Adding HealthVault to an existing web application.

Question

If you have an existing web application that was not derived from one of the HealthVault SDK samples or created by the Application Manager, what are the DLL(s), web config settings, etc, that you have to include to allow the existing web application to utilize HealthVault?  Our specific scenario is that the user comes into the existing web site; clicks on a button to retrieve some type of information from from HealthVault; display the data from HealthVault. The flow I'm looking to create would be:

Landing Page -> Button Click -> HealthVault Sign In -> Return to Landing Page -> Retrieve HealthVault Data -> Display HealthVault Data -> End

Any suggestions would be appreciated.

 

Answer 1

Hello,

From the scenario you have stated above you can use the Online methods to retrieve data from HealthVault as user will be present during the execution

The HealthVault .Net SDK automates the authentication and authorization steps. For making a page capable of doing HealthVault interactions in Online mode the only thing an application has to do is to derive the page from HealthServicePage. The most simplest way will be to derive the Landing page from HealthServicePage. But in this flow whenever the Landing page is loaded, if user is not logged in to HealthVault, the user will be redirected to HealhVault login, thus making the button click irrelevant.

Here in this scenario I have three suggestions.

1. On the button click redirect the user to a page which derives from HealthServicePage. So when redirection happens the user will be forced to login to HealthVault and authorize the application. The same page can be kept as the Action URL so that the platform will redirect to this page after authentication and authorization. In this page all relevant data can be read and transferred (maybe through session variables) to the Landing page and then redirect to Landing page.
2. Another option is, have the user redirected to a new page that derives from HealthServicePage on button click, but set the landing page as the Action URL. Inside the Landing page you will have to use some of the .Net SDK APIs to save the person information in cookie making it available to be retrieved later. In this flow data can be read directly in the Landing page itself.
3. Another method is similar to the first suggestion, but instead of passing the values to Landing page from the new page, the Landing page can use Offline Connection to retrieve data from the user's record. This will be useful if large amount of data needs to be transferred or situations in which a proper data transfer between the pages cannot be established. The new page during the first authorization has to retrieve the Person ID and the Record ID of the user and save it for future use. So the second time onwards there is no need to redirect the user to the HealthVault login. But please note here that this involves an additional overhead of storing the Person ID and Record ID in some secure location.

Hope this helps.

Thanks and Regards,

Aneesh D.

Answer 2

How would the authorization work if we did not inherit from the HealthServicesPage?  For instance, can we collect the user's credentials and use the HealthVault SDK to authenticate in the page's code behind?  I was looking at the Microsoft.Health.Authentication namespace but not make much sense of it.

Thanks.

Answer 3

Hello,

The above methods I suggested does not require you to derive your existing pages from HealthServicePage but you will have to create a new page that derives from HealthServicePage. This is the easiest way to do it. If your applicaiton doesn't want to add a new page then we can avoid deriving from HealthServicePage, but all the authentication related code will have to be implemented in the default page itself.

I can send you a sample application which demonstrates how to retrieve data from HealthVault in Online mode without deriving from HealthServicePage if you can drop me a mail at v-and@microsoft.com.

Thanks and Regards,

Aneesh D.

Answer 4

Hey Aneesh,

 

Could you send me a copy of that sample application as well?  I'm attempting to do something similar to swmiller.  I'm going to attempt to do this using the methodology you suggested above, but, I'd like to consider all of the alternatives.

Thanks,

 

Chris

Answer 5

Hello Chris,

Are you looking for a sample application demonstrating how to retrieve data from HealthVault without deriving from HealthServicePage? If yes, please drop me a mail at v-and@microsoft.com. I will send you the sample once I receive your mail.

Thanks and Regards,

Aneesh D.

Answer 6

Hello Aneesh,

I noticed the bin folder of an application created by the Application Manager has 9 files of various types. I assume some references need to be added to an existing application that was not created by the Application Manager.  Could you offer some tips on that?

Thanks.

 

---

hz

Answer 7

Hello,

The Bin folder contains the HealthVault .Net SDK DLLs which needs to be added as reference to the HealthVault applications which use the .Net SDK methods. The DLLs are Microsoft.Health, Microsoft.Health.ItemTypes and Microsoft.Health.Web. These DLLs come with the .Net SDK . If you have the .Net SDK installed in your machine these DLLs can be found in the installation folder (normally \Program Files\Microsoft HealthVault\SDK\DotNet\Assemblies).

