public ActionResult Create(JournalEntry journalentry)
{
if (ModelState.IsValid)
{
// TODO use an Azure Queue that will be monitored by a worker role
//add the custom type for health vault
ItemTypeManager.RegisterTypeHandler(HVJournalEntry.TypeId, typeof(HVJournalEntry), true);
// get the authed user
var authorizedUser = (User as HVPrincipal);
if (authorizedUser != null)
{
//get the auth token
var authToken = authorizedUser.AuthToken;
// create the appropriate objects for health vault
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred = new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = HealthVaultPlatform.GetPersonInfo(connection);
// before we add make sure we still have permission to add
var result = personInfo.SelectedRecord.QueryPermissionsByTypes(new List<Guid>() { HVJournalEntry.TypeId }).FirstOrDefault();
if (!result.Value.OnlineAccessPermissions.HasFlag(HealthRecordItemPermissions.Create))
throw new ArgumentNullException("unable to create record as no permission is given from health vault");
//Now add to the HV system
personInfo.SelectedRecord.NewItem(new HVJournalEntry(journalentry));
// redirect
return RedirectToAction("Index");
}
}
return View(journalentry);
}
public ActionResult Login(LoginModel model, string returnUrl)
{
// here we are getting posted from HealthVault so extract the wctoken sent
string authToken = Request.Params["wctoken"];
if (authToken != null)
{
// create a web app cred object
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred =
new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = HealthVaultPlatform.GetPersonInfo(connection);
// check to make sure there is access to records
if (personInfo.AuthorizedRecords.Count() == 0)
throw new Exception("There are no authorized users for us to work with!");
// check to see if the user exists
var personId = personInfo.PersonId.ToString();
// we found the user so authenticate them
var username = personId;
var password = personId + appId;
if (Membership.ValidateUser(username, password))
{
// user has authenticated
var user = Membership.GetUser(personInfo.PersonId.ToString());
// save auth cookie
CreateAuthCookie(personInfo, user, authToken);
}
else
{
// the user has not registered with us so create one
// Attempt to register the user
MembershipCreateStatus createStatus;
var newUser = Membership.CreateUser(username, password, "", passwordQuestion: null, passwordAnswer: null, isApproved: true, providerUserKey: null, status: out createStatus);
if (createStatus == MembershipCreateStatus.Success)
{
//save auth cookie
CreateAuthCookie(personInfo, newUser, authToken);
}
else
{
ModelState.AddModelError("", ErrorCodeToString(createStatus));
return View(model);
}
}
// save the user to the local table
SaveUser(personInfo, authToken);
// save the user avatar image to blob
HVUserImageHelper.Default.SaveImageToBlobStorage(personInfo.SelectedRecord == null ? personInfo.AuthorizedRecords.FirstOrDefault().Value : personInfo.SelectedRecord);
// redirect to the actionqs
NameValueCollection query = HttpUtility.ParseQueryString(Request.Url.Query);
var r = HttpUtility.UrlDecode(query["actionqs"]);
return Redirect(new Uri(string.Format("http://{0}{1}{2}",
Request.Url.Host,
(Request.Url.IsDefaultPort ? "" : ":" + Request.Url.Port), r)).ToString());
}
else
{
// no wctoken so just redirect to home
ModelState.AddModelError("", "Unable to authenticate with Microsoft HealthVault.");
}
// If we got this far, something failed, redisplay form
return View(model);
}
/// <summary>
/// Create a connection to the application.
/// </summary>
///
/// <remarks>
/// The ApplicationId must be set before calling this method.
///
/// This method could cause a request to the network to retrieve the
/// cryptographic object identifier of the certificate used by the
/// application. For example in case the hosting machine is joined to
/// a domain, resolving or retrieving the cryptographic object
/// identifier could result in an LDAP query.
/// </remarks>
///
/// <exception ref="SecurityException">
/// The required application-specific certificate is not found.
/// </exception>
///
/// <exception cref="ArgumentException">
/// The person Id is empty.
/// </exception>
///
/// <exception cref="InvalidConfigurationException">
/// The application Id or the certificate, or the healthServiceUrl
/// are incorrect.
