locked
Access Denied creating Child App RRS feed

  • Question

  • We are trying to provision a new child app for our master applcation however we receive an AccessDenied exception when the provisioning code is run.

     

    Our application id should have been granted Master Application permissions, but perhaps the AccessDenied exception indicates it has not.

     

    Partial Exception Trace is:

    {{{

       at CreateChildApplication.CreateApplication() in c:\cygwin\home\rseward\spinn\spinn-net\hv-utils\CreateChildApplication.cs:line 74

       at Spinn.Program.Main(String[] args) in c:\cygwin\home\rseward\spinn\spinn-net\spinn-add-child-app\Program.cs:line 41 Microsoft.Health.HealthServiceAccessDeniedException :StatusCode = AccessDenied :StatusCodeId = 11    

    }}}

     

    The provisioning code is as follows:


    public class CreateChildApplication
    
    {
    
        public CreateChildApplication()
    
        {
    
    
        }
    
    
        public static void CreateApplication()
    
        {
    
            String myAppId = "our-master-guid";
    
            
    
            // Create an offline connection, we use an empty Guid as personId
    
            // There is a bug to create a constructor without requiring a guid
    
            OfflineWebApplicationConnection offlineConnection =
    
                new OfflineWebApplicationConnection(
    
                    new Guid(myAppId),
    
                    " https://platform.healthvault-ppe.com/platform/wildcat.ashx ",
    
                    Guid.Empty);
    
            //offlineConnection.Authenticate();
    
            
    
            // Setting up the application we want to create
    
            ApplicationInfo appInfo = new ApplicationInfo();
    
            appInfo.Name = "myechart";
    
            appInfo.AuthorizationReason = "Myechart needs authorization to allow you to share information and communicate online with your attending physician.";
    
            appInfo.Description = "Personal Health Information and Emergency Notification for an Active Lifestyle.";
    
            appInfo.ConfigurationOptions = ApplicationOptions.None;
    
            
    
            // get a base64 encoded logo
    
            appInfo.LargeLogo = new ApplicationBinaryConfiguration("my_e-chart-1.jpg","content-type\\image");
    
            // base64 encoded public key for this application
    
            appInfo.PublicKeys.Add(
    
                GetPublicKeyFromPfxOrP12("myechart.cer"));
    
            appInfo.PrivacyStatement = new ApplicationBinaryConfiguration(
    
                "myechart-privacy.txt", "content-type\\text");
    
            appInfo.TermsOfUse = new ApplicationBinaryConfiguration
    
                ("myechart-terms-of-use.txt", "content-type\\text");
    
            appInfo.ActionUrl = new Uri(" https://www.myechart.com/auth/ ");
    
            
    
            // Create the rules individually
    
            List<AuthorizationSetDefinition> rules = new List<AuthorizationSetDefinition>(); 
    
            
    
            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Basic.TypeId));
    
            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Personal.TypeId));
    
            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Allergy.TypeId));
    
            
    
            AuthorizationRule rule1 = new AuthorizationRule(
    
                HealthRecordItemPermissions.All,
    
                rules /*(AuthorizationSetDefinition)(new TypeIdSetDefinition(Basic.TypeId))*/,
    
                new List<AuthorizationSetDefinition>());
    
            appInfo.OfflineBaseAuthorizations.Add(rule1);
    
            // Add more rules
    
            Guid childAppId = Provisioner.AddApplication(offlineConnection, appInfo);
    
            Console.WriteLine("Provisioned child app id: "+ childAppId);
    
        }
    
    
        private static byte[] GetPublicKeyFromPfxOrP12(string fullPathToCerFile)
    
        {
    
            X509Certificate cert = new X509Certificate(fullPathToCerFile);
    
            return cert.GetRawCertData();
    
        }
    
    }
    
    

     


     

    The full exception trace is as follows:

    {{{

    Unhandled Exception: Microsoft.Health.HealthServiceAccessDeniedException: Access is denied.

