Search code examples
c#asp.net-web-apibotframework

BotFramework-Microsoft.Bot.Builder.Integration.AspNet.WebApi does not work with User Managed Identity

I am using Bot Framework's Microsoft.Bot.Builder.Integration.AspNet.WebApi library because my webapp is built with ASP.NET Web API.

I have setup the MicrosoftAppId, MicrosoftAppPassword, MicrosoftAppTenantId, MicrosoftAppType in the environment variables.I have verified that the value of MicrosoftAppId is the client id of the User Managed Identity and that the tenant id is correct. Environment Variables in Webapp

Because of my dependency on Microsoft.Bot.Builder.Integration.AspNet.WebApi, I have initialized Bot code like this:

builder.RegisterType<ConfigurationCredentialProvider>().As<ICredentialProvider>().SingleInstance();

builder.RegisterType<BotFrameworkHttpAdapter>().As<IBotFrameworkHttpAdapter>().SingleInstance();

I have ensured that the webapp has the user managed identity assigned User Managed Identity in WebApp

I have also assigned the Bot configuration correctly with the clientId, resourceId of the User Managed Identity.

Bot Configuration

When I use the WebChat to test my code, I found the following unhandled exception in AppInsights:

"Response Body":"{\"Message\":\"An error has occurred.\",\"ExceptionMessage\":\"Value cannot be null.
Parameter name: clientSecret\",\"ExceptionType\":\"System.ArgumentNullException\",\"StackTrace\":\"   at Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientSecret(String clientSecret)
at Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.CreateClientApplication(String appId, String password, HttpClient customHttpClient)
at Microsoft.Bot.Connector.Authentication.MicrosoftAppCredentials.<BuildIAuthenticator>b__11_0()
at System.Lazy`1.CreateValue()\\r\\n--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Lazy`1.get_Value()\\r\\n   at Microsoft.Bot.Connector.Authentication.AppCredentials.<GetTokenAsync>d__40.MoveNext()

I have verified that the same code works with multi tenant appId and password. All the examples I find online for User Managed Identity work with Microsoft.Bot.Builder.Integration.AspNet.Core. Could someone please help me get this working with Microsoft.Bot.Builder.Integration.AspNet.WebApi? Thank you!

Solution

  • I remembered learning some time ago that support for UMI was only added to the Microsoft.Bot.Builder.Integration.AspNet.Core library and it is as I suspected. Microsoft.Bot.Builder.Integration.AspNet.WebApi does not support User Managed Identity. I, first, double checked with a colleague who confirmed my thought. He and I both searched the code base for similar code used in Microsoft.Bot.Builder.Integration.AspNet.Core and were unable to find any related code nor any references to UMI.

    Unfortunately, you will have to align your project to use Core or research another solution. One alternative, given these libraries are open source, is to try integrating the necessary code into the WebApi library, yourself. Of course, that comes with its own potential pitfalls in time, money, and future maintenance.