/// </exception>
///
/// <returns>
/// An HealthClientAuthorizedConnection instance
/// </returns>
private HealthClientAuthorizedConnection Connect()
{
if (this._applicationId == Guid.Empty)
{
throw Validator.InvalidConfigurationException("InvalidApplicationIdConfiguration");
}
if (this.Certificate == null)
{
throw Validator.InvalidConfigurationException("InvalidApplicationCertificate");
}
if (_healthServiceUrl == null)
{
throw Validator.InvalidConfigurationException("InvalidRequestUrlConfiguration");
}
WebApplicationCredential webApplicationCredential =
new WebApplicationCredential(ApplicationId,
StoreLocation.CurrentUser,
this.Certificate.Subject);
// create a connection based on the app-id and certificate...
return new HealthClientAuthorizedConnection(
webApplicationCredential,
ApplicationId,
_healthServiceUrl);
}
/// <summary>
/// Creates an authorized client connection to the application.
/// </summary>
///
/// <param name="personId">
/// ID of the person for the connection.
/// </param>
///
/// <exception ref="SecurityException">
/// The required application-specific certificate is invalid.
/// </exception>
///
/// <exception cref="ArgumentException">
/// The <paramref name="personId"/> parameter is empty.
/// </exception>
///
/// <exception cref="InvalidConfigurationException">
/// The required application-specific certificate is not found,
/// the value of <see cref="HealthClientApplication.HealthServiceUrl"/> is
/// <b>null</b>, or the value of <see cref="HealthClientApplication.ApplicationId"/>
/// is <see cref="Guid.Empty"/>.
/// </exception>
///
/// <returns>
/// A <see cref="HealthClientAuthorizedConnection"/> instance.
/// </returns>
///
public HealthClientAuthorizedConnection CreateAuthorizedConnection(Guid personId)
{
Validator.ThrowArgumentExceptionIf(
personId == Guid.Empty,
"personId",
"InvalidPersonId");
if (_applicationId == Guid.Empty)
{
throw Validator.InvalidConfigurationException("InvalidApplicationIdConfiguration");
}
if (Certificate == null)
{
throw Validator.InvalidConfigurationException("InvalidApplicationCertificate");
}
if (_healthServiceUrl == null)
{
throw Validator.InvalidConfigurationException("InvalidRequestUrlConfiguration");
}
WebApplicationCredential webApplicationCredential =
new WebApplicationCredential(ApplicationId,
StoreLocation.CurrentUser,
Certificate.Subject);
return new HealthClientAuthorizedConnection(
webApplicationCredential,
ApplicationId,
_healthServiceUrl,
personId);
}
/// <summary>
/// Get's the authenticated person's information using the specified authentication token.
/// </summary>
///
/// <param name="authToken">
/// The authentication token for a user. This can be retrieved by extracting the WCToken
/// query string parameter from the request after the user has been redirected to the
/// HealthVault AUTH page. See <see cref="RedirectToShellUrl(HttpContext, string)"/> for more information.
/// </param>
///
/// <param name="appId">
/// The unique identifier for the application.
/// </param>
///
/// <returns>
/// The information about the logged in person.
/// </returns>
///
public static PersonInfo GetPersonInfo(string authToken, Guid appId)
{
WebApplicationCredential cred =
new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// set up our cookie
WebApplicationConnection connection =
new WebApplicationConnection(appId, cred);
PersonInfo personInfo = HealthVaultPlatform.GetPersonInfo(connection);
personInfo.ApplicationSettingsChanged += new EventHandler(OnPersonInfoChanged);
personInfo.SelectedRecordChanged += new EventHandler(OnPersonInfoChanged);
return personInfo;
}
/// <summary>
/// Instantiates a credential from type information and subsequently
/// calls <see cref="ReadCookieXml"/> to initialize the object.
/// </summary>
///
/// <param name="credNav"></param>
///
/// <returns>
/// An instance of <see cref="Credential"/>.
