locked
Access Denied: Offline Application and HealthRecordAccessor.NewItem RRS feed

  • Question

  • Hello,

     

    I'm currently getting Access Denied when attempting to add a new item to a HealthRecord.

     

    My ApplicationId = d1dd4e0f-80bf-43dd-8dd4-a797f5ebbb68

    I show the following rule for my application.

     

    Rule Name Permissions Data Types Is Optional?
    AddUpdateResults All Lab Test Result False

     

    When logged in as the test user it shows that this rule has been approved by the HealthVault Person.

    The Code.
     

    OfflineWebApplicationConnection owac = new OfflineWebApplicationConnection(new Guid(ConfigurationManager.AppSettings["ApplicationId"]), ConfigurationManager.AppSettings["HealthServiceUrl"] + "wildcat.ashx", PHRSysPersonID);

    owac.Authenticate();

    HealthRecordAccessor hra = new HealthRecordAccessor(owac, PHRSysRecordID);

     

    LabTestResults ltr = new LabTestResults();

     

    // SOME CODE THAT FILLS LabTestResults OBJECT OUT.


    hra.NewItem(ltr);

     

    I successfully connect, authenticate, and can read data.  The last line, however throws the Access Denied exception.

    Any advice on what I may be doing incorrectly would be greatly appreciated.

     

    Thursday, September 18, 2008 5:08 PM

Answers

  • Sorry, I missed your reply.

     

    QueryPermissions doesn't work in offline mode right now...

     

    Try calling QueryPermissions() from your online application, and make sure that the offline permissions allow you to perform the operations you expect on the type.

     

    You might also be interested in looking at offline console application

     

    Thursday, October 9, 2008 6:20 PM
  • Try Removing the authentication of (deauthorize) the application from the user's account and authenticate again (you will get a new personid/recordid and use that for future offline connections).  This had solved the problem for me atleast once.  

     

     

    Saturday, October 11, 2008 9:34 PM
  • When you authorize the application for the Account are you giving the application access to each seperate record? 

     

    It seems like you are only giving the application access to the Self record and not the others. 

     

    Try granting the application access to all of the records and see if that helps.

     

    Friday, October 31, 2008 8:19 PM

All replies

  • Can you try calling QueryPermissions on your HealthRecordAccessor, and see what it says?

     

    I'm presuming that when you say you have a rule, you've defined it in the offline section?

    Friday, September 19, 2008 4:54 PM
  • Added

     

    var perms = hra.QueryPermissions(new List<Guid> { LabTestResults.TypeId });

     

    This throws the following exception.

     

    {"The authentication token element of the request is required for this method."} System.Exception {Microsoft.Health.HealthServiceAccessDeniedException}

     

    I don't see a place to specify the authentication token for QueryPermissions, however the OffLineWebApplicationConnection has Authenticated and has an authentication token.

     

     

    The rule in question is indeed present and defined in the offline section for the LabTestResult Type with Permissions All.

     

    Monday, September 22, 2008 4:57 PM
  • Anything?

    Thursday, October 9, 2008 4:34 PM
  • Sorry, I missed your reply.

     

    QueryPermissions doesn't work in offline mode right now...

     

    Try calling QueryPermissions() from your online application, and make sure that the offline permissions allow you to perform the operations you expect on the type.

     

    You might also be interested in looking at offline console application

     

    Thursday, October 9, 2008 6:20 PM
  • We are simply contributing data, so we don't have an online application.

     

    The only difference I can see in the example you linked and how I am attempting to construct the OfflineWebApplicationConnection is that the example does not pass the ApplicationID or HealthServiceUrl to the constructor.

    I will attempt the approach of supplying only the PersonID we have saved off in constructing the connection to see if it makes a difference.

     

    In fact, I'll work to replicate as closely as I can the sample to verify I can do all that it does and then attempt the creation of new data and report my findings early next week.

     

    Till then,

     

    -- gray

    Friday, October 10, 2008 2:32 AM
  • Try Removing the authentication of (deauthorize) the application from the user's account and authenticate again (you will get a new personid/recordid and use that for future offline connections).  This had solved the problem for me atleast once.  

     

     

    Saturday, October 11, 2008 9:34 PM
  • Alright, I tried a couple things and this is what I found.

     

    The Account has multiple Records.  This results in my Person ID being the same for all my Records with the Record ID being different for each human being.

     

    The Record ID with the relationship of Self will allow for all the operations required, however those with a relationship other than Self  are throwing the Access Denied exception.

     

    Each of those Records with a different relationship have Custodian access.  Is there something I'm missing here?

     

    -- gray

     

    Monday, October 13, 2008 6:15 PM
  • When you authorize the application for the Account are you giving the application access to each seperate record? 

     

    It seems like you are only giving the application access to the Self record and not the others. 

     

    Try granting the application access to all of the records and see if that helps.

     

    Friday, October 31, 2008 8:19 PM
  • When you authorize the application for the Account are you giving the application access to each seperate record? 

     

    It seems like you are only giving the application access to the Self record and not the others. 

     

    Try granting the application access to all of the records and see if that helps.

     

    I'm having the exact same problem that the OP. I have tried deauthorizing/authorizing, but it didn't help. How do I grant access to all of the records? I don't see that option, I suppose that has changed since 2008?
    Tuesday, August 13, 2013 6:58 PM

  • I'm having the exact same problem that the OP. I have tried deauthorizing/authorizing, but it didn't help. How do I grant access to all of the records? I don't see that option, I suppose that has changed since 2008?
    Found a solution to my problem (I had to open an offline connection for each person): 
    Tuesday, August 13, 2013 8:35 PM