locked
Health Vault SDK RRS feed

  • Question

  • i have downloaded the Health Vault SDK. I worked with it in my development environment i.e localhost it worked simply fine. i was able to establish and offilne connection using patient connect. Able to read and write data from/to health vault. 

    But when i move to different environment i.e https:// . i am not able to access my page. 

    i was growing through so many forums and did do what the folks asked to. but still no luck i am still not able to access the page. i checked to see if the network service is authorized, everything looks ok to me. between i created a new appid for this environment,registered it, set the access rules, granted permssion to iis.etc. The wierd thing i see is that, in the SDk Application configuration Manager i see the ASP NET DEV SERVER AND UNDER IIS UNCHECKED.I would like to know what step i am missing. 

    And also to mention i was doing export/import and i have also set the ApplicationCertificatePassword and declared it in web config. Here is my syntax.

    <add key="ApplicationCertificatePassword" value="11newyork"  />

    ApplicationId for your reference : "4f77586c-8485-4f3a-8541-1f011691065a"

    Your help is greatly appreciated.

    Thanks!


    Bhavani

    • Moved by Mike Feng Thursday, October 11, 2012 10:42 AM Health (From:.NET Base Class Library)
    Wednesday, October 10, 2012 6:51 PM

Answers

  • Bhavani,

    If your application was working before and stopped working after moving to an SSL site, it is likely you have a problem with the SSL settings. Did you check your bindings in IIS to make sure https is configured properly?

    Another item to verify- the application pool identity of your web site (or web application) in IIS should have access to your application's HealthVault certificate. This can be done via command line or through the Certificates MMC snap-in (right mouse on the certificate, select All Tasks and then Manage Private Keys). Note that depending on what version of IIS you're using, NETWORK SERVICE may or may not be the default app pool identity. Its best to verify in IIS what your app pool identity is.


    Manish

    • Marked as answer by BhavaniY Thursday, October 11, 2012 3:12 PM
    Thursday, October 11, 2012 2:51 PM

All replies

  • Hi Bhavani,

    I have moved this thread to a dedicated forum for better support.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, October 11, 2012 10:43 AM
  • Bhavani,

    If your application was working before and stopped working after moving to an SSL site, it is likely you have a problem with the SSL settings. Did you check your bindings in IIS to make sure https is configured properly?

    Another item to verify- the application pool identity of your web site (or web application) in IIS should have access to your application's HealthVault certificate. This can be done via command line or through the Certificates MMC snap-in (right mouse on the certificate, select All Tasks and then Manage Private Keys). Note that depending on what version of IIS you're using, NETWORK SERVICE may or may not be the default app pool identity. Its best to verify in IIS what your app pool identity is.


    Manish

    • Marked as answer by BhavaniY Thursday, October 11, 2012 3:12 PM
    Thursday, October 11, 2012 2:51 PM
  • Sure will check that. Also if i am using Patient Connect Offline Authentication method do i still need to inherit the page from HealthServicePage and also my web config settings are as follows.... do i need to have all these settings in place.. Note: I dont have redirect.aspx at all in my application. in development it directs to the correct page but now in hosted url it takes me to health vault login url.

    In need of Suggestions...!


      <add key="ApplicationId" value="6a46f078-a209-4b0b-b205-da13b65e54aa" />
      <add key="ShellUrl" value="https://account.healthvault-ppe.com/" />
      <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/" />
      <add key="NonProductionActionUrlRedirectOverride" value="Redirect.aspx" />
      <add key="WCPage_ActionHome" value="default.aspx" />
      <add key="WCPage_ActionAppAuthSuccess" value="default.aspx" />
      <add key="WCPage_ActionSignOut" value="SignedOut.aspx" />
      <add key="ApplicationCertificateFileName" value="C:\src\Lilah Updated\lilah\src\Healthv1\cert\WildcatApp-6a46f078-a209-4b0b-b205-da13b65e54aa.pfx" />
      </appSettings>

     <appSettingsUser>
        <add key="SpewUnhandledExceptions" value="true" />
        <add key="WCPage_SSLForSecure" value="true" />
      </appSettingsUser>


    Bhavani

    Thursday, October 11, 2012 3:16 PM
  • i added redirect.aspx but i still get this error.

    https://dev.mylilah.com/Redirect.aspx?target=AppAuthSuccess&actionqs=%2fHealthVault%2fHealthVaultAuthentication.aspx%3fpatientid%3dadc77c5c-fc3b-4507-bedb-de77f95fa1a9

    i am doing something wrong with these pages. i dont know what the signedout.aspx does. Let me know if i have to take off few settings in web config.