/// </returns>
///
internal static Credential CreateFromCookieXml(XPathNavigator credNav)
{
Credential cred = null;
// expected schema:
// <type>object Type</type>
// <[credname]>...</[credname]>
XPathNavigator typeNav = credNav.SelectSingleNode("type");
if (typeNav != null)
{
switch (typeNav.Value)
{
case "Microsoft.Health.Authentication.PassportCredential":
cred = new PassportCredential();
break;
case "Microsoft.Health.Web.Authentication.WebApplicationCredential":
cred = new WebApplicationCredential();
break;
default:
return null;
}
typeNav.MoveToFollowing(XPathNodeType.Element);
XmlReader reader = typeNav.ReadSubtree();
reader.Read();
cred.ReadCookieXml(reader);
}
return cred;
}
/// <summary>
/// Creates a new instance of the <see cref="OfflineWebApplicationConnection"/>
/// class with the specified credential, application, HealthVault
/// service URL, and person identification.
/// </summary>
///
/// <param name="credential">
/// The HealthVault application credential used to authenticate the connection.
/// </param>
///
/// <param name="callingApplicationId">
/// The HealthVault application identifier.
/// </param>
///
/// <param name="healthServiceUrl">
/// The URL of the HealthVault service. If an application does not add "/wildcat.ashx" at the end of
/// the URL, the constructor will add it automatically.
/// </param>
///
/// <param name="offlinePersonId">
/// The unique identifier of the offline person who granted permissions
/// to the application to perform operations.
/// </param>
///
/// <exception cref="ArgumentNullException">
/// If <paramref name="healthServiceUrl"/> is <b>null</b>.
/// </exception>
///
public OfflineWebApplicationConnection(
WebApplicationCredential credential,
Guid callingApplicationId,
Uri healthServiceUrl,
Guid offlinePersonId)
: base(callingApplicationId,
healthServiceUrl)
{
Credential = credential;
if (offlinePersonId != Guid.Empty)
{
_offlinePersonId = offlinePersonId;
}
}
/// <summary>
/// Creates a new instance of the <see cref="OfflineWebApplicationConnection"/>
/// class with the specified credential, application, string-formatted
/// HealthVault service URL, and person identification.
/// </summary>
///
/// <param name="credential">
/// The HealthVault application credential used to authenticate
/// the connection.
/// </param>
///
/// <param name="callingApplicationId">
/// The HealthVault application identifier.
/// </param>
///
/// <param name="healthServiceUrl">
/// The URL of the HealthVault service. If an application does not add "/wildcat.ashx" at the end of
/// the URL, the constructor will add it automatically.
/// </param>
///
/// <param name="offlinePersonId">
/// The unique identifier of the offline person who granted permissions
/// to the application to perform operations.
/// </param>
///
/// <exception cref="ArgumentException">
/// The <paramref name="offlinePersonId"/> parameter is Guid.Empty.
/// </exception>
///
/// <exception cref="ArgumentNullException">
/// The <paramref name="healthServiceUrl"/> parameter is <b>null</b>.
/// </exception>
///
/// <exception cref="UriFormatException">
/// The <paramref name="healthServiceUrl"/> parameter is not a properly
/// formatted URL.
/// </exception>
///
public OfflineWebApplicationConnection(
WebApplicationCredential credential,
Guid callingApplicationId,
string healthServiceUrl,
Guid offlinePersonId)
: this(credential,
callingApplicationId,
new Uri(healthServiceUrl),
offlinePersonId)
{
}
/// <summary>
/// Creates a new instance of the <see cref="OfflineWebApplicationConnection"/>
/// class with the specified credential and person identification.
/// </summary>
///
/// <param name="credential">
/// The HealthVault application credential used to authenticate
/// the connection.
/// </param>
///
/// <param name="offlinePersonId">
/// The unique identifier of the offline person who granted permissions
/// to the application to perform operations.
/// </param>
///
/// <exception cref="InvalidConfigurationException">
/// If the web or application configuration file does not contain
/// configuration entries for "ApplicationID" or "HealthServiceUrl".
