to with  optional rules, users will be given an opportunity to selectively access / not grant access for the optional rules.  But in this case, the onus is on the application to write logic to check the permissions available at runtime and then access (or not access) the data types for specific operations.

    Read more on optional auth here...

    http://blogs.msdn.com/healthvault/archive/2008/04/18/pb3-feature-optional-authorization.aspx

    Raj

    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
     
  • Tuesday, December 15, 2009 4:26 PM
     
     Answered
    Sign In to Vote
    0
    Optional auth is the only way to do this. Here's another reference for how to use it.

    http://blogs.msdn.com/ericgu/archive/2009/03/06/introduction-to-healthvault-development-9-optional-authorization.aspx
     
  • Wednesday, December 16, 2009 2:44 PM
     
     
    Sign In to Vote
    0
    Rajesh, Eric,

    Thank you very much for your instant responses.

    I went through the links, usefull in solving this issue by implementing the logic in provider application. 

    If I'm not wrong, it seems that we need to make the changes in our web application to make it happen. Is there any way to provide the option at HealthVault Authorization itself (i.e link via https://account.healthvault.com/PatientWelcome.aspx) while member authorizes provider practice in online?

    Thanks,
    HCMani

     
  • Wednesday, December 16, 2009 3:19 PM
     
     Answered
    Sign In to Vote
    1
    By design, only applications which has indicated that they could work on lesser (optional) permissions in their configuration showup to the user the ability for them to selectively choose permissions (And that too only at the granularity as defined in the application configuration for the app)

    It will be a bad idea to allow the user to select permission granted to any application during the auth journey - since an application may not be able to function without certain data type access - and the configuration site is a way for applications to let the users know that "unless you give me these data type access you cant use this application".

    Yes, you are right - if you need to use optinal auth, you need to do 2 things.

    a. Configure optional rules in config site
    b. Write code to detect what permissions the user has given and then only attempt to access the ones to which your application has been granted permission

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
     
  • Thursday, December 17, 2009 5:00 AM
     
     
    Sign In to Vote
    0

    Rajesh,

    I completely understood the reason behind your inputs which are reasonably valid. Thanks a lot for taking time and explaining it.

    You have mentioned clear steps to make it happen. Sample link given by Eric is detailed enough in implementing the permissions in provider practice application.

    Thanks,
    HCMani

     
  • Thursday, March 08, 2012 2:55 AM
     
     
    Sign In to Vote
    0

    As per the article,

    Ask the user for access to a new data type

    The user is asked to authorize access to a new type (or types) through the appauth redirect. As part of the query string to this redirect, the following information is passed:

    • The application id
    • A list of rule identifiers

    Are we not supposed to pass user guid? How will health vault know for which user this is being requested for?

     
  • Thursday, March 08, 2012 3:06 AM
     
     
    Sign In to Vote
    0

    Hello Eric

    How can I get the personID for a user from HealthVault? What is the API for that?

    Scenario: User has logged into my web app, and has indicated that he needs to connect to health vault. How can I do this programatically and get the person ID?

     
  • Thursday, March 08, 2012 7:18 AM
     
     
    Sign In to Vote
    0

    Once the user is logged in, he is logged in to HealthVault as well. When you redirect to the APPAUTH target, that user will be logged in, if in the scenario he logged out of HealthVault, then the user will log back in.  In the case for optional auth, since the user already has access to your application, going to the APPAUTH target will just bring the user back to your application. If you want to force app auth to allow users to select more auth rules, then you have to pass in additional parameters.

    http://msdn.microsoft.com/en-us/healthvault/cc265056

    Search for forceappauth 

    Also look at the descriptions for onopt#

     
© 2013 Microsoft. All rights reserved.