    Bhavani

    Thursday, October 11, 2012 3:51 PM
  • 

    Bhavani

    Thursday, October 11, 2012 4:50 PM
  • The certificate part is very very confusing to me...

    As i said earlier my app worked fine in development(localhost). These are the steps that i am following.

    1. Open HeathVault Application Manager (Run as Administrator)
    2. Export Public and Private keys (.pfx) for the certificate  you have created.
    3. Copy the certificate into the machine (IIS Hosted).
    4. Delete the certificate from HeathVault Application Manager. Make sure that you have copied the certificate.
    5. Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc.
    6. Import the certificate into Personal > Certificates folder using All Tasks > Import.
    7. Browse the certificate saved in step 3, and make sure that Mark this key as exportable is checked.
    8. Restart HeathVault Application Manager and now you should be able to see the certificate imported.
    9. Right Click on the certificate in HeathVault Application Manager and click on grant  Access to IIS process.

    Granting access to Network Service and IIS(Open Command prompt and point to WinHttpCertCfg tool in the Tools folder that is shipped with the SDK)
    1. WinHttpCertCfg.exe -g -a NetworkService -c Local_Machine\My -s 5056c2a3-b9d1-49cc-a0c3-fa9d288c87f7
    2. winhttpcertcfg.exe -g -a DefaultAppPool -c LOCAL_MACHINE\My -s 5056c2a3-b9d1-49cc-a0c3-fa9d288c87f7

    You can check whether you have got the permissions to the Network service and iis that you have granted with the below command.
    1. winhttpcertcfg.exe -l -c LOCAL_MACHINE\My -s WildcatApp-5056c2a3-b9d1-49cc-a0c3-fa9d288c87f7

    If you have mentioned the ApplicationCertificateFileName key in web.config file, then you need to export the certificate from the ComputerCertificates.msc.
    1. Run c:\Program Files\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc
    2. Right click on the certificate and click on All Tasks > Export and follow the steps to export the certificate name
    3. Now add the key in the web.config file  after you export the certificate to the location which you have full permissions:
    <add key="ApplicationCertificateFileName" value="g:\mshealth\Nice App\cert\WildcatApp-3cdc0cea-6008-4c76-9169-36d44c3d63b4.pfx" />
    4. If the certificate has a password, that can be specified with the ApplicationCertificatePassword key in web.config file.

    So my question is when i create application , i browse the location where my website and i click on create. so it creates a folder for that application. And i also have a certifcate on the desktop which i saved as per the step 3.

    so when it comes to pointing it in the web config which file should i point to. the one on the desktop or the one in the webiste,

    i do not understand this. And i playing with it like from 3-4 days just this certificate part. I defintely need somebody to assit me in doing this.

    Let me know if i was clear explaining. And also in the application configuration manager even i after i click on grant access to iis i dont see the third and fourth boxes checked.

    =----> my web config has too many things which i copied from my example. but i dont really know what they mean. i just have redirect.aspx. And i am using patient connect offline authentication menthod.

    Thank you!


    Bhavani

    Thursday, October 11, 2012 6:14 PM
  • The error screenshot you posted is about an error in locating the certificate file (not related to your earlier question about redirect.aspx- you're likely running into multiple issues) anyways...

    Did you check the path specified in ApplicationCertificateFileName key is correct? Also, does the IIS app pool identity have access to this certificate file?

    Another point- using a plain-text password in the ApplicationCertificatePassword key is not a good idea for production. You'll want to encrypt your web.config file in production to protect the password from prying eyes.

