I was playing with Microsoft Bot Framework locally which works fine if I use MSFT bot emulator for testing (both in C# .Net Core and Node.js) but I cannot figure out how to test it using Postman api calls.
Do I really need to register bot first at MSFT even when it is run locally to be able to get authentication ?
Normally, there is a Connector Service between the client and a bot. It is possible to bypass the connector services, and post directly to the bot but there are a few things to keep in mind. One of the issues you will run into is the activity.ServiceUrl is expected to be the callback base url for return messages: ref BotFrameworkAdapter#L843 Without a valid ServiceUrl, bot replies will all end in exceptions, since there is no valid place to send the responses. You can setup a MockChannel to receive these bot replies. Once it is setup, just ensure your ServiceUrl of the message sent to the bot is pointing to that MockChannel.
Sometimes I use the Emulator's Connector Service with PostMan. This can be done without having a MicrosoftAppId and MicrosoftAppPassword. You'll see the endpoint the Emulator Connector Service is listening on within the Log when you open a Live Chat tab:
This would then be the baseurl to use for PostMan.
Create Conversation:
(note: the emulator expects an Authorization header with a Bearer token, but the value does not matter since we aren't using a MicrosoftAppId and MicrosoftAppPassword)
Post Message:
Get Messages:
A bot running on localhost should be testable via any HTTP client such as Postman as long as your forming the requests correctly which really only means you just need a payload that is a valid activity representation.
What you might need to check is whether or not you have any app credentials configured on your bot when you're running in localhost. If those are set then you would need to actually properly authenticate against your localhost instance as well, which the emulator will do, but you likely don't want to do when you're just trying to hit it with something like Postman. So, just make sure to clear out the app credentials when running in localhost mode to make your life easier.
If you're not running with any app credentials, then you'll need to update your question with more details about exactly what payload your sending, how your bot is configured, etc and I'll be happy to update my answer.
Related
I am trying to connect my local webchat client to my local bot but it's throwing a 403. I tried adding localhost:3000 (port for my webchat) as a trusted origin but it still doesn't help. However, it works just fine if I use the emulator or postman (the token generation part to connect via Directline)
Here's everything I did:
Started my local bot and used ngrok to map it to an internet address.
Changed the messaging endpoint to https://xxxxx.ngrok.io/api/messages
Configured a directline channel, took the secret key and used it in my react webchat client (running on port 3000) to establish directline connection using createDirectLine from botframework-webchat and passing a token. I am hitting to this API in this format:
POST https://directline.botframework.com/v3/directline/tokens/generate
Authorization: Bearer SECRET
After this point the console throws an error 403 and doesn't allow me to proceed further. However, I am able to generate the token through postman and the same ngrok URL works great with the bot framework emulator.
Please help me understand what I am doing wrong. I spent a good part of my day researching on getting till this step and would really appreciate an input from the experts.
Thank you.
works great with the bot framework emulator
When you are testing with Emulator, are you using a username/password, or is it blank? Make sure the MicrosoftAppID and MicrosoftAppPassword are configured in the bot when running locally and you are using NGROK to go through channels.
I am in the process of building a chat bot that will integrate with Teams or Slack. To get started I am using the echo bot template, but I am adding it to an exiting API that I have in my Service Fabric Cluster.
When running the application locally, I can connect to it fine from the Bot Emulator, but when I deploy it to my Azure channel registration, and test it in the web chat I get:
There was an error sending this message to your bot: HTTP status code Unauthorized.
I am setting the AppID and Password and they are saved and being retrieved from KeyVault, and I throw an exception at startup if either of the values are blank (which is not the case).
I set it as follow:
services.AddBot<EchoBot>(options =>
{
options.CredentialProvider = new SimpleCredentialProvider(Configuration["MicrosoftAppId"], Configuration["MicrosoftAppPassword"]);
options.OnTurnError = async (context, exception) =>
{
ServiceEventSource.Current.Message(exception.Message);
await context.SendActivityAsync("Sorry, it looks like something went wrong.");
};
});
I have added a teams channel, where the error does not occur, but the message never reaches the server.
The service is reachable and the controller allows unauthorized credentials while this is in testing.
Solved my own issue.
It turns out that if you are using a self signed certificate, then this could occur, as per Microsofts documents found here -
If one or more error(s) are indicated in the chat window, click the error(s) for details. Common issues include:
The emulator settings specify an incorrect endpoint for the bot. Make sure you have included the proper port number in the URL and the proper path at the end of the URL (e.g., /api/messages).
The emulator settings specify a bot endpoint that begins with https. On localhost, the endpoint should begin with http.
In the emulator settings, the Microsoft App ID field and/or the Microsoft App Password do not contain valid values. Both fields should be populated and each field should contain the corresponding value that you verified in Step 2.
Security has not been enabled for the bot. Verify that the bot configuration settings specify values for both app ID and password.
