locked
XML over HTTP / Authentication RRS feed

  • Question

  • We are looking to interface our PHR (which uses classic ASP and SQL server) with HealthVault.  One of the options to do this seems to be using XML over HTTP which is the option we think we want to pursue.  Is there more information, code samples, or anything else that might be useful in the development of XML over HTTP with ASP (even non-ASP code examples that use XML over HTTP)?  (All of the code samples in the SDK are in c#)

     

    As for authentication to HealthVault, it seems that the user would have to login to our system, then login into the vault from a link which redirects back to our system with a querystring parameter that can be used in the auth-token tag in XML to make requests from our server to the vault.  We have a network of hospitals that can login to our system and retrieve patient PHRs.  We would like them to be able to click a button and view formatted information from the patient (data that the patient has approved access for, for our system).  How can this be done? 

    - Is there a way for our application to have a common user/pass to login to the vault and retrieve a specific persons data (who has given our application access)? 

    - Or must the patient create a shared user/pass that would be displayed on our system and the hospitals would see that and have to login to the vault with the shared user/pass in order for our application to retrieve the auth-token for the particular patient?

    - Or would we just save the auth-token in our database linked to that user after they logged in from our system and into healthvault, and use that auth-token in future transactions?

    Wednesday, November 21, 2007 4:02 PM

Answers

  • At this time, we don't have samples of using XML over HTTP, and while we do plan to have such samples in the future, we don't currently have a timeline for having them.

     

    I would also caution you that even when such samples are available, it will likely be much harder to build applications that way than using the .NET libraries.

     

    To answer your other questions, HealthVault supports an offline mode in which the user gives their authorization once (through a web-application), and then that application records a user token that can then be used to access that user's information independently. If you think that might work for you, you should read this post.

     

    If you haven't yet contact our business development folks, that would also be a good thing to do.

    Monday, November 26, 2007 6:00 PM
  • hi Venkat:

     

    You can find the headers for XML-HTTP authentication in following set of posts:

    http://healthblog.vitraag.com/topics/rubyonrails/. These posts in general demonstrate how to do talk raw XML with HealthVault (using ruby as a running example).

     

    Hope this helps.

     

    regards,

    Vaibhav

     

    Monday, June 2, 2008 10:05 PM

All replies

  • At this time, we don't have samples of using XML over HTTP, and while we do plan to have such samples in the future, we don't currently have a timeline for having them.

     

    I would also caution you that even when such samples are available, it will likely be much harder to build applications that way than using the .NET libraries.

     

    To answer your other questions, HealthVault supports an offline mode in which the user gives their authorization once (through a web-application), and then that application records a user token that can then be used to access that user's information independently. If you think that might work for you, you should read this post.

     

    If you haven't yet contact our business development folks, that would also be a good thing to do.

    Monday, November 26, 2007 6:00 PM
  • On page 12-14 of 58 in Microsoft HealthVault Developers Guide Beta.xps, there is an example for Authentication using XML over HTTP (using DSA signature on the SHA-256 hash). The document is In the Health Vault SDK doc folder. I am also very interested in this topic. Let me know, if you find more on this topic.

     

    Ming

    mwei@ti.com

    Tuesday, November 27, 2007 6:53 PM
  • I am interested in placing method calls to HealthVault using XML over HTTP (as described in the SDK) as well.

    Currently, the main hurdle I have not been able to overcome is this:

    When I place an HTTP POST request to https://platform.microsofthealthbeta.com/platform/, I receive a 405 Method Not Allowed response, like the following:

    < HTTP/1.1 405 Method Not Allowed
    < Allow: OPTIONS, TRACE, GET, HEAD
    < Content-Length: 80
    < Content-Type: text/html
    < Server: Microsoft-IIS/6.0
    < P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
    < X-Powered-By: ASP.NET
    < Date: Mon, 17 Dec 2007 21:09:43 GMT
    <html><head><title>Error</title></head><body>Incorrect function.

    You can see that it is claiming to respond to GET, but not POST.  I suspect I have the wrong URL, but all the documentation (and, in fact, the internals of the SDK) seem to indicate there is no other URL.

    I have tried using the certificate from the HelloWorld sample app, with no effect.

    I have tried supplying what I believe is a completely correct "GetServiceDefinition" payload, also with no effect.


    For reference, here is the POST payload I am sending, signed with the private key from the HelloWorld sample app:

    <wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request">
    <sig digestMethod="sha1" sigMethod="rsa-sha1"><![CDATA[REJuPB1WmeHc+iDRTwQ35t71eQ7ga8VPASPgTCenPHuHtC6qwxtJzMMx9c0ZVozbO0GmWk1cUNt3
    NmMdgaJ3FUmfieb8ZEw2Kgi0XIG+bURNSgEpuTo+KIQiGj0QovvfzcntrzMsWJei+hL0PWeb9BQm
    OavnwtTVxMlI9P3GTqy/8oh9M5eQ4EZByTJUsWJ8ekhakQAZAUoh8E05yvM998DlJMhYJWvFOZGw
    uwTc5hlKmt/g5x5nMbWKF58DiISK+tBFSDO2ChHw7CmvfGDV/xevEFpJD76A/pu2cHd64DL+XgnO
    j/LBNY8/syaOQ5HCRpc96puIQFlAhLk8JcNUvw==]]></sig>
    <params>
    <method>GetServiceDefinition</method>
    <language>en</language>
    <country>us</country>
    <msg-time>2007-12-17T14:57:10.486-0600</msg-time>
    </params>
    </wc-request:request>
    Monday, December 17, 2007 9:22 PM
  • I have discovered what was apparently supposed to be obvious: the full URL is

    https://platform.microsofthealthbeta.com/platform/wildcat.ashx

    Using this URL allows me to move forward to more interesting challenges, such as authenticating properly.

    Thursday, December 27, 2007 8:38 PM
  • Hi Tim

    I could not find this documentation. It will be of great help if you can send me across the exact header you've used in posting the PHR to healthvault.

    Thanks for the info.
    Thursday, May 29, 2008 3:53 PM
  • hi Venkat:

     

    You can find the headers for XML-HTTP authentication in following set of posts:

    http://healthblog.vitraag.com/topics/rubyonrails/. These posts in general demonstrate how to do talk raw XML with HealthVault (using ruby as a running example).

     

    Hope this helps.

     

    regards,

    Vaibhav

     

    Monday, June 2, 2008 10:05 PM