I have developed a bot using the Microsoft Bot Framework in C#, and am in the process of trying to deploy it to a webserver instead of Azure. The web server runs Windows Server 2012 R2 and has IIS 8.5 installed. The bot works fine locally and can be tested there using the emulator without any problems.
I have configured a site in IIS on the web server for the bot and deployed the bot code there, as well as configured the app ID and password. When using the "test connection" facility on the Bot Framework site, I am given an "Unauthorized" message.
Can anybody advise on where I may be going wrong, or share their experiences with debugging these kinds of errors? Bot Framework does not seem to provide a terribly good debugging experience, unfortunately.
https://chatbot.xxxxxxxxinsight.com/
These are the common issues that users run into:
Your bot’s cloud endpoint URL is not correct. Make sure you have
included the path at the end of the URL (e.g. /api/messages).
Your bot’s endpoint is not HTTPS or is not trusted by the Bot Framework
Channel Emulator. Your bot must have a valid, chain-trusted certificate.
The bot is configured without a Microsoft App Id or a Microsoft App
Password.
Your Microsoft App Id or Microsoft App Password are incorrect.
See the full auth troubleshooting guide here.
If you are still getting Unauthorized error message you should check the follwing
Microsoft App Id and Microsoft App Password in appsettings.json file
in your project folder. (appsettings.json refers to .NET Core Bot
Framework Development)
Check the channels inside your Azure Bot (in Azure Portal), and
check the allowed channels.
This should get your bot in running state. Make sure to pass App ID and Password with the URL in Emulator to connect to your bot.
If you are missing your Microsoft App Password, please comment below.
Related
I'm adding authentication to a bot built with Bot Framework SDK v4 (C#) that will work with Microsoft Teams. I've been following add authentication and add SSO tutorials, trying to get it to work. Both of these hyperlinks jump to a requirement I am stuck on, which is to add OAuth connection settings through the Azure Bot Service. I don't have a subscription with Azure and would prefer to avoid it. I just don't want to deal with a subscription to all these services when I need a tiny portion of it. I'm also going to publish the bot on a local server, not to Azure, and I'm pretty sure I only need a standard channel, which should be free.
The tutorials also explain that I need to use Azure Bot Service to generate a Microsoft app id and an app password. It turns out those values can be obtained through a normal app registration, which I need anyways, in Azure AD. They are just app Id and client secret. This is making me wonder if that OAuth connection setting can be created outside of an Azure subscription as well.
As of now, running the 46.teams-auth sample throws me an error explaining that I need a valid connectionName which is obtained by creating an OAuth connection setting.
All I'm trying to do is to implement authentication to a bot that will be used in Teams. So my questions are the following:
What even is the OAuth connection setting and is it necessary to create?
Is it not enough to register the bot application in Azure AD? It's just an API.
Is there any way to create the OAuth connection setting outside of an Azure subscription?
I've already used the Developer Portal, Azure AD, Bot Framework website, and ngrok to successfully test my bot in Teams. Adding authentication is the last step.
I dont want to use "Azure bot service".
I have host bot application to azure, after that got hosted url https://something.azurewebsites.net then registered a bot in bot framework https://dev.botframework.com/bots/new with https://something.azurewebsites.net/api/messages endpoint url, microsoft id and password.
I got microsoft Id and password when I create a new registration in app registration on azure portal,
Then I used that same Microsoft Id and password in visual studio code and republished.
But while testing on bot framework test emulator it shows "Sorry, my bot code is having an issue." and when I am trying on local bot framework emulator with microsoft app Id and password it shows "Cannot post activity. Unauthorized. POST401directline.postActivity"
I am using "bot framework" : 3.9 and ".net framework": 4.6
Test on bot framework
Test on emulator
Setting
App registartion
V3 of Bot Framework SDK is deprecated. It is recommended to use V4.
https://github.com/microsoft/BotBuilder-V3/blob/master/README.md
Regarding this:
then registered a bot in bot framework
https://dev.botframework.com/bots/new with
https://something.azurewebsites.net/api/messages endpoint url,
microsoft id and password.
and
I got microsoft Id and password when I create a new registration in
app registration on azure portal
These are redundant steps. Really, what you should be doing is creating a Bot Channels Registration in the Azure portal or using az bot CLI.
I dont want to use "Azure bot service
This does not make sense. Can you further explain what you mean by this? Those two steps you did above are doing exactly that; creating a Bot Channels Registration. "Typical" bots are two parts; a Bot Channels Registration (to allow connection to your bot from multiple places, take care of authentication, etc) and a web application (your bot code). Which one do you not want to use?
