如何让 Azure Active Directory B2C 与 Bot Framework 一起工作? [英] how to get Azure Active Directory B2C working with Bot Framework?
问题描述
到目前为止,我还无法在机器人框架中使用它.我花了一整天,但只设法获得 .net api 示例(https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) 使用 AD B2C.我不确定它从哪里获取我想传递给 BotUserData 的不记名令牌......
so far I've not been able to get this working with the bot framework. I spent all day but only managed to get .net api example (https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) working with AD B2C. I'm not sure where it grabs the bearer token that I want to pass to BotUserData...
我尝试了以下 https://azure.microsoft.com/en-us/blog/bot-framework-made-better-with-azure/
但实际上该解决方案并没有成功构建,我只是从那里获取代码并进入我的机器人框架示例模板......但是,当它要求我通过 MS 登录时,我这样做了无法继续,而且该博客似乎没有使用 AD B2C 政策.
but in reality the solution does not build successfully and I've resorted to just taking code from there and into my bot framework sample template....however, when it asks me to login through MS and I do, I am not able to proceed and it doesn't seem like that blog is using the AD B2C policies.
那么如何将 AD B2C 与 Bot Framework 集成?是否可以从机器人框架调用/Account/SignIn URL 来验证用户身份?之后,您将如何捕获令牌并将其传递给 BotUserData?
so how do you integrate AD B2C with Bot Framework? Is it possible to call /Account/SignIn URL from bot framework to authenticate the user? Afterwards, how would you capture the token and pass it to BotUserData?
推荐答案
您可能需要查看 Facebook 身份验证示例 以了解身份验证场景的潜在流程.对于 Azure AD,您需要执行类似的流程.
You might want to take a look to the Facebook Auth sample to get an idea of a potential flow for the Auth scenario. For Azure AD, you need to do a similar flow.
假设您的用户向您的机器人发送了登录"消息.bot 应以身份验证 URL 进行响应,并要求用户使用该 URL 登录服务.您可以使用 GetAuthorizationRequestURL ADAL 方法.
Let's say your user send a "Login" message to your bot. The bot should respond with an auth URL and ask the user to login to the service using that URL. You can use the GetAuthorizationRequestURL method of ADAL for that.
然后您将拥有一个 Web API,它基本上将公开一个端点,该端点将作为 Azure AD 的回复 URL.用户完成登录后,将向您的 Web API 发送一条消息,您可以在其中获取授权代码并执行调用以获取访问令牌.之后,您可以像在 Facebook 示例 Web API 涉及恢复与机器人的对话,发送带有访问令牌的消息(因此它可以保存在 PerUserInConversationData 包中(检查 这一行代码).
Then you will have a Web API which will basically expose an endpoint that will be the reply URL of Azure AD. Once the users completes the login, a message will be posted to your Web API where you will be able to get the authorization code and perform the calls to get the Access Token. After that, you can just do the same they are doing in the Facebook Sample Web API which involves resuming the conversation with the Bot, sending a message with the access token (so it can be persisted in the PerUserInConversationData bag (check this line of code).
之后,您就可以使用访问令牌来执行任何需要访问令牌的调用.
After that you have the access token available to perform any call that requires an access token.
更新
您可能需要查看两个新示例,因为它们正在实施所讨论的工作流程.
There are two new samples that you might want to take a look since they are implementing the workflow being discussed.
- GraphBot from the BotBuilder repo.
- AuthBot from Mat Velloso
希望这会有所帮助.
这篇关于如何让 Azure Active Directory B2C 与 Bot Framework 一起工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
