I have Azure Bot deployed with Virtual Assistant Template, which was working fine (And still working in Portal's Test In Web Chat feature) until I enabled Direct Line App Service Extension.
Primary objective to enable DL App Service extension is to isolate bot access and secure app service.
I have followed MS documentation https://learn.microsoft.com/en-us/azure/bot-service/bot-service-channel-directline-extension-net-bot?view=azure-bot-service-4.0 and ensured every step is configured correctly.
Primary step to make sure DL app service is working correctly is to check if https://xxx.azurewebsites.net/api/messages or https://xxx.azurewebsites.net/.bot/ url return correct json result f.x: {"v":"123","k":true,"ib":true,"ob":true,"initialized":true}
But instead i am getting Error Response 400 Bad Request and error message appeared in browser is : "Upgrade to WebSocket is required."
I couldn't even reach to a step where troubleshooting guide mentioned here : https://learn.microsoft.com/en-us/azure/bot-service/bot-service-channel-directline-extension-net-bot?view=azure-bot-service-4.0#troubleshooting could help to resolve.
As i said earlier Bot is still working and the url : https://xxx.azurewebsites.net loads site correctly , can be seen in below
Any help is appreciated
These are the changes I have done and it worked:
Refer Repo With sample code:
https://github.com/SSanjeevi/VirtualAssistantDirectlineExtn
Wrote detailed here.
Project file:
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
<NoWarn>NU1701</NoWarn>
<Version>1.0.3</Version>
BotController.cs
private readonly IBotFrameworkHttpAdapter adapter;
public BotController(IBotFrameworkHttpAdapter httpAdapter, IBot bot)
Startup.cs
Configure Services method:
// Register the Bot Framework Adapter with error handling enabled.
// Note: some classes use the base BotAdapter so we add an extra registration that pulls the same instance.
services.AddSingleton<IBotFrameworkHttpAdapter, DefaultAdapter>();
services.AddSingleton<BotAdapter>(sp => sp.GetService<BotFrameworkHttpAdapter>());
// Configure channel provider
Configure method:
using Microsoft.Bot.Builder.Integration.AspNet.Core;
app.UseHsts();
app.UseCors(x => x.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod());
// Allow the bot to use named pipes.
app.UseNamedPipes(System.Environment.GetEnvironmentVariable("APPSETTING_WEBSITE_SITE_NAME") + ".directline");
Webchat:
let directLineConnection = await window.WebChat.createDirectLineAppServiceExtension({
domain: domainUrl,
token
});
The attached repo code also contains serilog implementation to have logging in log stream in app service where you can see the error logs if you face any issues.
Follow this article and implement serilog in bot api and deploy .
https://www.lkgforit.com/2022/10/troubleshooting-by-writing-logs-at_15.html
Related
When calling a google oauth library method, it fails without error - no amount of try/catch-ing traps any error messages.
I am trying to get an identity token much as I would if I executed gcloud auth print-identity-token from the command line using the gcloud cli.
The reason for wanting the identity token is that another Cloud Function service requires it as Authorization : Bearer [token], and indeed works correctly when I stuff a manually generated identity token in my code. That is not a suitable solution for development or production
The code snippet I wrote, cobbled from numerous sources, to procure an identity token is this:
using (var stream = new FileStream(credentialsFilePath, FileMode.Open, FileAccess.Read))
{
var credentials = GoogleCredential.FromStream(stream);
if (credentials.IsCreateScopedRequired)
{
credentials = credentials.CreateScoped(scopes);
}
OidcToken oidcToken = await credentials.GetOidcTokenAsync(
Options
.FromTargetAudience(scopes[0])
.WithTokenFormat(OidcTokenFormat.Standard));
// this line bombs immediately, jumping out of this method and the calling method.
string token = await oidcToken.GetAccessTokenAsync();
return token;
}
In the above code, scopes[0] is left over code from a previous attempt which contains the endpoint to Cloud Function service. https://subdomain.cloudfunctions.net/cloud-function/v1/ is the general form of the cloud function endpoint I am calling as a part of a web api.
