Search code examples
azurebotframework

Azure Bot Authentication from different machines

I'm using sample Azure MSGraph Bot Authentication (https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=csharp), without any code changes (only changing APP id's and connection name). I have an html page with WebChat example, and in the back of Azure portal, i have MSGraph authentication. Here are the steps, that working wrong:

  1. I've deployed my bot to Azure and created an html page with WebChat
  2. I'm logging in in WebChat window, and bot returns my domain name, everything is ok here
  3. If i'll open the same page with bot on second machine, by another user, i expect, that i should see authentication dialog again. But i see my own credentials from first machine whithout any authentication process.
  4. If i click "log out" on second machine and try to log in, i see second users domain name - as expected. So authentication process is working fine, bot understands who is trying to log in.

In other words, my authentication session keeps alive in other browser and on the other machines, for other domain users. How can i prevent this?

Solution

  • (...) If userID is not specified, it will default to a random user ID. Multiple users sharing the same user ID is not recommended; their user state will be shared. (API documentation)

    You are setting the userID to YOUR_USER_ID, which means that state will be shared over all users. This is causing your problems and is a security risk when you are authenticating users.

    Remove the line which states userID in your code, as seen in the example below. If there is no userID set, it will default to a random user ID.

       window.WebChat.renderWebChat(
            {
               directLine: window.WebChat.createDirectLine({
                  token: 'YOUR_DIRECT_LINE_TOKEN'
               }),
               userID: 'YOUR_USER_ID', <!-- REMOVE THIS LINE -->
               username: 'Web Chat User',
               locale: 'en-US',
               botAvatarInitials: 'WC',
               userAvatarInitials: 'WW'
            },
            document.getElementById('webchat')
         );