How to use the createauthenticatedsessiontoken
-
Wednesday, November 07, 2012 3:30 PM
Hi,
I am having trouble trying to write the proper xml request for the CreateAuthenticatedSessionToken method. I used the HealthVault Application Manager and I was able to get an application id. I dont really understand how to generate the proper values for the "<sig>?????</sig>" and the <hmac-alg algName="HMACSHA1">?????</hmac-alg> elements. thank you for your help.
<?xml version="1.0" encoding="utf-8"?>
<wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request">
<header>
<method>CreateAuthenticatedSessionToken</method>
<method-version>1</method-version>
<app-id>7913dc91-c69d-4d0d-b28f-862561673f28</app-id>
<language>en</language>
<country>US</country>
<msg-time>2008-05-29T21:48:45.189Z</msg-time>
<msg-ttl>1800</msg-ttl>
<version>0.10.1851.2824</version>
</header>
<info>
<auth-info>
<app-id>7913dc91-c69d-4d0d-b28f-862561673f28</app-id>
<credential>
<appserver>
<sig digestMethod="SHA1" sigMethod="RSA-SHA1" thumbprint="1FC9F24FA46975AB7BDDDAF2C114821A17069F1F">???</sig>
<content>
<app-id>7913dc91-c69d-4d0d-b28f-862561673f28</app-id>
<shared-secret>
<hmac-alg algName="HMACSHA1">???</hmac-alg>
</shared-secret>
</content>
</appserver>
</credential>
</auth-info>
</info>
</wc-request:request>
All Replies
-
Thursday, November 08, 2012 1:14 AMWe have multiple SDKs available for being able to do the method requests for you, what language are you writing in?
-
Thursday, November 08, 2012 2:08 PMI am programming with a custom language developed by the company owner based on Linux and C. I can only use a "curl" like function to post the data to healthvault.
-
Thursday, November 08, 2012 6:01 PMOwner
Hi,
In order to authenticate your application you will need to be able to create a digital signature using an RSA private key. In order to authenticate each subsequent request, you will need to be able to produce a SHA256 Hmac and SHA256 hash. The example posted above uses CreateAuthenticatedSessionToken V1 and SHA1 which are deprecated for new applications at this point.
Your best bet at this point is to read through one or two of the sdk libraries out there. You can look at the .NET SDK or the Java library at http://healthvaultjavalib.codeplex.com/
Basically, the signature is an base-64 encoded RSA signature of the entire <content>...</content> element from the first '<' to the last '>' including all whitespace with no normalization.
The shared secret is used to hmac (thus authenticate) all subsequent requests. The <header>...</header> element is hmac'ed from the first '<' to the last '>' including all whitespace with no normalization.
The header contains a HASH of the <info>...</info> element from the first '<' to the last '>' including all whitespace with no normalization.
Sample CreateAuthenticatedSessionToken Request:
<wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request"> <header> <method>CreateAuthenticatedSessionToken</method> <method-version>2</method-version> <app-id>11111111-1111-1111-1111-111111111111</app-id> <language>en</language> <country>US</country> <msg-time>2012-05-16T21:56:28.533Z</msg-time> <msg-ttl>1800</msg-ttl> <version>2.0.0.0</version> </header> <info> <auth-info> <app-id>11111111-1111-1111-1111-111111111111</app-id> <credential> <appserver2> <sig digestMethod="SHA1" sigMethod="RSA-SHA1" thumbprint="B7A86A7562B433BD310F787F70AFCB292EF14B2E"> fOD1C+44ymCjlT9nwrfvy4Rxogrs7hmPSGQHZDjgblzsA0tazvMQZ058+PN+hriZWiCtaAq/z04JONt+ryTiDedGly8sj64madwK247rBLfdkKgI0aDxDg8L1sJoLdWvdkegFJc0SRy0ZcxELWFdcVGlO2f7Z0Id4HUdpAdXJUpkENMYriRtmh8MXmC7VKcianYgx9IZ6uapS5mvWupq75oE6GaBQl6U1gn2GC8//gzIdYxVCAL3uoVnPUci1/pqXyR0rLf5fNbNJ02bS2g5IEt5VYiCapS4cHBGMd/hripChJ7SjIzm5dOgj2AyJJEp8uHFGY3+nm/LOZA1KYb+aA==</sig> <content> <app-id>11111111-1111-1111-1111-111111111111</app-id> <hmac>HMACSHA256</hmac> <signing-time>2012-05-16T21:56:28.4571266Z</signing-time> </content> </appserver2> </credential> </auth-info> </info> </wc-request:request>Sample CreateAuthenticatedSessionToken Response
