Search code examples
c#.netazure-active-directorybotframework

Bot connector returns Forbidden (403) with Microsoft.Bot.Connector.ErrorResponseException

We're using the bot connector to create proactive messages to send to users in Microsoft Teams.

Bot connector returns Forbidden (403) with Microsoft.Bot.Connector.ErrorResponseException. This only happens when the code is deployed to a certain environment in Azure and has not appeared in any test environments.

The warnings we get from the deployment itself is "User is from different region" Message: User is from different region

This is the way the connector is used:

conversationId = connector.Conversations.CreateOrGetDirectConversation(
                      botAccount,
                      userAccount,
                      "<Azure Active Directory Id>").Id;

Has anyone seen this issue, and what do we need to take into consideration for resolving it?

Solution

  • It could be one of two things.

    Make sure your Azure sub is linked to the same Azure Active Directory as your M365 tenant. You can verify this by going to Azure Portal, search for Subscriptions and select the subscription where you deployed your Bot Service. You should find a Change Directory in the top menu to validate this.

    Also the Service URL for your Bot Framework Connector needs to be in your users region. Note that there is dedicated Traffic Manager endpoints for each region. eg. 

    https://smba.trafficmanager.net/emea/
https://smba.trafficmanager.net/amer/

    The first one is targeting emea and second one is targeting US (amer).

    Going for the wrong one could trigger "User is from a different region."