Is this a valid and reasonable way to get the equivalent of gcloud auth print-identity-token? If so, why the epic failure?
I need to use a google service account for service to service authentication. Development environment is visual studio 2019, .net core 3.1, docker/linux
PS - the service account has the cloud function's Cloud Functions Invoker role.
PPS - the issue seems to be related to docker and a set of error messages I get when starting my project in docker. I had ignored them as they were not until now impairing functionality.
at System.Net.Http.CurlHandler.ThrowIfCURLEError(CURLcode error)
at System.Net.Http.CurlHandler.MultiAgent.FinishRequest(StrongToWeakReference`1 easyWrapper, CURLcode messageResult)
running the code on windows works.
The penultimate problem is that I needed to make an upstream method asynchronous and add an await. Now the code above works every time. This change led me to the ultimate problem whose solution is some code refactoring in ConfigureServices() related to AddHttpClient() setup.
The curl exception was due to trying to add logger.loggerFactory.AddGoogle(…) with a bad configuration. this has been a bad hair day.
This question is also an example of what not to do - ie I used too much minimalism to describe the problem.
I am trying to setup development environment to integrate Google sign-in on Android using Web Authenticator in Xamarin Essentials.
In the Web API project, same AuthController is included described in this article. It is running on https://localhost:44311/api
To call the API from emulator, API url is referenced as https://10.0.2.2:43411/api as described in this article.
Now, I am able to call the API url using await WebAuthenticator.AuthenticateAsync(apiUrl, callbackUrl)
But, when API tries to invoke Google authentication via await Request.HttpContext.ChallengeAsync(scheme);, below error is returned from Google.
Error 400: invalid_request, device-id and device-name are required for
the private IP: https://10.0.2.2:4311/signin-google
As I understand, it is expecting request originated from the server instead of IP address like https://<servername>
Whole situation comes down to be able to access the webservice using name (or localhost) to be used in both emulator and Google redirect uri.
I am in the process of building a chat bot that will integrate with Teams or Slack. To get started I am using the echo bot template, but I am adding it to an exiting API that I have in my Service Fabric Cluster.
When running the application locally, I can connect to it fine from the Bot Emulator, but when I deploy it to my Azure channel registration, and test it in the web chat I get:
There was an error sending this message to your bot: HTTP status code Unauthorized.
I am setting the AppID and Password and they are saved and being retrieved from KeyVault, and I throw an exception at startup if either of the values are blank (which is not the case).
I set it as follow:
services.AddBot<EchoBot>(options =>
{
options.CredentialProvider = new SimpleCredentialProvider(Configuration["MicrosoftAppId"], Configuration["MicrosoftAppPassword"]);
options.OnTurnError = async (context, exception) =>
{
ServiceEventSource.Current.Message(exception.Message);
await context.SendActivityAsync("Sorry, it looks like something went wrong.");
};
});
I have added a teams channel, where the error does not occur, but the message never reaches the server.
The service is reachable and the controller allows unauthorized credentials while this is in testing.
Solved my own issue.
It turns out that if you are using a self signed certificate, then this could occur, as per Microsofts documents found here -
If one or more error(s) are indicated in the chat window, click the error(s) for details. Common issues include:
The emulator settings specify an incorrect endpoint for the bot. Make sure you have included the proper port number in the URL and the proper path at the end of the URL (e.g., /api/messages).
The emulator settings specify a bot endpoint that begins with https. On localhost, the endpoint should begin with http.
In the emulator settings, the Microsoft App ID field and/or the Microsoft App Password do not contain valid values. Both fields should be populated and each field should contain the corresponding value that you verified in Step 2.
Security has not been enabled for the bot. Verify that the bot configuration settings specify values for both app ID and password.
