forked from microsoft/BotBuilder-Samples
-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JavaScript] Add Bot Authentication SNI sample bot #414
Closed
Closed
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
bf851a2
add bot sample with sni authentication
JhontSouth da6a85a
fix lint issues
JhontSouth 7caacfe
apply PR feedback
JhontSouth ca310e0
remove empty spaces
JhontSouth bf765f9
keep app type value in .env
JhontSouth 61f8f54
update botbuilder version
JhontSouth File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
MicrosoftAppId= | ||
MicrosoftAppTenantId= | ||
CertificateThumbprint= | ||
KeyVaultName= | ||
CertificateName= |
15 changes: 15 additions & 0 deletions
15
samples/javascript_nodejs/85.bot-authentication-sni/.eslintrc.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
/* eslint-disable */ | ||
module.exports = { | ||
"extends": "standard", | ||
"rules": { | ||
"semi": [2, "always"], | ||
"indent": [2, 4], | ||
"no-return-await": 0, | ||
"space-before-function-paren": [2, { | ||
"named": "never", | ||
"anonymous": "never", | ||
"asyncArrow": "always" | ||
}], | ||
"template-curly-spacing": [2, "always"] | ||
} | ||
}; |
175 changes: 175 additions & 0 deletions
175
samples/javascript_nodejs/85.bot-authentication-sni/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,175 @@ | ||
# Authentication Bot using Subject Name/Issuer | ||
|
||
Bot Framework v4 bot authentication using Subject Name/Issuer | ||
|
||
This bot has been created using [Bot Framework](https://dev.botframework.com/), is shows how to use the bot authentication capabilities of Azure Bot Service. In this sample, we use a local or KeyVault certificate and the MSAL Subject Name/Issuer configuration to create the Bot Framework Authentication. | ||
|
||
## Prerequisites | ||
|
||
- [Node.js](https://nodejs.org) version 10.14 or higher | ||
|
||
```bash | ||
|
||
|
||
|
||
# determine node version | ||
|
||
|
||
|
||
node --version | ||
|
||
|
||
|
||
``` | ||
|
||
## To try this sample | ||
|
||
- Clone the repository | ||
|
||
```bash | ||
|
||
|
||
|
||
git clone https://github.com/microsoft/botbuilder-samples.git | ||
|
||
|
||
|
||
``` | ||
|
||
- In a terminal, navigate to `samples/javascript_nodejs/85.bot-authentication-sni` | ||
|
||
```bash | ||
|
||
|
||
|
||
cd samples/javascript_nodejs/85.bot-authentication-sni | ||
|
||
|
||
|
||
``` | ||
|
||
- Install modules | ||
|
||
```bash | ||
|
||
|
||
|
||
npm install | ||
|
||
|
||
|
||
``` | ||
|
||
- Set environment variables | ||
|
||
- MicrosoftAppId: App Id of your bot. | ||
|
||
- MicrosoftAppTenantId: Tenant Id to which your bot belongs. | ||
|
||
- CertificateThumbprint: Certificate thumbprint. | ||
|
||
- KeyVaultName: Name of the KeyVault containing the certificate. | ||
|
||
- CertificateName: Name of the certificate in the KeyVault. | ||
|
||
- Start the bot | ||
|
||
```bash | ||
|
||
|
||
|
||
npm start | ||
|
||
|
||
|
||
``` | ||
|
||
## Testing the bot using Bot Framework Emulator | ||
|
||
[Bot Framework Emulator](https://github.com/microsoft/botframework-emulator) is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel. | ||
|
||
- Install the latest Bot Framework Emulator from [here](https://github.com/Microsoft/BotFramework-Emulator/releases) | ||
|
||
### Connect to the bot using Bot Framework Emulator | ||
|
||
- Launch Bot Framework Emulator | ||
|
||
- File -> Open Bot | ||
|
||
- Enter a Bot URL of `http://localhost:3978/api/messages` | ||
|
||
## Interacting with the bot | ||
|
||
This sample uses the bot authentication capabilities of Azure Bot Service, providing features to make it easier to develop a bot that authenticates users using digital security certificates. You just need to provide the certificate data linked to the managed identity and run the bot, then communicate with it to validate its correct authentication. | ||
|
||
## SSL/TLS certificate | ||
|
||
