Skip to content

Latest commit

 

History

History
103 lines (66 loc) · 3.97 KB

File metadata and controls

103 lines (66 loc) · 3.97 KB

Authentication Bot using Federation Identity Certificate (FIC)

Bot Framework v4 bot authentication using Federation Identity Certificate (FIC). Currently, FIC feature is supported for Microsoft tenants only.

This bot has been created using Bot Framework, is shows how to use the bot authencation capabilities of Azure Bot Service. In this sample, we use federated identity certificate configuration to create the Bot Framework Authentication.

Prerequisites

To try this sample

  • In a terminal, navigate to AuthFederatedCredBot

    # change into project folder
    cd 86.bot-authentication-fic
  • Open from Visual Studio

    • Launch Visual Studio
    • File -> Open -> Project/Solution
    • Navigate to samples/csharp_dotnetcore/86.bot-authentication-fic folder
    • Select AuthFederatedCredBot.csproj file
  • Create an user assigned managed identity.

    • Record the client ID of the managed identity and add the same to appsettings.json.
  • Create Azure App and Bot

    • Create App Registration

      • This can be either Single or Multi tenant.
      • Record the Application ID.
      • Add the Federation Identity Certificate (FIC) to the App Registration.
        • To create trust using the FIC, we need to link the managed identity to the App Registration.
          • Click on the add credential under Federated Credential
          • On the Add a credential page, select the Federated credential scenario as "Customer Managed Keys".
          • Select the managed identity that you created in the previous step.
          • Enter name for the credential and click on Add.
    • Create an Azure Bot in the desired resource group. Use the App Registration from the previous step.

    • Add the User managed identity created in previous step to the Azure App Service under Configuration -> Identity -> User Assigned Managed Identity.

  • Set appsettings.json variables

    • MicrosoftAppType: {SingTenant | MultiTenant}

    • MicrosoftAppId: {appId}

    • MicrosoftAppTenantId: {tenantId}

    • MicrosoftAppClientId: {clientId of managed identity}

  • Run the bot from Visual Studio:

  • Run the bot from a terminal or from Visual Studio, choose option A or B.

    A) From a terminal

    # run the bot
    dotnet run

    B) Or from Visual Studio

    • Launch Visual Studio
    • File -> Open -> Project/Solution
    • Navigate to 86.bot-authentication-fic folder
    • Select AuthFederatedCredBot.csproj file
    • Press F5 to run the project

Deploy the bot to Azure

To learn more about deploying a bot to Azure, see Deploy your bot to Azure for a complete list of deployment instructions.

Further reading