Regarding the emulator/authentication configuration:
I'm sure you know this, but I wanted to confirm that you are aware of the behavior of appid/password in a bot. Also for the benefit of others that might not be.
You can test with the emulator against a localhost running bot or a deployed bot. When testing with a localhost bot, you can test with appid/password or without. If you test without, you must make sure that they are not configured in the appsettings.json (in v4. other versions, etc. may use different configuration types) and not supplied in launching the bot in emulator. If you test with; you must configure in the appsettings.json and supply them when launching the bot in emulator.
Now let's move on to testing the online/deployed bot. In a deployed bot, it will either pick up the appid/password in the appsettings.json or from configuration in the Web App/App Service's settings. These settings must be titled MicrosoftAppId and MicrosoftAppPassword.
So...all this being said, my assumption is that you created two applications (AAD app), and might be mixing up the appid/password. Either that, or it is not quite configured correctly in the Web app (https://something.azurewebsites.net); either in configuration file or in configuration settings in Azure.
I do hope this helps.
I have been following the directions at https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=csharp to add authentication to my bot (x). So far, I have done the following:
Created AD V1 application
Created AD V2 application
Successfully configured OAuth Connection Settings called "XAuth" to my bot (x) and used AD V1 (AppId, AppPassword). The test connection returns positive response.
Configured the sample bot application at https://github.com/Microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore/18.bot-authentication, changed the connectionName to XAuth, added AppId and AppPassword from my bot (x)
Published bot application to Azure https://X.azurewebsites.net/
Configured Emulator for both development and production
Both Development and production are responding to help, logout commands in the emulator without prompting for signin dialog.
Since the sample project entrance has calls to WaterfallDialog(authDialog), I am expecting an automatic prompt. However, both environments do not prompt for user login. The .bot file has configuration for both production and development with appId and password. I couple of questions to understand the scenario better.
What do I need to do to get the prompt in Emulator?
What is the expected behavior in production? Am I supposed to get prompted when I test my bot (x)?
what happens if I have more than one OAuth configuration in my bot (x)? Which one will be in effect? How do I control that behavior?
Was faced with the problem specified at https://github.com/Microsoft/BotBuilder/issues/4632
I am new in this Bot Framework, I have failed to find enough help on the internet regarding login 365 Authentication.
I have developed a simple Card ordering Bot, Now I need to authenticate it with Office365 account. I have followed this AuthDemo (https://github.com/tsmatsuz/AuthDemoBot)
After clicking Connect on Emulator I have this link :
https://login.microsoftonline.com/common/oauth2/authorize?resource=https:%2F%2Foutlook.office365.com%2F&client_id=18ab0821-0bbc-4d05-9f65-a30e34f3faa3&response_type=code&haschrome=1&redirect_uri=https:%2F%2Fauthdemoweb.azurewebsites.net%2FHome%2FAuthorize&x-client-SKU=PCL.Desktop&x-client-Ver=3.13.4.878&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0
Which crashes.
Regarding our application
I have created an app on https://apps.dev.microsoft.com/#/appList
AppID : df0a8a77-708e-443b-88af-41eb6bXXXXXXX
I have added this appID in webConfig of our project.
My BOT is not yet approved and we dont have BOTID and
BOTSECRET.
I have hosted my BOT Code and Login API on our server with SSL
implementation. (Code is copied from AuthDemo but Keys are changed)
When I run My code on IIS, It make a link https://msbot.devbatch.com/web/Home/Login?userid=2c1c7fa3
And I get this error :
Sign In
Sorry, but we’re having trouble signing you in. We received a bad
request. Additional technical information: Correlation ID:
a462bfbb-c932-4078-bf8b-b3bbe9dbd78e Timestamp: 2016-10-25 05:36:11Z
AADSTS65005: The client application has requested access to resource
'https://outlook.office365.com/'. This request has failed because the
client has not specified this resource in its requiredResourceAccess
list.
I need complete configuration/Steps on Sign in via Office365.
AuthBot creator here. The error you're getting essentially means that when you registered your application Azure Active Directory you didn't specify in the permissions that you need access to outlook.office365.com.
I am getting started with the Microsoft Bot Framework, and tried running the very basic app from the getting started tutorial using the emulator.
When I send the message, I get the error : 401 Unauthorized
Things I have done
I have corrected the URL in the emulator to match the correct URL of the app.
Have deleted the APP ID and APP password from the emulator fields.
I assume I don't need to worry about https yet, since I am running locally (localhost).
Microsoft Bot Framework Document says that when you're running in the localhost add your localhost with the correct port and ask you to keep empty in the app id and the app pass.
But if you have added you your app id and and pass to web.config file, make sure to add them to your emulator as well. Otherwise you will get 401 - Unauthorized error.