An SSL/TLS certificate is a digital object that allows systems to verify identity and subsequently establish an encrypted network connection with another system using the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol. Certificates are issued using a cryptographic system known as public key infrastructure (PKI). PKI allows one party to establish the identity of another through the use of certificates if they both trust a third party, known as a certificate authority. SSL/TLS certificates therefore function as digital identity documents that protect network communications and establish the identity of websites on the Internet as well as resources on private networks. | ||
|
||
## How to create an SSL/TLS certificate | ||
|
||
There are two possible options to create SSL/TSL certificate. Below is a step-by-step description of each one: | ||
|
||
### Using local environment | ||
|
||
1. Run the following command in a local PowerShell | ||
|
||
``` | ||
|
||
$cert = New-SelfSignedCertificate -CertStoreLocation "<directory-to-store-certificate>" -Subject "CN=<certificate-name>" -KeySpec KeyExchange | ||
|
||
``` | ||
|
||
1. Then, type _Manage User Certificates_ in the Windows search bar and hit enter | ||
|
||
2. The certificate will be located in the _user certificates_ folder, under _personal_ directory. | ||
|
||
3. Export the certificate to _pfx_ format including the key(The default location is _system32_ folder). | ||
|
||
4. Go to the certificate location and run the following command to generate a _pem_ file: | ||
|
||
``` | ||
|
||
OpenSSL pkcs12 -in <certificate-name>.pfx -out c:\<certificate-name>.pem –nodes | ||
|
||
``` | ||
|
||
5. Upload the generated certificate to the Azure app registration. | ||
|
||
### Using KeyVault | ||
|
||
1. Create a KeyVault resource and assign _the KeyVault Administrator_ role to have permission to create a new certificate. | ||
|
||
2. Under the Certificates section, hit on Generate/Import, complete the form, and create the certificate in PEM format. | ||
|
||
3. Go to the details of the certificate that you created and enable it. | ||
|
||
4. Download the certificate in CER format and then upload it to the Azure app registration. | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We should add a section indicating which values to set in the bot's .env file. |
||
## Deploy the bot to Azure | ||
|
||
To learn more about deploying a bot to Azure, see [Deploy your bot to Azure](https://aka.ms/azuredeployment) for a complete list of deployment instructions. | ||
|
||
## Further reading | ||
|
||
- [Bot Framework Documentation](https://docs.botframework.com) | ||
|
||
- [Bot Basics](https://docs.microsoft.com/azure/bot-service/bot-builder-basics?view=azure-bot-service-4.0) | ||
|
||
- [Activity processing](https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-concept-activity-processing?view=azure-bot-service-4.0) | ||
|
||
- [Azure Bot Service Introduction](https://docs.microsoft.com/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0) | ||
|
||
- [Azure Bot Service Documentation](https://docs.microsoft.com/azure/bot-service/?view=azure-bot-service-4.0) | ||
|
||
- [Azure CLI](https://docs.microsoft.com/cli/azure/?view=azure-cli-latest) | ||
|
||
- [Azure Portal](https://portal.azure.com) | ||
|
||
- [Channels and Bot Connector Service](https://docs.microsoft.com/en-us/azure/bot-service/bot-concepts?view=azure-bot-service-4.0) | ||
|
||
- [Restify](https://www.npmjs.com/package/restify) | ||
|
||
- [dotenv](https://www.npmjs.com/package/dotenv) | ||
|
||
- [SSL/TLS certificates](https://www.digicert.com/tls-ssl/tls-ssl-certificates) |
32 changes: 32 additions & 0 deletions
32
samples/javascript_nodejs/85.bot-authentication-sni/authBot.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. | ||
// Licensed under the MIT License. | ||
|
||
const { ActivityHandler, MessageFactory } = require('botbuilder'); | ||
|
||
class AuthBot extends ActivityHandler { | ||
constructor() { | ||
super(); | ||
// See https://aka.ms/about-bot-activity-message to learn more about the message and other activity types. | ||
this.onMessage(async (context, next) => { | ||
const replyText = 'Running dialog with bot authenticated'; | ||
const message = MessageFactory.text(replyText, replyText); | ||
await context.sendActivity(message); | ||
// By calling next() you ensure that the next BotHandler is run. | ||
await next(); | ||