    I'd recommend against using certificate files (unless you have a pressing reason to use certificate files) and instead install the certificate in the Windows certificate store and grant access to it for the IIS app pool identity. This is a best practice and also will alleviate your issue of having to encrypt the web.config file to protect the certificate password.


    Manish

    Thursday, October 11, 2012 6:16 PM
  • Hello Manish,

    Yes i am running into too many issues. 

    1. As of now i am not setting any password to the certificate.

    2. when i check access for  App Pool Identity i get No account information was found. How to give access to defaultApppool.

    3. I am not sure about the path for ApplicationCertificateName. Do i have to point to the one saved on the desktop(via Export) or the application generated (cert/wildcat...).

    4. Also i am not sure how my web config should be.

    5. After i click on allow access it goes this url and does not show anything. 

    https://dev.mylilah.com/Redirect.aspx?target=AppAuthSuccess&actionqs=%2fHealthVault%2fHealthVaultAuthentication.aspx%3fpatientid%3dadc77c5c-fc3b-4507-bedb-de77f95fa1a9

    Thank you.


    Bhavani

    Thursday, October 11, 2012 6:33 PM
  • i dont know what suddenly happend. now it works. i did not change anything at all..

    I will try to do the same in my beta and will check if it works there.


    Bhavani

    Thursday, October 11, 2012 6:40 PM
  • Horrible

    Bhavani

    Thursday, October 11, 2012 8:34 PM
  • it worked in localhost,it worked in https://dev.mylilah.com

    Now i am having trouble with https://beta. i dont understand this certificate thing at all. i am doing the exact same thing what i did in dev, its just playing with me. Now i get the invalid appid.

    inwhich case do we get that error.


    Bhavani

    Thursday, October 11, 2012 8:36 PM
  • My applicationId 

    <add key="ApplicationId" value="575b70dd-82dd-40ec-9694-49a074b72ba0" />

    And web config for your reference 


      <!-- Health Vault Api Keys for Test environment-->
      <add key="ApplicationId" value="575b70dd-82dd-40ec-9694-49a074b72ba0" />
      <add key="ShellUrl" value="https://account.healthvault-ppe.com/" />
      <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/" />
       <!-- when we call the SignOut() method on HealthServicePage, it redirects us to the page below -->
      <add key="NonProductionActionUrlRedirectOverride" value="Redirect.aspx" />
        <!--The redirect page (specified above) uses these keys below to redirect to different
             pages based on the response from the shell -->
      <add key="WCPage_ActionHome" value="default.aspx" />
      <add key="WCPage_ActionAppAuthSuccess" value="default.aspx" />
      <add key="WCPage_ActionSignOut" value="SignedOut.aspx" />
      <add key="ApplicationCertificateFileName" value="C:\Users\Administrator\Desktop\betaHealthhv.pfx" />
      </appSettings>


    Bhavani

    Thursday, October 11, 2012 9:01 PM
  • Also for any no of appids create.. i get the same error invalidappid. please look into this?



    Can i have any Microsoft employee email id so that i can keep in touch with them through mails. 

    Bhavani

    • Edited by BhavaniY Thursday, October 11, 2012 9:42 PM
    Thursday, October 11, 2012 9:41 PM
  • Did you go through acc process of registering and creating an application with the app id?  This thread has become a multitude of issues and I'm not sure what you are doing. We have samples of working application and how-to guides on our MSDN site.
    Friday, October 12, 2012 2:41 AM
  • Yes i suppose i am doing it correctly.

    I was able to set it up perfectly fine * localhost and also finally got it work in my dev ie https. And this afternoon i tried the same exact process in beta. I was not able to pas this. i tried like too many times creating new certicates. It says invalid appid. 

    I dont understand what's the missing piece?


    Bhavani

    • Marked as answer by BhavaniY Tuesday, October 23, 2012 8:58 PM
    • Unmarked as answer by BhavaniY Tuesday, October 23, 2012 8:58 PM
    Friday, October 12, 2012 2:48 AM