I created a QnAmaker bot and i enabled Azure AD authentication to make the bot more secure.
The Azure AD page works, i can enter my credentials and i get redirected to the page where my bot is located.
However, when i send a message, it doesn't arrive.
https://imgur.com/a/60OZzIn
The error message i get is the following:
https://imgur.com/a/ysH8pSL
In the bot logging, i see the following error:
https://imgur.com/a/A1cfQmB
How can this issue be resolved?
Related
I used "Teams Toolkit [Preview]" in VS2019 to develop a MS Teams bot. If I registered my bot via https://dev.botframework.com/bots/new, I can test that from MS Teams UI without problems. however when I registered the bot from Azure Bot service by using a existing Azure AD application which I created separately, I see "401 unauthorized" error message shown up in my ngrok screen and MS Team bot didn't work. Previously I used "Bot Channel registration" from Azure, it worked fine. As "Azure Bot" replaced "Bot Channel Registration" and "Azure Web Bot", I am trying to figure out why "Azure Bot" didn't work. Can anyone share a latest instruction how to use Azure Bot to create a MS Team Bot?
The steps to create a teams bot is essentially the same, it's just that Bot Framework Registration has been replaced by Azure Bot. The Azure Bot resource should still have all of the same Configuration and Channel registration options available.
You might find the Teams conversation bot sample helpful. Just remember that on step 4, you'll create an Azure Bot resource instead of a Bot Framework Registration resource.
You might also check for common pitfalls, such as forgetting to add /api/messages in the configuration in Azure, pointing ngrok to the wrong port, or typos of appId or other credentials in the bot settings or Teams manifest. These easy to do mistakes can usually cause those errors.
I have created Azure App service, Bot Channels Registration, Resource group in Azure Portal and also have a LUIS app created.
I have a custom nodejs code that works perfectly in local using bot emulator.
However, when I upload it to the azure using git it is not working, getting error as "Error: Unauthorized. Invalid AppId passed on token:" in bot emulator, it is neither working in test in webchat getting error as "There was an error sending this message to your bot"
It seems like Appid and Password used in the code are just fine.
I have taken appid and pwd from configuration of my App service.
Message endpoint taken from settings of my Bot channels Registration
Are there any other things to be created for my BOT to work.
Kindly suggest
This is resolved after clearing the credentials in my systems credential manager :-)
I have a Microsoft Teams app. At this time, the app is in development. I do not want to Submit the App for approval yet. However, I do want to integrate a notification-only bot into my app. Currently, I'm trying to test notifications for this app via this bot. However, I'm stuck.
From my understanding, to post a notification, I need to:
Get an access token
Get a bearer token for my Bot
Start a Conversation
Post a message
Please let me know if I'm wrong in any of this. Either way, I'm stuck on step 1. When attempting to get an access token from https://login.microsoft.com/botframework.com/oauth2/v2.0/token, I receive an error that says:
Application with identifier '{guid}' was not found in the directory 'botframework.com'. This can happen if the application has not ben installed by the administrator of the tenant or consented to by any user in the tenant.
Since I've installed the app from the Test and Distribute tab using the Install button in the App Studio, I assume this meets the need that I, a user in my tenant, has consented to use the app. However, I guess since I haven't submitted the app to the store, I can't get a token via https://login.microsoft.com/botframework.com/. Is this true? If it is true, is there another endpoint I should be using? How do I get a token for a bot in a Team App that I am actively developing / testing?
A Microsoft BotFramework Bot always needs to have an App ID and an App Password when securing the connection. This ID and Password are registered in Azure Portal (which will pass the information to botframework.com).
You can test your Bot locally without ID and Password, but when trying to integrate other channels like MS Teams, you will need to configure these ID and Password...
Normally you would do this by passing them to your ICredentialProvider:
services.AddSingleton<ICredentialProvider>(provider => new SimpleCredentialProvider(appId, appPassword))
You do not need to publish your Bot in any way. Just create an App Registration in Azure Portal and use the App ID and Password.
Always remember that a Teams App and a BotFramework Bot have nothing in common. The BotFramework is channel agnostic. Only the MS Teams app knows that there is a Bot with your App ID (configured in manifest.json).
The connection between MS Teams (emea.ng.msg.teams.microsoft.com), BotFramework (token.botframework.com) and your Bot (xxx.azurewebsites.net or even ngrok...) is secured via the App ID and the Password. So never ever tell anyone what your App Password is.
Unable to authorize multiple users for a BOT within the same organization using Azure AD authentication
Following are the steps we tried.
1. Created an office 365 organization, so as to be the admin of the Azure AD
Registered the Azure AD app thru app registrations on Azure in the same Org, and then assigned the permissions to the app to read emails and calendar, by following the URL - https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=csharp%2Cbot-msgraph-auth
Then created the web app bot under azure
Then under [OAuth Connection Settings] settings of the bot added the Azure AD app details, first added as Azure AD V1.0 with as per the recommendation in the URL of Microsoft
Used the standard template code of the project - BotAuthenticaionMSGraph from the Github sample code repository - https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore
In the sample code, we just need to edit the appsettings.json file to add the [ConnectionName, MicrosoftAppId, MicrosoftAppPassword]
Then published the local bot code to the app service of the web app bot on Azure
Tested the Bot Auth on the [Test in Web Chat] on Azure -- It works for my Azure AD
Then enabled the Directline Channel for bot and distributed bot to other users of the same organization
The issue is here - when the other user opens the bot, they can see the emails and calendar of the admin user who has already logged in initially. So when the other user logs off and logs in thru his AD credential, then only his emails and calendar data is available since then.
Issue - So, at a given point of time only one user's o365 data is visible globally on the bot chat, and not individual user's data who logs in for that session. The AD token is not per user session but instead its a universal token across for all the conversations.
When I use the Azure AD V2, I get the bad request while trying to login.
Please help. Thanks.
https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore
used the BotAuthenticaionMSGraph project
Expected is, every user should be able to log in individually, and only his data shud be visible on the bot conversation distinctively.
I have tested the sample code and it works fine for both Azure AD V1 and V2.
I followed Azure AD v2 to configure it. Don't forget to enter Mail.Read Mail.Send openid profile User.Read User.ReadBasic.All for Scopes. It's different from Azure AD V1. Otherwise, it will return 400 bad request while trying to login.
I didn't reproduce the first issue. Could you tell where the other user opens the bot? From "Test in Web Chat"?
Update
You need to be aware that your are dealing with two user identities:
The user’s identity in a channel.
The user’s identity in an identity provider that the bot is
interested in.
See Security considerations. When a bot asks user A in a channel to sign-in to an identity provider P, the sign-in process must assure that user A is the one that signs into P. If another user B is allowed to sign-in, then user A would have access to user B’s resource through the bot.
To enable the protection, you need to configure trusted Origins and tamper-proof user IDs.
You can refer to the sample code.
And this blog Using WebChat with Azure Bot Service’s Authentication provides more detailed infomration.
I've set up a starterkit on studio.botkit.ai for Microsoft Teams. The bot is hosted on glitch. In Azure bot registration I've included the endpoint provided by glitch. Ive also added my id and password from azure bot registration to my bot.
When I try and test out the bot in azure web chat I sends an error that reads
"There was an error sending this message to your bot: HTTP status code NotFound"
It this possible?
Check to make sure the messaging endpoint URL configured in Azure matches your Glitch url for Botkit, which will include "/receive/teams"