/// </exception>
///
public OfflineWebApplicationConnection(
WebApplicationCredential credential,
Guid offlinePersonId)
: base()
{
if (credential == null)
{
credential =
new WebApplicationCredential(
ApplicationId,
HealthApplicationConfiguration.Current.ApplicationCertificate);
}
Credential = credential;
if (offlinePersonId != Guid.Empty)
{
_offlinePersonId = offlinePersonId;
}
}
//
// GET: /JournalEntry/Delete/5
public ActionResult Delete(string id)
{
// create the item key
var t = id.Split(',');
var key = new HealthRecordItemKey(Guid.Parse(t[0]), Guid.Parse(t[1]));
// get the user
var hvUser = (User as HVPrincipal);
if (hvUser != null)
{
// get the auth token
var authToken = hvUser.AuthToken;
// create the appropriate objects for health vault
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred = new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = null;
personInfo = HealthVaultPlatform.GetPersonInfo(connection);
// delete the record
personInfo.SelectedRecord.RemoveItem(key);
}
// redirect
return RedirectToAction("Index");
}
//
// GET: /JournalEntry/
public ActionResult Index()
{
// register the custom type
ItemTypeManager.RegisterTypeHandler(HVJournalEntry.TypeId, typeof(HVJournalEntry), true);
// get the user
var hvUser = (User as HVPrincipal);
if (hvUser != null)
{
// get the auth token
var authToken = hvUser.AuthToken;
// create the appropriate objects for health vault
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred = new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = null;
personInfo = HealthVaultPlatform.GetPersonInfo(connection);
// before we add make sure we still have permission to add
var result = personInfo.SelectedRecord.QueryPermissionsByTypes(new List<Guid>() { HVJournalEntry.TypeId }).FirstOrDefault();
if (!result.Value.OnlineAccessPermissions.HasFlag(HealthRecordItemPermissions.Read))
throw new ArgumentNullException("unable to create record as no permission is given from health vault");
// search hv for the records
HealthRecordSearcher searcher = personInfo.SelectedRecord.CreateSearcher();
HealthRecordFilter filter = new HealthRecordFilter(HVJournalEntry.TypeId);
searcher.Filters.Add(filter);
// get the matching items
HealthRecordItemCollection entries = searcher.GetMatchingItems()[0];
// compile a list of journalEntryItems only
var items = entries.Cast<HVJournalEntry>().ToList();
var ret = new List<JournalEntry>(items.Count());
foreach (var t in items)
{
var je = t.JournalEntry;
je.HvId = t.Key.ToString();
ret.Add(je);
}
// return the list to the view
return View(ret);
}
else
{
// if we make it here there is nothing to display
return View(new List<JournalEntry>(0));
}
}
public ActionResult GetUserData(int userId = -1)
{
// just do a basic check
if (userId == -1)
return Json(new { status = "error", msg = "userId not sent" }, JsonRequestBehavior.AllowGet);
// try to find the user
var context = new HVDbContext();
var user = (from t in context.HealthVaultUsers
where t.Id == userId
select t).FirstOrDefault();
// if no user is found return error
if (user == null)
return Json(new { status = "error", msg = "userId not found" }, JsonRequestBehavior.AllowGet);
// extract the token and make the request to health vault for all the data
var authToken = user.WCToken;
// register the type in the HV SDK
ItemTypeManager.RegisterTypeHandler(HVJournalEntry.TypeId, typeof(HVJournalEntry), true);
// create the appropriate objects for health vault
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred = new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = null;
try
{
personInfo = HealthVaultPlatform.GetPersonInfo(connection);
}
catch
{
return Json(new { status = "error", msg = "Unable to connect to HealthVault service" }, JsonRequestBehavior.AllowGet);
}
// get the selected record
var authRecord = personInfo.SelectedRecord;
// make sure there is a record returned
if (authRecord == null)
return Json(new { status = "error", msg = "cannot get selected record" }, JsonRequestBehavior.AllowGet);
// before we add make sure we still have permission to read
var result = authRecord.QueryPermissionsByTypes(new List<Guid>() { HVJournalEntry.TypeId }).FirstOrDefault();
if (!result.Value.OnlineAccessPermissions.HasFlag(HealthRecordItemPermissions.Read))
return Json(new { status = "error", msg = "unable to create record as no permission is given from health vault" }, JsonRequestBehavior.AllowGet);
// search hv for the records
HealthRecordSearcher searcher = authRecord.CreateSearcher();
HealthRecordFilter filter = new HealthRecordFilter(HVJournalEntry.TypeId);
searcher.Filters.Add(filter);
HealthRecordItemCollection entries = searcher.GetMatchingItems()[0];
var ret = entries.Cast<HVJournalEntry>().ToList().Select(t => t.JournalEntry);
return Json(new { status = "ok", data = ret }, JsonRequestBehavior.AllowGet);
}
/// <summary>
/// Creates a new instance of HealthClientAuthorizedConnection
/// using a specified <see cref="WebApplicationCredential"/>, application ID, and health service URL.
