search

microsoft / BotFramework-Emulator

A desktop application that allows users to locally test and debug chat bots built with the Bot Framework SDK.
https://aka.ms/botemulator
MIT License
1.82k stars 756 forks source link

Cannot connect to bot type "UserAssignedMSI" #2377

Closed rliberoff closed 2 years ago

rliberoff commented 2 years ago

Version

Version 4.14.1

Describe the bug

It is not possible to connect to a bot created in Azure as "UserAssignedMSI" (User-Assigned Managed Identity). Every time, no matter the configuration I get an error when connecting that says "The bot's Microsoft App ID or Microsoft App Password is incorrect." with HTTP status code 401

To Reproduce

Steps to reproduce the behavior: 1 - Try to connect to a bot created in Azure as User-Assigned Managed Identity (bot type "UserAssignedMSI"). 2 - From Bot Emulator, select to File -> Open Bot 3 - Set bot URL including "api/messages" 4 - Set Microsoft App Id 5 - Leave Microsoft App password empty (since it is a User-Assigned Managed Identity, there isn't a password). 6 - Click "Connect". 7 - The error appears in the trace section of the Bot's Emulator

Expected behavior

There should be a mechanism to allow the bot's emulator to connect to an User-Assigned Managed Identity bot.

Screenshots

image

[bug]

anishprasad01 commented 2 years ago

Hi @rliberoff,

Managed Identities are designed to authenticate Azure services to each other without the need for keys. To ensure application security, managed identity applications will not respond to requests without "approval" from a managed identity endpoint. These endpoints cannot be reached by requests that originate from outside another Azure app.

Therefore, due to security concerns, debugging User-Assigned Managed Identity bots through the emulator is unsupported.