Answered by:
Access Denied creating Child App

Question
-
We are trying to provision a new child app for our master applcation however we receive an AccessDenied exception when the provisioning code is run.
Our application id should have been granted Master Application permissions, but perhaps the AccessDenied exception indicates it has not.
Partial Exception Trace is:
{{{
at CreateChildApplication.CreateApplication() in c:\cygwin\home\rseward\spinn\spinn-net\hv-utils\CreateChildApplication.cs:line 74
at Spinn.Program.Main(String[] args) in c:\cygwin\home\rseward\spinn\spinn-net\spinn-add-child-app\Program.cs:line 41 Microsoft.Health.HealthServiceAccessDeniedException :StatusCode = AccessDenied :StatusCodeId = 11
}}}
The provisioning code is as follows:
public class CreateChildApplication { public CreateChildApplication() { } public static void CreateApplication() { String myAppId = "our-master-guid"; // Create an offline connection, we use an empty Guid as personId // There is a bug to create a constructor without requiring a guid OfflineWebApplicationConnection offlineConnection = new OfflineWebApplicationConnection( new Guid(myAppId), " https://platform.healthvault-ppe.com/platform/wildcat.ashx ", Guid.Empty); //offlineConnection.Authenticate(); // Setting up the application we want to create ApplicationInfo appInfo = new ApplicationInfo(); appInfo.Name = "myechart"; appInfo.AuthorizationReason = "Myechart needs authorization to allow you to share information and communicate online with your attending physician."; appInfo.Description = "Personal Health Information and Emergency Notification for an Active Lifestyle."; appInfo.ConfigurationOptions = ApplicationOptions.None; // get a base64 encoded logo appInfo.LargeLogo = new ApplicationBinaryConfiguration("my_e-chart-1.jpg","content-type\\image"); // base64 encoded public key for this application appInfo.PublicKeys.Add( GetPublicKeyFromPfxOrP12("myechart.cer")); appInfo.PrivacyStatement = new ApplicationBinaryConfiguration( "myechart-privacy.txt", "content-type\\text"); appInfo.TermsOfUse = new ApplicationBinaryConfiguration ("myechart-terms-of-use.txt", "content-type\\text"); appInfo.ActionUrl = new Uri(" https://www.myechart.com/auth/ "); // Create the rules individually List<AuthorizationSetDefinition> rules = new List<AuthorizationSetDefinition>(); rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Basic.TypeId)); rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Personal.TypeId)); rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Allergy.TypeId)); AuthorizationRule rule1 = new AuthorizationRule( HealthRecordItemPermissions.All, rules /*(AuthorizationSetDefinition)(new TypeIdSetDefinition(Basic.TypeId))*/, new List<AuthorizationSetDefinition>()); appInfo.OfflineBaseAuthorizations.Add(rule1); // Add more rules Guid childAppId = Provisioner.AddApplication(offlineConnection, appInfo); Console.WriteLine("Provisioned child app id: "+ childAppId); } private static byte[] GetPublicKeyFromPfxOrP12(string fullPathToCerFile) { X509Certificate cert = new X509Certificate(fullPathToCerFile); return cert.GetRawCertData(); } }
The full exception trace is as follows:
{{{
Unhandled Exception: Microsoft.Health.HealthServiceAccessDeniedException: Access is denied.
at Microsoft.Health.EasyWebRequest.WaitForCompletion() in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 754
at Microsoft.Health.EasyWebRequest.Fetch(Uri url) in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 208
at Microsoft.Health.EasyWebRequest.Fetch(Uri url, IEasyWebResponseHandler customHandler) in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 249
at Microsoft.Health.HealthServiceRequest.ExecuteInternal() in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceRequest.cs:line 140
at Microsoft.Health.HealthServiceRequest.Execute() in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceRequest.cs:line 129
at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, Int32 version, HealthServiceConnection connection, Collection`1 appTokenCreationInfo) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 520
at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, Int32 version, HealthServiceConnection connection, Guid appId, Boolean isMra) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 436
at Microsoft.Health.Authentication.Credential.CreateAuthenticatedSessionToken(HealthServiceConnection connection, Guid appId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 381
at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(AuthSessionKeySetPairs keySetPairs, HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 1019
at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 954
at Microsoft.Health.Web.Authentication.WebApplicationCredential.Authenticate(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 378
at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateIfRequired(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 345
at Microsoft.Health.Web.OfflineWebApplicationConnection.Authenticate() in c:\src\hsmain\private\prod\src\sdk\core\OfflineWebApplicationConnection.cs:line 311
at Microsoft.Health.Web.OfflineWebApplicationConnection.CreateRequest(String
methodName, Int32 methodVersion, Boolean forAuthentication) in c:\src\hsmain\private\prod\src\sdk\core\OfflineWebApplicationConnection.cs:line 336
at Microsoft.Health.HealthServiceConnection.CreateRequest(String methodName,
Int32 methodVersion) in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceConnection.cs:line 162
at Microsoft.Health.ApplicationProvisioning.Provisioner.AddApplication(OfflineWebApplicationConnection connection, ApplicationInfo applicationConfigurationInformation) in c:\src\hsmain\private\prod\src\sdk\core\ApplicationProvisioning\Provisioner.cs:line 131
at CreateChildApplication.CreateApplication() in c:\cygwin\home\rseward\spinn\spinn-net\hv-utils\CreateChildApplication.cs:line 74
at Spinn.Program.Main(String[] args) in c:\cygwin\home\rseward\spinn\spinn-net\spinn-add-child-app\Program.cs:line 41 Microsoft.Health.HealthServiceAccessDeniedException :StatusCode = AccessDenied :StatusCodeId = 11
}}}
Monday, June 8, 2009 10:28 PM
Answers
-
I believe this was cleared up over email-- there was confusion over the app ID and associated configuration.
- Proposed as answer by Lowell MeyerMicrosoft employee Tuesday, June 23, 2009 6:47 PM
- Marked as answer by Lowell MeyerMicrosoft employee Wednesday, July 1, 2009 6:10 PM
Tuesday, June 23, 2009 6:47 PM
All replies
-
What's your app ID?Tuesday, June 9, 2009 12:17 AM
-
It looks like you are trying to create a Child AppId with these three data types, with Permissions.All:
rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Basic.TypeId));
rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Personal.TypeId));
rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Allergy.TypeId));
Assuming that you are using the 813c11ea... AppId, I can see in the config tool that you have configured these types:
Basic Demographic Information
Personal Demographic Information
Allergy
Within the raw XML of your config I see each action/permission spelled out (Read, Create, Update, Delete) but in the UI I see Permissions.All, so I don't think that a permission mismatch is the issue.
Looking in detail at the types ... I looked up the GUIDs for each of your types in our HealthRecordItemType Schema Browser at http://developer.healthvault.com/types/types.aspx and I see that each of the types that is named in my second list above has a type GUID that shows up in your configuration.
At times I have seen confusion about which types are associated with the classes "Basic" and "Personal" but I believe that you have that mapping correct.
Your methodmask also looks correct in the config tool.
At this point, I suppose I should wait for confirmation about which AppId you are using.
Chris Tremonte, PM - HealthVaultTuesday, June 9, 2009 12:44 AM -
I believe this was cleared up over email-- there was confusion over the app ID and associated configuration.
- Proposed as answer by Lowell MeyerMicrosoft employee Tuesday, June 23, 2009 6:47 PM
- Marked as answer by Lowell MeyerMicrosoft employee Wednesday, July 1, 2009 6:10 PM
Tuesday, June 23, 2009 6:47 PM