I am struggling to get my teams bot to work with my azure app service with Authentication enabled.
Here is my setup:
I have a teams bot that reacts to some events in the team. I also have an azure web app that has an endpoint /api/messages that listens to bot messages. There is an Azure Bot Channels Registration that wires those two together.
It all works fine until I enable EasyAuth in my web app to authenticate with Azure AD (I need this because there are other endpoints in this web app that need to be secured). With authentication in web app enabled, bot messages do not reach the web app, and I cannot find any errors in logs either.
I tried to add different OAuth Connection Settings in my Bot Channels Registration, and also Allowed Token Audiences in auth settings in web app, but I haven't found a setup that works yet.
Could someone please tell me how this should be configured? Thank you in advance.
please refer to Azure App Service Authentication / Authorization (Easy Auth) guidance: https://github.com/cgillum/easyauth
The admin API setting: https://github.com/cgillum/easyauth/wiki
Advanced Application Settings: https://github.com/cgillum/easyauth/wiki/Advanced-Application-Settings
If you need more details, I would highly suggest you go through the official document: https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
Related
We have created a Bot through the Teams Dev Portal (https://dev.teams.microsoft.com/) and attached it to a Teams Tab app, but the bot is not receiving any messages from the Bot Framework. The Tab app was also created using the Teams Dev Portal and published to the Org app store. The same bot works fine if we test it on Bot Framework Portal (https://dev.botframework.com/). The bot is a http service hosted on AWS and registered in Azure AD.
We have a couple of other virtually identical bots created a few months ago that continue to work fine. Newly created bots seem to have this issue.
You need to configure the channel in azure Bot and add the app service.
please refer this link for further query.
https://www.sharepointeurope.com/step-by-step-configure-bot-to-work-in-teams-and-with-microsoft-graph/
Does the messaging endpoint of bot need to be anonymous?
Any help is greatly appreciated.
If you are using bot framework v4 SDK and when you register a bot in the Azure portal, for example via the Bot Channels Registration, this authentication automatically performed. So, you don't need to explicitly write any code. If you want to restrict the use of bot to users belonging to your tenant you can add authentication to a bot using OAuth. Please go through this documentation for reference.
My understanding is that requests to your /api/messages endpoint include a JWT bearer token issued by the bot framework. The SDK will check this for you.
This appears to be the code where it performs the validation:
https://github.com/microsoft/botbuilder-js/blob/fc5dcc535855cf453b0ebf373121277d824ff840/libraries/botbuilder/src/botFrameworkAdapter.ts#L1180
If you're implementing without the SDK, then you will need to do the JWT verification.
I'm trying to understand the difference between a bot service registration & application registration in Azure.
I'd assumed that a bot registration was all that was required (to get the app id & secret) to test out a bot, but then came across the following guide for setting up a teams app that used a bot which instructs you to also create an application registration that's linked to the bot registration.
What is the application registration for?
If you're developing a consumer / skill bot setup do you need an application registration for all the bots or just the skill consumer?
Thanks in advance.
So technically you require both, but you're correct that doing a normal bot registration in the Azure portal (I say normal because there are other ways than the portal, for instance, like ARM templates, etc.) will create an App Registration as well. You need to go to the app registration to get your app password (also called app secret).
You can choose to go another route, like creating an app registration first, and then using that when you create your bot, and there are reasons why you might like to do that, but if you don't have a specific reason, just go the normal route.
Incidentally, be aware of the difference when creating your bot between a "Bot Channels" registration and a "Web App Bot" - both will give you a bot registered with the Bot serviced, but the "Web App" bot also includes an Azure "Web app" that you can use to host your bot (whereas Bot Channels gives you more freedom in how you want to host your bot, for instance as an Azure Function or even outside of Azure altogether).
Bot service registration refers to registering a bot with the Azure Bot Service (as your bot does not have to be hosted on Azure).
App registration refers your bot security configuration. You set this up when you click on to the "App ID and password" field during setup.
There is some other Azure Bot Service documentation which goes into this in more detail:
Bot channels registration
Troubleshooting Bot Framework authentication
Create a bot with Azure Bot Service
I want to try the demo on Add authentication to your bot via Azure Bot Service which based on the document https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-tutorial-authentication?view=azure-bot-service-3.0, what i am using is Demonstrates OAuthCard support in the v3 C# SDK, using AAD v2, but i always failed when i use bot emulator to connect the bot service.
i think i set the correct the settings in the webconfig.
When I test my chat bot on the bot registration page I am getting a "MethodNotAllowed" error
The page you are looking for cannot be displayed because an invalid
method (HTTP verb) is being used.
The bot is published as azure app service, and was working fine in the emulator using the bots appid and password.
As it's stated in Bot Framework documention
Your bot communicates to the Bot Connector Service using HTTP over a
secured channel (SSL/TLS)
So please make sure you are using HTTPS instead of HTTP, and if url is properly set in dev portal.