locked
APPAUTH with forceappauth not working as expected RRS feed

  • Question

  • I had earlier posted here

    http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/d4995b8b-cf47-4c64-b9ed-25df1b20d48e

    But thought of posting a fresh post since that thread is in "answered" status.

    Here is my problem...

    The calling APPAUTH with forceappauth parameter does NOT seem to return wctoken as expected. 

    The behaviour I see is.

    a.  A user visits the site. 
    b.  Redirected to HV using forceappauth set to True
    c.  Enters his user name and password and authenticates against live.com
    d.  Redirected further to select a record
    e.  User selects a new record to authorize this time
    f.   Redirected back to our application with action SelectedRecordChanged.  But wctoken is empty.

    I am attaching the original redirect to HV and final redirect back from HV below. This corresponds to step b and f in above.


    Thanks!

    Raj




    Original Redirect to HV

    GET /redirect.aspx?target=AUTH&targetqs=appid%3dc300b2fe-04f8-45bb-9d58-d84f56d17ba2%26forceappauth%3dTrue%26actionqs%3d3b622ed3-85d8-4de6-93cc-d48344bde94b%26redirect%3dhttp%253a%252f%252fwww.mysite.com%252fHealthVault%252fRedirect.aspx%26trm%3dpost&trm=post HTTP/1.1
    .....
    Cookie: hv=lastcredtype=Live ID
    Pragma: no-cache
    Host: account.healthvault-ppe.com



    Redirect back from HV

    POST /HealthVault/Redirect.aspx?target=SelectedRecordChanged&actionqs=3b622ed3-85d8-4de6-93cc-d48344bde94b HTTP/1.1
    .......
    Content-Type: application/x-www-form-urlencoded
    Host: www.mysite.com
    Content-Length: 8
    Connection: Keep-Alive
    Pragma: no-cache

    wctoken=


    ====================

    Finally, I am using the following Code to redirect

                StringBuilder sb = new StringBuilder(128);
                sb.Append("appid=");
                sb.Append(WebApplicationConfiguration.AppId.ToString());
                sb.Append("&forceappauth=");
                sb.Append("True");
                sb.Append("&actionqs=");
                sb.Append(System.Web.HttpUtility.UrlEncode(<someguid>));

                Microsoft.Health.Web.WebApplicationUtilities.RedirectToShellUrl(
                    System.Web.HttpContext.Current,
                    "AUTH",
                    sb.ToString());




    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, March 18, 2009 1:31 PM

Answers

  • Raj,

    I've confirmed this is a bug  - you should be getting back a wctoken from the AUTH target when using forceappauth. 

    We will fix this in our next release.

    Unfortunately, I don't have an elegant workaround for you in the meantime.  You might be able to implement something similar on your side, by sending users through the AUTH target and then sending them to APPAUTH immediately afterwards.  You'll want to be careful though to ensure you don't send users there that just went through APPAUTH as part of the AUTH target.

    -Matt W.


    Wednesday, March 18, 2009 11:37 PM

All replies

  • Hi Raj,

    This may be a bug.  If you're using the AUTH target, you should absolutely expect to get back a wctoken.

    I will look into this today and keep you posted.

    -Matt W.
    Wednesday, March 18, 2009 7:20 PM
  • Thanks Matt! 

    Sorry that title of my post incorrectly says "APPAUTH" where as I meant "AUTH"

    Looking forward to hear from you on it.

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, March 18, 2009 7:29 PM
  • Raj,

    I've confirmed this is a bug  - you should be getting back a wctoken from the AUTH target when using forceappauth. 

    We will fix this in our next release.

    Unfortunately, I don't have an elegant workaround for you in the meantime.  You might be able to implement something similar on your side, by sending users through the AUTH target and then sending them to APPAUTH immediately afterwards.  You'll want to be careful though to ensure you don't send users there that just went through APPAUTH as part of the AUTH target.

    -Matt W.


    Wednesday, March 18, 2009 11:37 PM
  • Thanks Matt!  

    There is going to be something kludgy to be done on App - let me do some experiments....

    I assume this has something to do with platform (as against SDK or anything on client side).  How do I figure out when this is fixed?

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, March 18, 2009 11:50 PM
  • Yes, this is a Platform bug.  We're aiming to fix this in our next Platform release.  Keep an eye out for it when the release is announced.

    -Matt W.
    Friday, March 20, 2009 5:54 PM