module.exports = {

"extends": "standard",

"rules": {

"semi": [2, "always"],

"indent": [2, 4],

"no-return-await": 0,

"space-before-function-paren": [2, {

"named": "never",

"anonymous": "never",

"asyncArrow": "always"

}],

"template-curly-spacing": [2, "always"]

}

Bot Framework v4 bot authentication using Subject Name/Issuer

This bot has been created using [Bot Framework](https://dev.botframework.com/), is shows how to use the bot authentication capabilities of Azure Bot Service. In this sample, we use a local or KeyVault certificate and the MSAL Subject Name/Issuer configuration to create the Bot Framework Authentication.

- [Node.js](https://nodejs.org) version 10.14 or higher

node --version

- Clone the repository

git clone https://github.com/microsoft/botbuilder-samples.git

- In a terminal, navigate to `samples/javascript_nodejs/85.bot-authentication-sni`

cd samples/javascript_nodejs/85.bot-authentication-sni

- Install modules

npm install

- Set environment variables

- MicrosoftAppType: Type of the App.

- MicrosoftAppId: App Id of your bot.

- MicrosoftAppTenantId: Tenant Id to which your bot belongs.

- CertificateThumbprint: Certificate thumbprint.

- KeyVaultName: Name of the KeyVault containing the certificate.

- CertificateName: Name of the certificate in the KeyVault.

- Start the bot

npm start

[Bot Framework Emulator](https://github.com/microsoft/botframework-emulator) is a desktop application that allows bot developers to test and debug their bots on localhost or running remotely through a tunnel.

- Install the latest Bot Framework Emulator from [here](https://github.com/Microsoft/BotFramework-Emulator/releases)

- Launch Bot Framework Emulator

- File -> Open Bot

- Enter a Bot URL of `http://localhost:3978/api/messages`

This sample uses the bot authentication capabilities of Azure Bot Service, providing features to make it easier to develop a bot that authenticates users using digital security certificates. You just need to provide the certificate data linked to the managed identity and run the bot, then communicate with it to validate its correct authentication.

An SSL/TLS certificate is a digital object that allows systems to verify identity and subsequently establish an encrypted network connection with another system using the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol. Certificates are issued using a cryptographic system known as public key infrastructure (PKI). PKI allows one party to establish the identity of another through the use of certificates if they both trust a third party, known as a certificate authority. SSL/TLS certificates therefore function as digital identity documents that protect network communications and establish the identity of websites on the Internet as well as resources on private networks.

There are two possible options to create SSL/TSL certificate. Below is a step-by-step description of each one:

1. Run the following command in a local PowerShell

1. Then, type _Manage User Certificates_ in the Windows search bar and hit enter

2. The certificate will be located in the _user certificates_ folder, under _personal_ directory.

3. Export the certificate to _pfx_ format including the key(The default location is _system32_ folder).

4. Go to the certificate location and run the following command to generate a _pem_ file:

5. Upload the generated certificate to the Azure app registration.

1. Create a KeyVault resource and assign _the KeyVault Administrator_ role to have permission to create a new certificate.

2. Under the Certificates section, hit on Generate/Import, complete the form, and create the certificate in PEM format.

3. Go to the details of the certificate that you created and enable it.

4. Download the certificate in CER format and then upload it to the Azure app registration.

To learn more about deploying a bot to Azure, see [Deploy your bot to Azure](https://aka.ms/azuredeployment) for a complete list of deployment instructions.

- [Bot Framework Documentation](https://docs.botframework.com)

- [Bot Basics](https://docs.microsoft.com/azure/bot-service/bot-builder-basics?view=azure-bot-service-4.0)

- [Activity processing](https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-concept-activity-processing?view=azure-bot-service-4.0)

- [Azure Bot Service Introduction](https://docs.microsoft.com/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0)

- [Azure Bot Service Documentation](https://docs.microsoft.com/azure/bot-service/?view=azure-bot-service-4.0)

- [Azure CLI](https://docs.microsoft.com/cli/azure/?view=azure-cli-latest)

- [Azure Portal](https://portal.azure.com)