Lessons Learnt
Read the doc's
When you get frustrated, calm down and read the doc's
Here is the context of my issue: I am developing a Windows Store application that will be side-loaded on several tablets our client is planning to use. This tablet app will make calls into a Web API which in turn will do CRUD operations with a repository (SQL Server via EntityFramework). Everything has to use Windows Authentication. The tablets are Dell running Windows 10. Each user will log in with its own active domain credentials. The tablet will pass the credentials to the Web API which in turn will pass them to the repository (database). Based on the credentials, the repository will determine the group the user belongs to and based on that, it will give access to resources the user is allowed to access.
My Web API works fine. I tested it with Fiddler. For the HTTP GET request, I want to test, I checked the "Automatically Authenticate" checkbox and I can see the three successive messages, first two returning with 401 and the third returning HTTP Code 200, along with the data I requested.
However, when I try to call it from my Windows Store app, I only send one GET Request, the first one. My Web API is hosted in IIS Express. At the advice of a very distinct member of this group, I configured IIS Express to expose the Web API using the IP address of my development machine rather than "localhost". Before doing this I wouldn't see any GET Requests hitting the server, not even the first one.
I know that Windows Authentication uses the NTLM scheme and it requires a negotiation process, hence the 3 messages Fiddler sends initially to the server?
How do I need to write my Web API Client code to bypass this negotiation? I spent all morning and afternoon reading solutions to my problem, here on SO and many other websites, but somehow, I still did not get it to work. I must be missing something and I don't know what. Here is my code on the Web API Client side:
var authHandler = new HttpClientHandler()
{
Credentials = CredentialCache.DefaultNetworkCredentials,
ClientCertificateOptions = ClientCertificateOption.Automatic
};
var webApiClient = new HttpClient(authHandler)
{
BaseAddress = new Uri(_serviceUri), // _serviceUri is a string that looks like this "http://10.120.5.201:53045"
};
webApiClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await webApiClient.GetAsync("api/user");
My call never returns from GetAsync, but in Fiddler, I can see only the first GET Requests being posted to the server. How can I get my client to follow up, behind the scenes, just like Fiddler does, and send the other two messages so that, eventually, the third one would return with a response HTTP 200 code and with the data I receive in Fiddler?
If anyone can point me in the right direction, I would be highly appreciative.
The problem was that the "Enterprise Authentication" setting was not set in the Capabilities tab of the Package.appxmanifest file of my app. It took me a while to figure out that that was the problem, but as soon as I checked it, my app started using Windows Authentication.
I am having an issue with trying to create a bot. Everything seems to work fine when I am using Http. I can deploy my application to my website and interact with the bot via the emulator or botframework.com.
Unfortunately, when I try to use HTTPS, I get a 401 error from the emulator and nothing shows up when I try to use botframework.com.
Just so that I am crystal clear, the only things that I changed are:
1. Added the [BotAuthentication] attribute to my ApiController like so:
[BotAuthentication]
public class MessagesController : ApiController
Updated the URL in the emulator/botframework.com from http://mywebsite.com/api/messages to https://mywebsite.com/api/messages
Web.config is all set up with the appId and AppSecret. My site already has an SSL certificate.
Is there anything that I am missing? Although I have never used basic authentication before I am assuming there is nothing else that I need to set up, right?
I hit your endpoing and IIS is responding to the basic auth and getting in the way.
Basic Auth is works the following way:
There is a header which contains the UserId:Password encoded as base64
If the server doesn’t see the header it returns a 403 with a “basic” to signal that the web site requires auth token. For a web browser that means it will popup a stock user/password dialog and then it will do submit the request again with the header.
If the header is provided but the user/password is wrong the server returns 401.
Normally basic auth is used to look up in a database, but in our case there is only 1 user, it is the bot appid/appsecret. All the BotAuthorization attribute does is to add an inspector to the request pipeline to look for the header with appid/appsecret in it to make sure that only approved callers can call your bot.
If you don’t care about that you can simply remove the attribute. Regardless, you don’t want IIS sticking it’s nose into the process.
Make sense?
This theoretically should work based on your description of the changes you've made. This is the emulator talking to your cloud service or to the bot on localhost? And you get this error as well from the Bot Framework test control in the portal?
If you send me your BotId to botframework#microsoft.com I can check our logs to see if there's anything interesting (or DM me at #jameslew on twitter).
I built a simple bot which works perfectly well with emulator but doesn't work in portal when I try to test it with "Test connection to your bot". In emulator I tried with the the app id and app secret obtained from botframework and it worked fine. One thing I noticed is that the request I received from the emulator had a authorization header but the request from the portal didn't have the header.
Also, make sure that you're using an https endpoint if you have the authorization header installed. We only pass the auth along if you're using https to protect your app secret.
Have you got an SSL certificate? Remember that you need to use an https endpoint.