}); | ||
|
||
this.onMembersAdded(async (context, next) => { | ||
const membersAdded = context.activity.membersAdded; | ||
const welcomeText = 'Welcome to the Bot with Subject Name/Issuer Authentication'; | ||
for (let cnt = 0; cnt < membersAdded.length; ++cnt) { | ||
if (membersAdded[cnt].id !== context.activity.recipient.id) { | ||
await context.sendActivity(MessageFactory.text(welcomeText, welcomeText)); | ||
} | ||
} | ||
// By calling next() you ensure that the next BotHandler is run. | ||
await next(); | ||
}); | ||
} | ||
} | ||
|
||
module.exports.AuthBot = AuthBot; |
2 changes: 2 additions & 0 deletions
2
samples/javascript_nodejs/85.bot-authentication-sni/deploymentScripts/linux/.deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[config] | ||
command = ./deploy.sh |
100 changes: 100 additions & 0 deletions
100
samples/javascript_nodejs/85.bot-authentication-sni/deploymentScripts/linux/deploy.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
#!/bin/bash | ||
|
||
# ---------------------- | ||
# KUDU Deployment Script | ||
# Version: 1.0.17 | ||
# ---------------------- | ||
|
||
# Helpers | ||
# ------- | ||
|
||
exitWithMessageOnError () { | ||
if [ ! $? -eq 0 ]; then | ||
echo "An error has occurred during web site deployment." | ||
echo $1 | ||
exit 1 | ||
fi | ||
} | ||
|
||
# Prerequisites | ||
# ------------- | ||
|
||
# Verify node.js installed | ||
hash node 2>/dev/null | ||
exitWithMessageOnError "Missing node.js executable, please install node.js, if already installed make sure it can be reached from current environment." | ||
|
||
# Setup | ||
# ----- | ||
|
||
SCRIPT_DIR="${BASH_SOURCE[0]%\\*}" | ||
SCRIPT_DIR="${SCRIPT_DIR%/*}" | ||
ARTIFACTS=$SCRIPT_DIR/../artifacts | ||
KUDU_SYNC_CMD=${KUDU_SYNC_CMD//\"} | ||
|
||
if [[ ! -n "$DEPLOYMENT_SOURCE" ]]; then | ||
DEPLOYMENT_SOURCE=$SCRIPT_DIR | ||
fi | ||
|
||
if [[ ! -n "$NEXT_MANIFEST_PATH" ]]; then | ||
NEXT_MANIFEST_PATH=$ARTIFACTS/manifest | ||
|
||
if [[ ! -n "$PREVIOUS_MANIFEST_PATH" ]]; then | ||
PREVIOUS_MANIFEST_PATH=$NEXT_MANIFEST_PATH | ||
fi | ||
fi | ||
|
||
if [[ ! -n "$DEPLOYMENT_TARGET" ]]; then | ||
DEPLOYMENT_TARGET=$ARTIFACTS/wwwroot | ||
else | ||
KUDU_SERVICE=true | ||
fi | ||
|
||
if [[ ! -n "$KUDU_SYNC_CMD" ]]; then | ||
# Install kudu sync | ||
echo Installing Kudu Sync | ||
npm install kudusync -g --silent | ||
exitWithMessageOnError "npm failed" | ||
|
||
if [[ ! -n "$KUDU_SERVICE" ]]; then | ||
# In case we are running locally this is the correct location of kuduSync | ||
KUDU_SYNC_CMD=kuduSync | ||
else | ||
# In case we are running on kudu service this is the correct location of kuduSync | ||
KUDU_SYNC_CMD=$APPDATA/npm/node_modules/kuduSync/bin/kuduSync | ||
fi | ||
fi | ||
|
||
# Node Helpers | ||
# ------------ | ||
|
||
selectNodeVersion () { | ||
NPM_CMD=npm | ||
NODE_EXE=node | ||
} | ||
|
||
################################################################################################################################## | ||
# Deployment | ||
# ---------- | ||
|
||
echo Handling node.js deployment. | ||
|
||
# 1. KuduSync | ||
if [[ "$IN_PLACE_DEPLOYMENT" -ne "1" ]]; then | ||
"$KUDU_SYNC_CMD" -v 50 -f "$DEPLOYMENT_SOURCE" -t "$DEPLOYMENT_TARGET" -n "$NEXT_MANIFEST_PATH" -p "$PREVIOUS_MANIFEST_PATH" -i ".git;.hg;.deployment;deploy.sh" | ||
exitWithMessageOnError "Kudu Sync failed" | ||
fi | ||
|
||
# 2. Select node version | ||
selectNodeVersion | ||
|
||
# 3. Install npm packages | ||
if [ -e "$DEPLOYMENT_TARGET/package.json" ]; then | ||
cd "$DEPLOYMENT_TARGET" | ||
echo "Running $NPM_CMD install --production" | ||
eval $NPM_CMD install --production | ||
exitWithMessageOnError "npm failed" | ||
cd - > /dev/null | ||
fi | ||
|
||
################################################################################################################################## | ||
echo "Finished successfully." |
2 changes: 2 additions & 0 deletions
2
samples/javascript_nodejs/85.bot-authentication-sni/deploymentScripts/windows/.deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[config] | ||
command = deploy.cmd |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this space is too much.