/// </summary>
///
/// <param name="webApplicationCredential">
/// Credential for authenticating the application.
/// </param>
///
/// <param name="applicationId">
/// The ID of the client application.
/// </param>
///
/// <param name="healthServiceUri">
/// The URL of the HealthVault platform service.
/// </param>
///
/// <exception cref="ArgumentNullException">
/// The <paramref name="healthServiceUri"/> parameter is <b>null</b>.
/// </exception>
///
/// <exception cref="UriFormatException">
/// The <paramref name="healthServiceUri"/> parameter is not a properly
/// formatted URL.
/// </exception>
///
public HealthClientAuthorizedConnection(
WebApplicationCredential webApplicationCredential,
Guid applicationId,
Uri healthServiceUri)
: base(webApplicationCredential, applicationId, healthServiceUri, Guid.Empty)
{
}
/// <summary>
/// Creates an instance of HealthClientAuthorizedConnection
/// using a specified <see cref="WebApplicationCredential"/> and
/// connection information stored in a configuration file..
/// </summary>
///
/// <param name="webApplicationCredential">
/// Credential for authenticating the application.
/// </param>
///
/// <exception cref="InvalidConfigurationException">
/// The web or application configuration file does not contain
/// configuration entries for "ApplicationID" or "HealthServiceUrl".
/// </exception>
///
public HealthClientAuthorizedConnection(
WebApplicationCredential webApplicationCredential)
: base(webApplicationCredential, Guid.Empty)
{
}
/// <summary>
/// Authenticate the keyset pair for the specified
/// <paramref name="applicationId"/> by calling to the Microsoft Health
/// Service to create a new authentication token.
/// </summary>
///
/// <remarks>
/// In order to avoid unnecessary authentication actions, it is
/// expected that the caller will first call
/// <cref name="IsAuthenticationExpired"/> before calling this.
/// </remarks>
///
/// <param name="keySetPairs">
/// The keyset pairs collection that will contain the newly
/// authenticated keyset pair.
/// </param>
///
/// <param name="connection">
/// The connection used to perform the authentication.
/// </param>
///
/// <param name="applicationId">
/// The application id of the keyset pair that will be authenticated.
/// </param>
///
/// <param name="certificate">
/// The application's certificate containing the application's private key.
/// </param>
///
private static void AuthenticateKeySetPair(
AuthSessionKeySetPairs keySetPairs,
HealthServiceConnection connection,
Guid applicationId,
X509Certificate2 certificate)
{
AuthenticationTokenKeySetPair pair =
keySetPairs.GetPair(applicationId);
if (pair == null)
{
pair = keySetPairs.CreatePair(applicationId);
}
if (!pair.IsAuthenticated())
{
lock (pair)
{
if (!pair.IsAuthenticated())
{
if (pair.IsAuthenticationResultExpired)
{
// the existing live pair is already authenticated
// so create a new one with a fresh keyset
pair.RefreshSharedSecret();
}
WebApplicationCredential cred =
new WebApplicationCredential(applicationId, certificate);
cred.KeySet = pair.KeySet.Clone();
// create the new token
// this will implicitly result in a call to
// UpdateAuthenticationResults
cred.CreateAuthenticatedSessionToken(
connection,
applicationId);
}
}
}
}