       at Microsoft.Health.EasyWebRequest.WaitForCompletion() in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 754

       at Microsoft.Health.EasyWebRequest.Fetch(Uri url) in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 208

       at Microsoft.Health.EasyWebRequest.Fetch(Uri url, IEasyWebResponseHandler customHandler) in c:\src\hsmain\private\prod\src\sdk\core\EasyWebRequest.cs:line 249

       at Microsoft.Health.HealthServiceRequest.ExecuteInternal() in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceRequest.cs:line 140

       at Microsoft.Health.HealthServiceRequest.Execute() in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceRequest.cs:line 129

       at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, Int32 version, HealthServiceConnection connection, Collection`1 appTokenCreationInfo) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 520

       at Microsoft.Health.Authentication.Credential.MakeCreateTokenCall(String methodName, Int32 version, HealthServiceConnection connection, Guid appId, Boolean isMra) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 436

       at Microsoft.Health.Authentication.Credential.CreateAuthenticatedSessionToken(HealthServiceConnection connection, Guid appId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\Credential.cs:line 381

       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(AuthSessionKeySetPairs keySetPairs, HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 1019

       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateKeySetPair(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 954

       at Microsoft.Health.Web.Authentication.WebApplicationCredential.Authenticate(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 378

       at Microsoft.Health.Web.Authentication.WebApplicationCredential.AuthenticateIfRequired(HealthServiceConnection connection, Guid applicationId) in c:\src\hsmain\private\prod\src\sdk\core\Authentication\WebApplicationCredential.cs:line 345

       at Microsoft.Health.Web.OfflineWebApplicationConnection.Authenticate() in c:\src\hsmain\private\prod\src\sdk\core\OfflineWebApplicationConnection.cs:line 311

       at Microsoft.Health.Web.OfflineWebApplicationConnection.CreateRequest(String

    methodName, Int32 methodVersion, Boolean forAuthentication) in c:\src\hsmain\private\prod\src\sdk\core\OfflineWebApplicationConnection.cs:line 336

       at Microsoft.Health.HealthServiceConnection.CreateRequest(String methodName,

    Int32 methodVersion) in c:\src\hsmain\private\prod\src\sdk\core\HealthServiceConnection.cs:line 162

       at Microsoft.Health.ApplicationProvisioning.Provisioner.AddApplication(OfflineWebApplicationConnection connection, ApplicationInfo applicationConfigurationInformation) in c:\src\hsmain\private\prod\src\sdk\core\ApplicationProvisioning\Provisioner.cs:line 131

       at CreateChildApplication.CreateApplication() in c:\cygwin\home\rseward\spinn\spinn-net\hv-utils\CreateChildApplication.cs:line 74

       at Spinn.Program.Main(String[] args) in c:\cygwin\home\rseward\spinn\spinn-net\spinn-add-child-app\Program.cs:line 41 Microsoft.Health.HealthServiceAccessDeniedException :StatusCode = AccessDenied :StatusCodeId = 11    

    }}}

     

    Monday, June 8, 2009 10:28 PM

Answers

All replies

  • What's your app ID?
    Tuesday, June 9, 2009 12:17 AM
  • It looks like you are trying to create a Child AppId with these three data types, with Permissions.All:

            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Basic.TypeId));

            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Personal.TypeId));

            rules.Add(new TypeIdSetDefinition(Microsoft.Health.ItemTypes.Allergy.TypeId));

    Assuming that you are using the 813c11ea... AppId, I can see in the config tool that you have configured these types:

    Basic Demographic Information
    Personal Demographic Information
    Allergy

    Within the raw XML of your config I see each action/permission spelled out (Read, Create, Update, Delete) but in the UI I see Permissions.All, so I don't think that a permission mismatch is the issue.

    Looking in detail at the types ... I looked up the GUIDs for each of your types in our HealthRecordItemType Schema Browser at http://developer.healthvault.com/types/types.aspx and I see that each of the types that is named in my second list above has a type GUID that shows up in your configuration. 

    At times I have seen confusion about which types are associated with the classes "Basic" and "Personal" but I believe that you have that mapping correct.

    Your methodmask also looks correct in the config tool.

    At this point, I suppose I should wait for confirmation about which AppId you are using.
    Chris Tremonte, PM - HealthVault
    Tuesday, June 9, 2009 12:44 AM
  • I believe this was cleared up over email-- there was confusion over the app ID and associated configuration.
    Tuesday, June 23, 2009 6:47 PM