<response> <status> <code>0</code> </status> <wc:info xmlns:wc="urn:com.microsoft.wc.methods.response.CreateAuthenticatedSessionToken2"> <token app-id="11111111-1111-1111-1111-111111111111" app-record-auth-action="NoActionRequired"> ASAAAHIOKTjFnjNOq1RCcOaEqN7YonoOoLtCd2EO0M+WldKuB1AmXTsz48gV4hOEtZN7DEugBxY1fqle9hO3VbK+JU5e+mwugs78wyZO75qXotfZnhNjq8ZuxYr3u8zqlFxD1PatEHL2TRxbXrciMMab5f55IEMeNON8OLTDKXrzL1E7dfoq1E2xRe/jbJ3Vf+m6PVVP+pjKRZfftZX58tNx1jySGQJlGoCm2rS8qMEdCBuFliY/ZOkmF8WAuw3clFX7oZ0C8MXJgrwzdsgaHnudGYQv282bm7WCvYEMpyMnNmk+tWvOgw==</token> <shared-secret>39OxFE8y8Wt+T7kqt8g+fk6fgcxSdrABjoB8kN3/rGNMz09mp1uM3Mhx0RijQ//+ErYuj612TtDo9Ck2LnvLJA==</shared-secret> </wc:info> </response>Sample GetPersonInfo Request
Here is a sample request showing the HMAC and Hash in practice:
<wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request"> <auth> <hmac-data algName="HMACSHA256">lYGdQbQgJASkaHogU7GBesKDXBMdfxiUnF8AVR7I2BU=</hmac-data> </auth> <header> <method>GetPersonInfo</method> <method-version>1</method-version> <auth-session> <auth-token>ASAAAHIOKTjFnjNOq1RCcOaEqN7YonoOoLtCd2EO0M+WldKuB1AmXTsz48gV4hOEtZN7DEugBxY1fqle9hO3VbK+JU5e+mwugs78wyZO75qXotfZnhNjq8ZuxYr3u8zqlFxD1PatEHL2TRxbXrciMMab5f55IEMeNON8OLTDKXrzL1E7dfoq1E2xRe/jbJ3Vf+m6PVVP+pjKRZfftZX58tNx1jySGQJlGoCm2rS8qMEdCBuFliY/ZOkmF8WAuw3clFX7oZ0C8MXJgrwzdsgaHnudGYQv282bm7WCvYEMpyMnNmk+tWvOgw==</auth-token> <user-auth-token>ASAAADNt1Jwbx85MgH9vkWzAINCmzCkqYC3o6+iVGmTA6zVnVahayq8og26W4L8a2ETtJmCIpDNMxF96dUlU5IMfyJnOeWrYdpIWTfDlbjOymmVbjUUjEiTe8DOdWXwdclGqINRAnU+sq5KRrzwn9TMcSa8zziCVzB+dTA1H352J8nDVUBEqnQ==</user-auth-token> </auth-session> <language>en</language> <country>US</country> <msg-time>2012-05-16T21:58:59.291Z</msg-time> <msg-ttl>1800</msg-ttl> <version>2.0.0.0</version> <info-hash> <hash-data algName="SHA256">ZbR1gwo184c/YSTAFOCI3/p39GNdgAzv8BcW6yK9Ubg=</hash-data> </info-hash> </header> <info /> </wc-request:request>
- Edited by robmayOwner Thursday, November 08, 2012 6:07 PM
- Marked As Answer by Scott HitMicrosoft Employee, Owner Friday, November 09, 2012 1:23 AM
-
Thursday, November 08, 2012 6:29 PM
Ok thanks for your help,
I will read further in the java doc and see if I can make it running
-
Monday, November 26, 2012 10:01 PM
The java sdk doesnt seem to be using the CreateAuthenticatedSessionToken 2.0 versions.
Now I am looking for a way to encrypt the <content></content> element to generate the proper "base-64 encoded RSA signature" without success.
I always get Acces Is Denied
I'm calling the web service at this url : https://platform.ppe.telushealthspace.com/platform/wildcat.ashx from this url: http://sndexv1.sednove.ca/fr/telus/connect.sn
<?xml version="1.0" encoding="UTF-8"?> <wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request"> <header> <method>CreateAuthenticatedSessionToken</method> <method-version>2</method-version> <app-id>5422036b-70e1-4146-9def-50ebd2199105</app-id> <language>en</language> <country>CA</country> <msg-time>2012-11-26T16:57:45.0Z</msg-time> <msg-ttl>1800</msg-ttl> <version>2.0.0.0</version> </header> <info> <auth-info> <app-id>5422036b-70e1-4146-9def-50ebd2199105</app-id> <credential> <appserver2> <sig digestMethod="SHA1" sigMethod="RSA-SHA1" thumbprint="D04A914DB91FF2A1A664D19BCE50CF4F203DBF3F">2c39cd8c304cec84bb762cb876791b1e51312941</sig> <content> <app-id>5422036b-70e1-4146-9def-50ebd2199105</app-id> <hmac>HMACSHA256</hmac> <signing-time>2012-11-26T16:57:45.0Z</signing-time> </content> </appserver2> </credential> </auth-info> </info> </wc-request:request>
<?xml version="1.0" encoding="UTF-8"?> <response> <status> <code>11</code> <error> <message>Access is denied.</message> </error> </status> </response>
thank you for your help
Stéphane Roy Web Developer Sednove
