locked
Access is Denied. Error RRS feed

  • Question

  • Hello,

     

    Background: We received a web site and database that another company used to integrate with HealthVault.  The App Id was generated for the other company, and we are using the same one.  We are planning to demonstrate the HealthVault integration on Monday in Orlando.

     

    When accessing any HealthVault information, we get the "Access is Denied." error message.

    Here's what the stack trace looks like:

    Microsoft.Health.HealthServiceAccessDeniedException: Access is denied.
       at Microsoft.Health.EasyWebRequest.WaitForCompletion()
       at Microsoft.Health.EasyWebRequest.Fetch(Uri url)
       at Microsoft.Health.EasyWebRequest.Fetch(Uri url, IEasyWebResponseHandler customHandler)
       at Microsoft.Health.HealthServiceRequest.ExecuteInternal()
       at Microsoft.Health.HealthServiceRequest.Execute()
       at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, HealthServiceConnection connection, Collection`1 appIdCollection)
       at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, HealthServiceConnection connection, Guid appId)
       at Microsoft.Health.Authentication.Credential.CreateAuthenticatedSessionToken(HealthServiceConnection connection, Guid appId)
       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(AuthSessionKeySetPairs keySetPairs, HealthServiceConnection connection, Guid applicationId)
       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(HealthServiceConnection connection, Guid applicationId)
       at Microsoft.Health.Web.Authentication.WebApplicationCredential.Authenticate(HealthServiceConnection connection, Guid applicationId)
       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateIfRequired(HealthServiceConnection connection, Guid applicationId)
       at Microsoft.Health.Web.OfflineWebApplicationConnection.Authenticate()
       at GetHealthVaultData.GetAppointments(String PersonID, String RecordID, Boolean RawValueOnly) in c:\Websites\HV247\App_Code\GetHealthVaultData.cs:line 685
    

     

    I also see this when using the sample HelloWorld app.

     

    I tried using the troubleshooter, but an exception is thrown, and it looks like this:

    Server Error in '/ts' Application.

    Error opening certificate store

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.ApplicationException: Error opening certificate store

    Source Error:

    Line 87:             if (m_store == IntPtr.Zero)
    Line 88:             {
    Line 89:                 throw new ApplicationException("Error opening certificate store");
    Line 90:             }
    Line 91:         }

    Source File: c:\Websites\HV247\cert\Troubleshooting\app_code\CertificateStore.cs    Line: 89

    Stack Trace:

    [ApplicationException: Error opening certificate store]
       CertStuff.CertificateStore.OpenStore() in c:\Websites\HV247\cert\Troubleshooting\app_code\CertificateStore.cs:89
       CertStuff.CertificateStore..ctor() in c:\Websites\HV247\cert\Troubleshooting\app_code\CertificateStore.cs:80
       _Default.Page_Load(Object sender, EventArgs e) in c:\Websites\HV247\cert\Troubleshooting\Default.aspx.cs:73
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +33
       System.Web.UI.Control.OnLoad(EventArgs e) +99
       System.Web.UI.Control.LoadRecursive() +47
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436
    


    Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

     

    Interestingly enough, if I use "impersonate=true" in web.config, and use an admin user in the IIS security settings for anonymous login, the troubleshooter displays properly.

     

    I have also run these commands on the server:

    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a NetworkService -c Local_Machine\My -s "WildcatApp-789ecb2c-e2ca-4a61-a97b-8e2e1347b7ad"
    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a ASPNET -c Local_Machine\My -s "WildcatApp-789ecb2c-e2ca-4a61-a97b-8e2e1347b7ad"
    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a IUSR_<Machine Name> -c Local_Machine\My -s "WildcatApp-789ecb2c-e2ca-4a61-a97b-8e2e1347b7ad"
    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a NetworkService -c Local_Machine\My -s "*.worlddoc.com"
    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a ASPNET -c Local_Machine\My -s "*.worlddoc.com"
    "Z:\Program Files\Microsoft HealthVault\SDK\Tools\winhttpcertcfg.exe" -g -a IUSR_<Machine Name> -c Local_Machine\My -s "*.worlddoc.com"

    "WildcatApp-789ecb2c-e2ca-4a61-a97b-8e2e1347b7ad" is the app cert, *.worlddoc.com is the SSL cert for our website.
    Z: maps to a hard drive where the HealthVault SDK is installed, since it's not installed on the server.

     

    Note: Microsoft has added our SSL certificate so that it's recognized by them.

     

    Does anyone have any ideas about what is causing the "Access is Denied." error?

     

    John Hilts

    Friday, February 22, 2008 1:36 AM

Answers

  • OK, we got resolution on this.

     

    It turns out that since we re-generated the application cert on our server, that needed to be sent to Microsoft so that they could upload it.

     

    Once that was done, the error message went away (as soon as we checked, no 2 hour lag).

     

     

    Friday, February 22, 2008 5:07 PM