When you need your own app id...

At some point in HealthVault development, you will want your own application id. The most common case for doing this is when you want to trim down your data access rights to what your application needs (the sample application ids all have full rights for online access).

To do so involves a 4 step process:

  1. Generate an application ID
  2. Generate a private/public key pair
  3. Send the information to the HealthVault team
  4. Install and configure the cert

Step 1: Generate an application ID

Start by generating a unique GUID with uuidgen.exe. You can download that with the Windows SDK, or use one of the online generators. That guid is your application id.

Step 2: Generating a public/private key pair

There are directions for doing this already. Note that the name has to be "WildcatApp-" followed by the full application ID. So, something like:


When you run the makecert command, two things happen. First, a private/public key cert is generated and installed in the computer's certificate store. Second, the public part of the key is written to the .cer filename.

Step 3: Send the information to the HealthVault team

Go to the request page, and send an email. The required information is

Application Name
Short Description
Application ID
Public key .cer file

You may also want to supply a logo.

Rename the .cer key file to .cer.safe so our gateway doesn't eat it.

When you receive a reply to this email, your application ID is now installed on the development server. 

Step 4: Install and configure the cert

The directions in Step 2 talk about exporting the cert to a .pfx file. The pfx file contains both the public and the private keys, and you'll want to put that in a safe place. You can also use that pfx file to install the certificate on any other machines that need to run that app.

Once you have the cert installed, the final step is to make sure that the asp process can access the cert. The process name that asp process will run under depends on the machine:

If you are using the asp.net development server (ie you're just hitting F5 inside visual studio), the process is named "NETWORK_SERVICE".

If it is running under IIS, the process is named ASPNET, and you may also need to grant access to the IUSR_ account.

This is done with the following command:

WinHttpCertCfg.exe -g -a <process-name> -c Local_Machine\My -s "WildcatApp-<AppId>"

where <process-name> is one of


Once you get that all done, you should be up and running with your new certificate. When you run the application, the HealthVault login screen should now show your application name and logo.