locked
Wpf Application for healthvault integrated with WCF over net.tcp -> access denied :( RRS feed

  • Question

  • I have 2 wpf applications (doctor and patient) that can talk each other via wcf -> net.tcp
    my wcf is talk to healthvault ppe in regards to manage both of my apps requirements (pull data, store data, etc etc -> all is done by wcf)

    my wcf project is build on wcf library (dll) so if i run my solution on visual studio 2008, it's run properly -> my wcf can access the healthvault and get the information that i need.

    then, When i publish my wcf project to the iis (right click - publish to iis virtual directory) my iis is already enabled protocol for tcp, i'm using this command to open the tcp connection:

    c:\Windows\system32\inetsrv\appcmd.exe set site "appname" -+bindings.[protocol='net.tcp',bindingInformation='808:*']
    c:\Windows\system32\inetsrv\appcmd.exe set site "appname" -+bindings.[protocol='net.pipe',bindingInformation='*']
    c:\Windows\system32\inetsrv\appcmd.exe set site "appname" -+bindings.[protocol='net.msmq',bindingInformation='localhost']
    c:\Windows\system32\inetsrv\appcmd.exe set app "appname/TCP Service" /enabledProtocols:http,net.pipe,net.tcp,net.msmq

    And then i change my service reference for both my apps, they can connect to the web service and get the meta data.

    But

    When i run the program, and then my wcf start to contact healthvault, it's throw an exception with message: access denied which is very lack of information for me to know which access is denied? -.-! but i reckon, this is something with certificate.

    so is there anybody can help me please?

    thank you!

     

    note:

    things that i notice:
    when i publish to iis, vs change app.config from wcf library into web.config.

    here is the web.config/app.config:

    web.config/app.config :

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
     <appSettings>
      <add key="ApplicationId" value="cd7xx34d-c2e6-4xxf-8a40-bf2f3fxxbd53" />
      <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/" />
      <add key="DoctorXmlData" value="App_Data\doctor_data.xml" />
      <add key="PatientXmlData" value="App_Data\patient_data.xml" />
      <add key="ClientSettingsProvider.ServiceUri" value="" />
     </appSettings>
     <system.web>
      <compilation debug="true" />
      <membership defaultProvider="ClientAuthenticationMembershipProvider">
       <providers>
        <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
       </providers>
      </membership>
      <roleManager defaultProvider="ClientRoleProvider" enabled="true">
       <providers>
        <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
       </providers>
      </roleManager>
     </system.web>
     <!-- When deploying the service library project, the content of the config file must be added to the host's 
     app.config file. System.Configuration does not support config files for libraries. -->
     <system.serviceModel>
      <services>
       <service behaviorConfiguration="ServiceAssembly.TcpServiceBehavior" name="ServiceAssembly.TcpService">
        <endpoint address="tcp" binding="netTcpBinding" bindingConfiguration="" contract="ServiceAssembly.ITcpService">
         <identity>
          <dns value="localhost" />
         </identity>
        </endpoint>
        <endpoint address="mex" binding="mexTcpBinding" bindingConfiguration="" contract="IMetadataExchange" />
        <host>
         <baseAddresses>
          <add baseAddress="net.tcp://localhost:8888/Design_Time_Addresses/ServiceAssembly/TcpService/" />
         </baseAddresses>
        </host>
       </service>
      </services>
      <behaviors>
       <serviceBehaviors>
        <behavior name="ServiceAssembly.TcpServiceBehavior">
         <!-- To avoid disclosing metadata information, 
         set the value below to false and remove the metadata endpoint above before deployment 
         <serviceMetadata /> -->
         <serviceMetadata httpGetEnabled="False" />
         <!-- To receive exception details in faults for debugging purposes, 
         set the value below to true. Set to false before deployment 
         to avoid disclosing exception information -->
         <serviceDebug includeExceptionDetailInFaults="True" />
        </behavior>
       </serviceBehaviors>
      </behaviors>
     </system.serviceModel>
    </configuration>

    Thursday, May 27, 2010 11:24 AM

Answers

  • Hello,

    Please go through the following post and let me know if you are still facing the issues: http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/105d6f7c-3960-4aa4-a4ba-da9abf6f5ac6


    -Mahesh
    • Marked as answer by 1nk Monday, June 7, 2010 9:56 AM
    Monday, May 31, 2010 2:10 PM
  • If your app can see the certificate but can't see the private key, that's an indication that the process doesn't have sufficient privs to access the private key.

    If you follow the section about winhttpcertcfg in the link Mahesh provided, that should fix you up. You will need to know what user your code is running under...

    • Marked as answer by 1nk Monday, June 7, 2010 9:56 AM
    Tuesday, June 1, 2010 2:45 PM

All replies

  • Hello,

    Could you please send me the stack trace of the error. Also, can you please let me know on which Operating System you are running the application.


    -Mahesh
    Thursday, May 27, 2010 11:53 AM
  • Hi Mahesh,

    thank you for your reply,

    here's my stack trace of the error:

    Server stack trace: at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter) at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Patient.ServiceReference.ITcpService.EndShakeHand(IAsyncResult result) at Patient.ServiceReference.TcpServiceClient.EndShakeHand(IAsyncResult result) in d:\wh\cd\prjcts\ms.hc\dev\hcd\patient\service references\servicereference\reference.cs:line 639 at Patient.ServiceReference.TcpServiceClient.OnEndShakeHand(IAsyncResult result) in d:\work hard\crayon digital\projects\microsoft.homecare\development\home care demo\patient\service references\servicereference\reference.cs:line 649 at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)

     

    Thanks,

     

    Friday, May 28, 2010 9:04 AM
  • Hello,

    The stack trace does not include any HealthVault APIs, so it does not seem that the error is related to HealthVault. To confirm this can you please take the Request-Response Tracing as mentioned in the following msdn blog.