For existing applications please install the .Net SDK and then include the above mentioned DLLs from the .Net SDK installation path.

Hope this answers your query. Please let me know if you need any further clarification.

Thanks and Regards,

Aneesh D.

Answer 8

Hi Aneesh,

Thank you very much for your prompt reply that answers my question which is also a part of the original post of this thread.

My existing page is derived from System.Web.UI.Page, I assume HealthServicePage is also derived from it, so I just need to replace System.Web.UI.Page with HealthServicePag.

Now, I have another question which is also a part of the original post: which part of web.config created by the Application Manager I should copy to the existing project's web.config. I was thinking copying pretty much everything. Can I use the same ApplicationId?

Your tip on this would help give me a really fast start.

---

hz

Answer 9

Yes you are right, the HealthServicePage class derives from System.Web.UI.Page. You can directly derive from HealthServicePage.

The keys inside the appSettings are the ones used by the .Net SDK code, so please copy those values to your existing application. The application ID is used to uniquely identify the application with HealthVault platform. You can copy the application ID from the web.config file of the sample application created by Application Manager to the existing application. Also please make sure that you are not using the same application ID for more than one application which have different configuration values (data types or permissions etc.).

Thanks and Regards,

Aneesh D.

Answer 10

Thanks, Aneesh.

I copied all the keys including the ApplicationId. I also copied folder "cert' including its pfx file, then modified the value of ApplicationCertificateFileName accordingly. When I run the application, I get the following error:

The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

I am using the VS development server.  I do not get this error with the application created by the Application Manager.  Could offer some advice?  I am sorry to keep bugging you.

 

---

hz

Answer 11

Hello,

Are you able to run the existing web site properly without those Web.config values? Can you please paste the complete Web.config content here?

Thanks and Regards,

Aneesh D.

Answer 12

Yes, I can run the existing web site even with those Web.config values as long as the page derived from HealthServicePage is not touched.

The following is the web.config with a few lines with confidential information deleted

<?xml version="1.0"?>
<!-- 
  Note: As an alternative to hand editing this file you can use the 
  web admin tool to configure settings for your application. Use
  the Website->Asp.Net Configuration option in Visual Studio.
  A full list of settings and comments can be found in 
  machine.config.comments usually located in 
  \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
 <appSettings>
  <add key="ApplicationId" value="97e23440-8507-4b20-abcc-d57883265580" />
  <add key="ShellUrl" value="https://account.healthvault-ppe.com/" />
  <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/" />
  <!-- when we call the SignOut() method on HealthServicePage, it redirects us to the page below -->
  <add key="NonProductionActionUrlRedirectOverride" value="Redirect.aspx" />
  <!-- The redirect page (specified above) uses these keys below to redirect to different
     pages based on the response from the shell -->
  <add key="WCPage_ActionHome" value="default.aspx" />
  <add key="WCPage_ActionAppAuthSuccess" value="healthvault-score-report.aspx" />
  <add key="WCPage_ActionSignOut" value="SignedOut.aspx" />
  <add key="ApplicationCertificateFileName" value="C:\Users\foo\cert\WildcatApp-97e23440-8507-4b20-abcc-d57883265580.pfx" />
 </appSettings>

 <!--
      The <authentication> section enables configuration 
      of the security authentication mode used by 
      ASP.NET to identify an incoming user. 
    -->
 <location path="CSS">
  <system.web>
   <authorization>
    <allow users="*"/>
   </authorization>
  </system.web>
 </location>
 <location path="Membership">
  <system.web>
   <authorization>
    <allow users="*"/>
   </authorization>
  </system.web>
 </location>
 <location path="AccountManagement.aspx">
  <system.web>
   <authorization>
    <deny users="?"/>
   </authorization>
  </system.web>
 </location>

 <system.web>
  <customErrors mode="Off"/>
  <sessionState mode="InProc" timeout="120"/>


  <authentication mode="Forms">
   <forms loginUrl="~\Membership\Login.aspx" cookieless="UseDeviceProfile" timeout="5960"/>
  </authentication>


  <!-- 
      Set compilation debug="true" to insert debugging 
      symbols into the compiled page. Because this 
      affects performance, set this value to true only 
      during development.

