Peer certificate cannot be authenticated with given CA certificates - botframework

I am developing a Bot application with the Azure Bot Framework and registered the bot on Azure and enabled direct line channel.
I have tested my application in Visual Studios (IIS Express) with Conveyor by keyoti and it works fine.
Now I need to try to run in a docker container, so I can't use conveyor so I tried a ngrok tunnel service, but when I try to run the application, I am getting an error
System.Net.Http.CurlException: Peer certificate cannot be authenticated with given CA certificates
The exception is raised on turnContext.SendActivityAsync.
NB: When I load fiddler on my machine, everything works fine, so I am not sure what the issue is.
Please let me know if there is any setting I need to do to get this working.
Any advice or help will be appreciated.?

Related

reason: unable to get local issuer certificate

I am a beginner in Kubernetes and using aks to deploy a chatbot. I have used nodejs and Microsoft bot framework to build the bot. I have also deployed the bot to aks using static IP and also given a DNS name to the IP.
Applying ingress controllers and cert-manager I have given an SSL encryption to the DNS name and when I open it in the browser it works stating that the certificate is fake. I want to test my bot in Microsoft bot emulator and other apps like slack, but when I try to run the endpoint on bot emulator I get the error:
The get request works but when I try to do a post request it doesn't work. I have verified using postman and it doesn't work over there also.
Could someone help me resolve this error.

Try to connect locally to Chatbot but get unauthorized error

I loaded the EchoBot template from Microsoft here: https://marketplace.visualstudio.com/items?itemName=BotBuilder.botbuilderv4
I started a new project and try to run it locally. No MicrosoftAppID or MicrosoftAppPassword is provided.
Then I loaded the latest Bot Framework Emulator v4.7
I connect locally, again no App ID or App Password:
However when I try to send a message I get unauthorized error, why would I get unauthorized error when connecting locally?
The server is definitely running locally and the local URL is correct:
One question I want to ask is the login dependent on any 3rd party URL call? My company security policy is blocking all URL unless whitelisted, so if this is the case, maybe the authentication is blocked? What would be the URL for me to whitelist?
EDIT: I tried it a VM outside of the company network and it works! So something must be getting blocked. Any idea?
I got around it by using a VM outside the company network instead. It's not a solution, but it is a work around. I highly suspect some port are being blocked by company firewall but not sure what so I am not sure how to get it whitelisted.

Why BotFramework Emulator needs ngrok to connect to bots hosted on Azure Web App Service

I am trying to use the BOT simulator to connect and test my Bot SDK application that I've deployed to Azure App Service.
When I run the bot web api propject locally, I can test it with the simulator no problem.
However, when I try to test the same application that is hosted remoely, the simulator fails. After investigation, I found that the simulator needs ngork to be able to connect to bot service that are hosted remotely
https://github.com/Microsoft/BotFramework-Emulator/wiki/Getting-Started#connecting-to-bots-hosted-remotely
If your bot is hosted remotely, ensure that ngrok tunneling software
is installed and configured. The Bot Framework Emulator is tightly
integrated with ngrok and can launch it for you when needed.
The matter has confused others and they asked questions here:
https://github.com/Microsoft/BotFramework-Emulator/wiki/Getting-Started#connect-to-a-bot-hosted-remotely
Why the simultor has dependance on ngork to connect to remotely hosted bots? It seem conter intuitive since the dns name is publicly available
When you're running the emulator locally and debugging in the cloud, you need to be set up for traffic to flow bi-directionally. By default without NGROK you can post to your bot, but for it to POST back to your client, it needs an IP address to post to. NGROK provides that without you having to set up local ports, etc.

SSL certificate - Use Client certificate installed on server for local testing - Mutual authentication

I have been working with web services connecting to URLs provided by different clients and so far it has all been done using one-way authentication. Now I'm asked to enable 2-way (mutual) authentication for one of the clients. I did a lot of research and reading but still confused about a lot of things.
I could test successfully on my local machine following instructions from various different articles. But the problem is now to deploy it in production.
Here's what I did for testing: I created a test Web service Host and assigned it a self-signed certificate and created a client to test this. After this I created a client certificate using makecert and verified that this is installed via MMC. I then modified my Host app to only allow clients with certificate and tested from client to see the connection refused due to not providing the client certificate. Then I modified the bindings in the client application to include the certificate name and I was able to connect to the Host successfully. So this completes local hosting.
Now the real problem. The tech team is going to create a certificate in "cert store" on the server. And I need to test again to make sure everything works as expected. We have a few different developers who all want to test on their machines on their local code. Can we all use the same certificate somehow? I don't think we would be allowed to import the certificate but what suggestions could I give them so all of us can use the same certificate?
I'm also confused about issues like difference between windows certificate and IIS certificate. What advantages would the IIS certificate provide?
Thanks for help!
Edit: Could one of the differences between installing on IIS be so that the hosted sites be accessed via SSL connection? This would mean we don't really need to install on IIS if it's just a client certificate. Is this correct?

Debugging Azure Mobile Service Authentication

I'm new to azure mobile services development and any help will be greatly appreciated.
I have created sample mobile service application and could successfully launch and debug it locally. As a next step I've added google authentication. Everything works fine when the service is Published and running in the cloud. But, I could not make the service to run locally so that I can debug the service for cases when the user is authenticated.
So for I have wrestled with IIS Express and made it work with HTTPS on port 44300. But Google authentication services complained because of redirect URLs mismatch, even though I've added https://localhost:44300/signin-google to redirect list.
I feel like I'm not doing something correct here. Something does not make me believe that debugging locally is not possible.
Thanks,
Ruben
Is possible to debug in localhost, but the google/facebook/Microsoft authentication should not be tested, because it is provided out-of-the-box by Azure Mobile Service team.
you should configure it in Azure Portal and then you should implement it in your application like documentation provides.
The following resources has the references to the Authentication articles:
Azure Mobile Services for Client Apps

Resources