My app was working before but now i get access denied

Several folks have run in to issues, where their application was working fine at some point and now they see an error like - 

[HealthServiceAccessDeniedException: Access is denied.]
  
Microsoft.Health.EasyWebRequest.WaitForCompletion() +438
  
Microsoft.Health.EasyWebRequest.Fetch(Uri url) +150
...
   Microsoft.Health.AuthenticatedConnection.Authenticate() +79
...

 The cases typically are-

  1. The application was working fine in PPE (pre production environment) or Production environment and you recently did some certificate key-pair (typically makecert) operations, and/or sent a new public key to Microsoft.
  2. The application was working fine in PPE and now you moved to Production with new certificate.

Also, a likely culprit is that you are using the same server for targeting the PPE and Production environment.

So, what's the big mystery behind all this? Well, the essence is that your private key being used for the web application doesn't correspond to the public key which is configured in the Microsoft environment.

How does this usually surface? Well if you use the Application Manager from the HealthVault SDK on the system running your webserver (you might have to uncheck the box "show unnamed applications"), you will see more than one certificate associated with your application id (WildcatApp-<your_app_id>). So what this means is that you are confusing the HealthVault SDK on which private key to use to talk to the HealthVault platform and yep! the wrong one is being used! Hence the access denied!

So what's the solution? Know your keys! Guard them and yep! make sure that there is only one private key on the server associated with your application and its being used against the correct public key / environment. You can achieve this by deleting and moving out the irrelevant keys from your key store.

Comments