Reputation: 25
Bot endpoint authentication/access blocked
I’ve built a LUIS based bot, published inside our corporate Azure subscription. Given some of the tasks we have planned for the bot, we need users to authenticate. We’re using the Web Chat Channel.
Logging into dev.botframework.com with my corporate account, my bots are listed and functioning as intended when no security is applied (I’ll get to this in second). The Messaging endpoint is listed with https, and has the /api/messages string on the end. AppID and Passwords all work from the bot emulator as well as the published app (published from Visual Studio into our corporate Azure subscription). The “Test connection to your bot” TEST button is also successful, generating an “Endpoint authorisation succeeded” message. All good so far.
The same scenario is true for the LUIS app endpoint.
At this stage, we were all excited to hop into the portal.azure.com site and turn on authentication. From my Dashboard, I could see a long list of “All resources”, one of them being my bot endpoint “App Service”. Clicking on that line item brings up the details for said app. Down the left hand side of the azure portal, is a long list of things you can do. With an MVP looking over my shoulder, we chose ‘Authentication/Authorization’ within the ‘Settings’ section.
In the ‘Action to take when request is not authenticated’ drop down list, we chose “Log in with Azure Active Directory”. Clicked Save. Across the top of the page comes an information call-out “To enable Authentication / Authorization please ensure all your custom domains have corresponding SSL bindings .net version is configured to “4.5” and manage pipeline mode is set to “Integrated”.
The bot is now locked out. Back in dev.botframework.com, the TEST button gives “Unauthorized You do not have permission to view this directory or page.”
And within the actual app itself (as published), the html page with the embedded web chat channel widget (i.e. the bot) will cause our subscription logon page to show (all works as intended), but the bot is now dead and will not converse with us. The Web Chat widget renders ok, pops up and says “Hi! I’m abcWebApp99. Say “hi” if you’d like to chat”. You can type in Hi (or whatever), but it never returns or timestamps your text entry. Presumably because the endpoint is saying “Unauthorized You do not have permission to view this directory or page.”
What are we doing wrong/missing?
Upvotes: 1
Views: 513
Answers (1)
Reputation: 6105
It sounds like you need to make sure the users of the bot authenticate themselves, correct? What you have done puts Azure provided auth on the endpoint which won't translate into a login prompt for the bot's users. The /api/messages is now challenged with the 401 and that's what you're experiencing, I believe.
What you need instead is a sign in card integrated with your auth. Here are a few links that should get you going:
- https://docs.botframework.com/en-us/restapi/authentication/
- Bot Framework - Sign-In Card, how get auth result
- Signin Card
Upvotes: 0
Related Questions
- Unauthorized Error Bot framework
- Error for python bot-framework: Unauthorized Access. Request is not authorized
- How to using custom authenticate server with bot framework?
- Bot Authentication
- BOT Directline Channel User Authentication
- Why can't I connect to my bot framework using the end point API
- botframework 401 Unauthorized
- Authentication on BoT in MS BoT framework
- Bot Framework always getting unauthorized response
- Bot Framework Authentication not working