禁止使用新的Bot Framework 403(.NET Core 2.1) [英] New Bot Framework 403 Forbidden (.NET Core 2.1)
问题描述
我在Azure中使用AppId和AppPass进行了 Bot Channels注册
I have in an Azure a Bot Channels Registration with AppId and AppPass
我已将Bot从Visual Studio部署到App Service,并添加了 MicrosoftAppId 和 MicrosoftAppPassword
I have deploy a Bot from Visual Studio to App Service and add MicrosoftAppId and MicrosoftAppPassword
我尝试在网络聊天测试"中进行测试
I try test in "Test in Web Chat"
并禁止403
使用电报客户端时,我有相同的错误 POST到XXX失败:POST到机器人的终结点失败,HTTP状态为403
With telegram client i have same error POST to xxx failed: POST to the bot's endpoint failed with HTTP status 403
在日志流"中,我看到了
In "Log stream" i see
Startup.cs
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddBot<IAssistantBot>(options =>
{
var secretKey = Configuration.GetSection("botFileSecret")?.Value;
// Loads .bot configuration file and adds a singleton that your Bot can access through dependency injection.
var botConfig = BotConfiguration.Load(@".\IAssistant.Bot.bot", secretKey);
services.AddSingleton(sp => botConfig);
// Retrieve current endpoint.
var service = botConfig.Services.Where(s => s.Type == "endpoint" && s.Name == "development").FirstOrDefault();
if (!(service is EndpointService endpointService))
{
throw new InvalidOperationException($"The .bot file does not contain a development endpoint.");
}
options.CredentialProvider = new SimpleCredentialProvider(endpointService.AppId, endpointService.AppPassword);
// Catches any errors that occur during a conversation turn and logs them.
options.OnTurnError = async (context, exception) =>
{
await context.SendActivityAsync("Sorry, it looks like something went wrong.");
};
});
}
是什么原因?
推荐答案
Ok, so, welcome to V4 and .bot files! You were (rightly) showing us screenshots of your secrets being configured correctly via the app settings, but your startup code is not relying on app settings... instead it is utilizing the new .bot file to load the credentials for an endpoint.
首先让我说这是一种全新的可选技术.我知道这些示例往往会让人讨厌,但是如果您已经有DevOps实践,可以很好地通过环境变量/应用程序设置之类的现有机制来维护和部署密钥/秘密,则不必采用它.
Let me start by saying this is a completely new, optional technology. I know the samples tend to shove it in your face, but you do not have to adopt it if you already have DevOps practices that work fine for maintaining and deploying your keys/secrets via existing mechanisms like environment variables/app settings.
例如,您可以通过仅将bot注册更改为以下内容来剪切.bot文件并更改启动以使用应用程序设置:
For example, you could cut the .bot file out and change your startup to use the app settings by just changing your bot registration to this:
public class Startup
{
private readonly IConfiguration _configuration;
public Startup(IConfiguration configuration)
{
// Ask for the configuration service to be injected so you can access config values (standard .NET Core 101 stuff)
_configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
}
public void ConfigureServices(IServiceCollection services)
{
services.AddBot<IAssistantBot>(options =>
{
// Load the values right out of configuration
options.CredentialProvider = new SimpleCredentialProvider(
_configuration.GetSection("MicrosoftAppId").Value,
_configuration.GetSection("MicrosoftAppPassword").Value);
// Catches any errors that occur during a conversation turn and logs them.
options.OnTurnError = async (context, exception) =>
{
await context.SendActivityAsync("Sorry, it looks like something went wrong.");
};
});
}
}
如您所见,对于初学者来说,它的代码要少得多,并且仅利用.NET Core提供的现有配置系统.您可能会从appsettings.json文件,环境变量以及其他可能在.NET Core中使用的其他配置存储中加载它.
As you can see, it's a lot less code for starters and just utilizes the existing configuration system .NET Core provides. You could be loading it from an appsettings.json file, environment variables, whatever other configuration stores you might be used to utilizing in .NET Core.
这篇关于禁止使用新的Bot Framework 403(.NET Core 2.1)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