- [Channels and Bot Connector Service](https://docs.microsoft.com/en-us/azure/bot-service/bot-concepts?view=azure-bot-service-4.0)

- [Restify](https://www.npmjs.com/package/restify)

- [dotenv](https://www.npmjs.com/package/dotenv)

- [SSL/TLS certificates](https://www.digicert.com/tls-ssl/tls-ssl-certificates)

const { ActivityHandler, MessageFactory } = require('botbuilder');

class AuthBot extends ActivityHandler {

constructor() {

super();

// See https://aka.ms/about-bot-activity-message to learn more about the message and other activity types.

this.onMessage(async (context, next) => {

const replyText = 'Running dialog with bot authenticated';

const message = MessageFactory.text(replyText, replyText);

await context.sendActivity(message);

// By calling next() you ensure that the next BotHandler is run.

await next();

});

this.onMembersAdded(async (context, next) => {

const membersAdded = context.activity.membersAdded;

const welcomeText = 'Welcome to the Bot with Subject Name/Issuer Authentication';

for (let cnt = 0; cnt < membersAdded.length; ++cnt) {

if (membersAdded[cnt].id !== context.activity.recipient.id) {

await context.sendActivity(MessageFactory.text(welcomeText, welcomeText));

}

}

// By calling next() you ensure that the next BotHandler is run.

await next();

});

}

module.exports.AuthBot = AuthBot;

[config]

command = ./deploy.sh

exitWithMessageOnError () {

if [ ! $? -eq 0 ]; then

echo "An error has occurred during web site deployment."

echo $1

exit 1

fi

}

hash node 2>/dev/null

exitWithMessageOnError "Missing node.js executable, please install node.js, if already installed make sure it can be reached from current environment."

SCRIPT_DIR="${BASH_SOURCE[0]%\\*}"

SCRIPT_DIR="${SCRIPT_DIR%/*}"

ARTIFACTS=$SCRIPT_DIR/../artifacts

KUDU_SYNC_CMD=${KUDU_SYNC_CMD//\"}

if [[ ! -n "$DEPLOYMENT_SOURCE" ]]; then

DEPLOYMENT_SOURCE=$SCRIPT_DIR

if [[ ! -n "$NEXT_MANIFEST_PATH" ]]; then

NEXT_MANIFEST_PATH=$ARTIFACTS/manifest

if [[ ! -n "$PREVIOUS_MANIFEST_PATH" ]]; then

PREVIOUS_MANIFEST_PATH=$NEXT_MANIFEST_PATH

fi

if [[ ! -n "$DEPLOYMENT_TARGET" ]]; then

DEPLOYMENT_TARGET=$ARTIFACTS/wwwroot

KUDU_SERVICE=true

if [[ ! -n "$KUDU_SYNC_CMD" ]]; then

# Install kudu sync

echo Installing Kudu Sync

npm install kudusync -g --silent

exitWithMessageOnError "npm failed"

if [[ ! -n "$KUDU_SERVICE" ]]; then

# In case we are running locally this is the correct location of kuduSync

KUDU_SYNC_CMD=kuduSync

else

# In case we are running on kudu service this is the correct location of kuduSync

KUDU_SYNC_CMD=$APPDATA/npm/node_modules/kuduSync/bin/kuduSync

fi

selectNodeVersion () {

NPM_CMD=npm

NODE_EXE=node

}

echo Handling node.js deployment.

if [[ "$IN_PLACE_DEPLOYMENT" -ne "1" ]]; then

"$KUDU_SYNC_CMD" -v 50 -f "$DEPLOYMENT_SOURCE" -t "$DEPLOYMENT_TARGET" -n "$NEXT_MANIFEST_PATH" -p "$PREVIOUS_MANIFEST_PATH" -i ".git;.hg;.deployment;deploy.sh"

exitWithMessageOnError "Kudu Sync failed"

selectNodeVersion

if [ -e "$DEPLOYMENT_TARGET/package.json" ]; then

cd "$DEPLOYMENT_TARGET"

echo "Running $NPM_CMD install --production"

eval $NPM_CMD install --production

exitWithMessageOnError "npm failed"

cd - > /dev/null

echo "Finished successfully."

[config]

command = deploy.cmd