    -Mahesh
    Friday, May 28, 2010 9:34 AM
  • Hi Mahesh,

     

    Thanks for your reply, and sorry it's take quite a while,

    I've done what are you suggesting and, the SDK.log is created and here's the sdk.log contains:

     

    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Opening cert store (read-only): LocalMachine
    HealthVaultTraceSource Information: 0 : Looking for matching cert with subject: CN=WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Found matching cert subject with thumbprint: B0714C87C78990363A6D956796F2C5739BE4E92C
    HealthVaultTraceSource Information: 0 : Looking for private key
    HealthVaultTraceSource Information: 0 : Failed to retrieve private key for certificate: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
    
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
     at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
     at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
     at Microsoft.Health.ApplicationConfiguration.GetApplicationCertificateFromStore(Guid applicationId, StoreLocation storeLocation, String certSubject)
    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Opening cert store (read-only): LocalMachine
    HealthVaultTraceSource Information: 0 : Looking for matching cert with subject: CN=WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Found matching cert subject with thumbprint: B0714C87C78990363A6D956796F2C5739BE4E92C
    HealthVaultTraceSource Information: 0 : Looking for private key
    HealthVaultTraceSource Information: 0 : Failed to retrieve private key for certificate: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
    
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
     at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
     at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
     at Microsoft.Health.ApplicationConfiguration.GetApplicationCertificateFromStore(Guid applicationId, StoreLocation storeLocation, String certSubject)
    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Opening cert store (read-only): LocalMachine
    HealthVaultTraceSource Information: 0 : Looking for matching cert with subject: CN=WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Found matching cert subject with thumbprint: B0714C87C78990363A6D956796F2C5739BE4E92C
    HealthVaultTraceSource Information: 0 : Looking for private key
    HealthVaultTraceSource Information: 0 : Failed to retrieve private key for certificate: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
    
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider

     

    after that i try to make .pfx from healthvault application manager, and produce .pfx file.

    then i try again and this is the result:

     

    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Attempting to load certificate from file: E:\My Works\Crayon Digital\Projects\Microsoft.HomeCare\Development\Home Care Demo\TcpService\cert\Home Care Demo.pfx
    HealthVaultTraceSource Information: 0 : Loading certificate from file without a password
    HealthVaultTraceSource Information: 0 : Failed to load certificate: System.Security.Cryptography.CryptographicException: An internal error occurred.
    
     at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
     at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
     at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
     at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
     at Microsoft.Health.ApplicationConfiguration.GetApplicationCertificateFromFile(String certFilename)
    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Attempting to load certificate from file: E:\My Works\Crayon Digital\Projects\Microsoft.HomeCare\Development\Home Care Demo\TcpService\cert\Home Care Demo.pfx
    HealthVaultTraceSource Information: 0 : Loading certificate from file without a password
    HealthVaultTraceSource Information: 0 : Failed to load certificate: System.Security.Cryptography.CryptographicException: An internal error occurred.
    
     at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
     at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
     at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
     at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
     at Microsoft.Health.ApplicationConfiguration.GetApplicationCertificateFromFile(String certFilename)
    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Attempting to load certificate from file: E:\My Works\Crayon Digital\Projects\Microsoft.HomeCare\Development\Home Care Demo\TcpService\cert\Home Care Demo.pfx
    HealthVaultTraceSource Information: 0 : Loading certificate from file without a password
    HealthVaultTraceSource Information: 0 : Failed to load certificate: System.Security.Cryptography.CryptographicException: An internal error occurred.
    
     at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
     at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
     at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
     at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
     at Microsoft.Health.ApplicationConfiguration.GetApplicationCertificateFromFile(String certFilename)
    HealthVaultTraceSource Information: 0 : Using default cert subject: WildcatApp-cd76734d-c2e6-4c4f-8a40-bf2f7f28bd53
    HealthVaultTraceSource Information: 0 : Attempting to load certificate from file: E:\My Works\Crayon Digital\Projects\Microsoft.HomeCare\Development\Home Care Demo\TcpService\cert\Home Care Demo.pfx
    HealthVaultTraceSource Information: 0 : Loading certificate from file without a password
    HealthVaultTraceSource Inform

     

    Thank you so much for helping me through this out.

     

    Thanks!

    Sunday, May 30, 2010 1:00 PM
  • Hello,

    Please go through the following post and let me know if you are still facing the issues: http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/105d6f7c-3960-4aa4-a4ba-da9abf6f5ac6


    -Mahesh
    • Marked as answer by 1nk Monday, June 7, 2010 9:56 AM
    Monday, May 31, 2010 2:10 PM
  • If your app can see the certificate but can't see the private key, that's an indication that the process doesn't have sufficient privs to access the private key.

    If you follow the section about winhttpcertcfg in the link Mahesh provided, that should fix you up. You will need to know what user your code is running under...

    • Marked as answer by 1nk Monday, June 7, 2010 9:56 AM
    Tuesday, June 1, 2010 2:45 PM