Lessons Learnt
Read the doc's
When you get frustrated, calm down and read the doc's
I am Configuring OAuth 2 Authentication with NativeScript provided Enterprise Auth project template, I followed the complete guide to configure Azure Active Directory. After setting up URLs and keys when I am executing the application through tns preview, it is giving me following error:
https://auth.kinvey.com/v3/oauth/auth?client_id=kid_SJcDEau7N&redirect_uri=nsplayresume%3A%2F%2F&response_type=code&scope=openid
Error:
{"error":"invalid_client","error_description":"Client authentication failed.","debug":"Client Verification Failed: redirect uri not valid"}
When I check the login script it was showing error because there was no argument given in the Kinvey.User.loginWithMIC() function so I provided Kinvey.User.loginWithMIC('http://example.com') as it was showing in the video tutorial.
login() {
if (Kinvey.User.getActiveUser() == null) {
Kinvey.User.loginWithMIC()
.then((user: Kinvey.User) => {
this.navigateHome();
console.log("user: " + JSON.stringify(user));
})
.catch((error: Kinvey.BaseError) => {
alert("An error occurred. Check your Kinvey settings.");
console.log("error: " + error);
});
} else {
this.navigateHome();
}
}
as expected it should show the login screen for the account which I have configured in Azure Active Directory.
Here I have a NativeScript solution, which makes use of Kinvey's Mobile Identity Connect. It's basically built using the same template that you would like to make use of. There are couple of important steps, that you need to take care before running that project, they are as follows:
Open kinvey.common.ts file from inside the src/app/shared folder and
set your Application ID and Application Secret (and Instance ID if
present, if not - remove the attribute). That's needed so that the NativeScript application can connect to your Kinvey Backend.
Open the Login component's TypeScript controller and set your MIC identifier. The MIC identifier is the MIC Service's ID. That will tell the app which service to refer to from the backend.
Open the MIC Service settings from the Kinvey Console and set myscheme:// as a redirect URI. The authorization endpoint normally redirects the user back to the client’s registered redirect URL. Depending on the platform, native apps can either claim a URL pattern, or register a custom URL scheme that will launch the application. For example, an iOS application may register a custom protocol such as myapp:// and then use a redirect_uri of myapp://callback.
For most up-to-date list of those crucial items, you can check out the repository's README file. Try that, and let me know if you can get Kinvey MIC working.
In my Android project, I am trying to connect to the Worklight server (CLI) but after the client.Connect() method call, when I look at the task result, it has an error message saying Error retrieving device data and HTTP status 500. However, I can see the activity count increasing in the Analytics portal.
I am following the sample that comes along with the Xamarin Worklight SDK. All I did was changing the Realm to another one and stripped out irrelevant methods and kept the ConnectAsync & Connect methods alone.
If I run the Worklight sample application that comes along with the SDK, I don't see this error in the task. It gets back a HTTP 200 and everything looks good.
Here is the code, for clarity sake.
private async Task<WorklightResponse> Connect()
{
//lets send a message to the server
client.Analytics.Log("Trying to connect to server", metadata);
ChallengeHandler customCH = new CustomChallengeHandler(appRealm);
client.RegisterChallengeHandler(customCH);
WorklightResponse task = await client.Connect();
//lets log to the local client (not server)
client.Logger("Xamarin").Trace("connection");
//write to the server the connection status
client.Analytics.Log("Connect response : " + task.Success);
return task;
}
This probably has to do with you Android app permissions. Edit your Android project options. In the Android Application->Required Permissions list, select the appropriate permissions. For example, one of my apps requires:
AccessNetworkState
AccessWiFiState
GetAccounts
Internet
UseCredentials
WakeLock
WriteExternalStorage
I have received the same error message without the appropriate permissions. Your list may vary depending on requirements.
By default, the SubscribeServlet is tied to a rejectAll login module which rejects all login requests. If you have not changed the login module, then this is probably why you're seeing your login rejected.
Try changing the login module to a different one if you're using the rejectAll login module