      Visual Basic options:
      Set strict="true" to disallow all data type conversions 
      where data loss can occur. 
      Set explicit="true" to force declaration of all variables.
    -->
  <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
   <buildProviders>
   </buildProviders>
   <assemblies>
    <add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
   </assemblies>
  </compilation>
  <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
   <namespaces>
    <clear/>
    <add namespace="System"/>
    <add namespace="System.Collections"/>
    <add namespace="System.Collections.Specialized"/>
    <add namespace="System.Configuration"/>
    <add namespace="System.Text"/>
    <add namespace="System.Text.RegularExpressions"/>
    <add namespace="System.Web"/>
    <add namespace="System.Web.Caching"/>
    <add namespace="System.Web.SessionState"/>
    <add namespace="System.Web.Security"/>
    <add namespace="System.Web.Profile"/>
    <add namespace="System.Web.UI"/>
    <add namespace="System.Web.UI.WebControls"/>
    <add namespace="System.Web.UI.WebControls.WebParts"/>
    <add namespace="System.Web.UI.HtmlControls"/>
   </namespaces>
  </pages>
  <!--
      The <customErrors> section enables configuration 
      of what to do if/when an unhandled error occurs 
      during the execution of a request. Specifically, 
      it enables developers to configure html error pages 
      to be displayed in place of a error stack trace.

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
      <error statusCode="403" redirect="NoAccess.htm" />
      <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>
    -->
 </system.web>
 <system.codedom>
  <compilers>
   <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" compilerOptions="/optioninfer+" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <providerOption name="CompilerVersion" value="v4.0"/>
   </compiler>
  </compilers>
 </system.codedom>
</configuration>

---

hz

Answer 13

Thanks for sharing the Web.config. It looks good to me.

Is the page which is HealthServicePage an HTTPS page? If yes, can you please try running any other HTTPS page which does not derive from HealthServicePage and verify whether you are getting the same error? This error normally happens when the name in the security certificate and the request name are different. I am thinking that the URL domain that you are using for testing the app and the actual name in your production site are different and it may be the reason for this error.

Also are you getting an option of "Continue to this website (not recommended)"? If yes can you please try clicking on it and see whether it is working fine?

Thanks and Regards,

Aneesh D.

Answer 14

Thanks a lot for your persistent help!  I am sorry for late response.  BTW, the "Alert me" of this forum is not working for me.

I am testing with VS2010 Ultimate and using its development server. The HealthServicePage is healthvault-score-report.aspx which is redirected with the following code.

       Response.Redirect("healthvault-score-report.aspx"
);

Therefore it is not an HTTPS page.

Per your suggestion I clicked "Continue to this website (not recommended)" and then logged in but get an error page:

Server Error in '/MySample' Application.

---

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.Cryptography.CryptographicException: An internal error occurred.

---

hz

Answer 15

Hello,

It looks to me that doing a debug session of the scenario will be easier to find out the root cause of the issue. Can you please create a support request for this issue at https://support.microsoft.com/oas/default.aspx?prid=13388&ln=en-us&st=1? Either me or one of our Developer Support agent will work with you to resolve the issue.

If you are finding any issues in creating the support request please drop a mail to me at v-and@microsoft.com so that I can create a case for you.

Thanks and Regards,

Aneesh D.

Answer 16

I am communicating with Hong through email. I will update the status once the issue is resolved.

Answer 17

This issue is resolved by following the steps suggested in this thread.

Regards,

Aneesh D.

Answer 18

Hi,

I am trying to integrate HealthVault with existing web application. I have created a new page which inherits from HealthServicePage & updated web.config file with proper applicationid & certificate name.

After authorization & authentication, it is coming to Redirect page (inherited from HealthServiceActionPage). Querystring has valid url for AppAuthSuccess also. But redirection is not successful & trying to authenticate again & again. It is coming to redirect page & going to healthvault for authentication.... 

Application created using Application Manager SDK works fine.

Please help !!!!!

Thanks in advance !!!!

 

Answer 19

Hello,

Can you please let me know whether you have specified any target for the APPAUTHSUCCESS target in your Web.config file? If not can you please add a target in your config file like below,

<add key="WCPage_ActionAppAuthSuccess" value="..."/>

Please use the page derived from HealthServicePage in the value field.

Regards,

Aneesh D.

Answer 20

Hi Aneesh,

I have specified same value for both "WCPage_ActionAppAuthSuccess" and "WCPage_ActionHome" as like HelloWorld sample application. I am using the page derived from HealthServicePage only ...

Thanks,

  Vishnu

Answer 21

Hi Vishnu,

Can you please take the HTTP traces of the scenario using HTTPWatch and send it to me at v-and@microsoft.com?

Thanks and Regards,

Aneesh D.