search

microsoft / botbuilder-dotnet

Welcome to the Bot Framework SDK for .NET repository, which is the home for the libraries and packages that enable developers to build sophisticated bot applications using .NET.
https://github.com/Microsoft/botframework
MIT License
864 stars 480 forks source link

Add ase channel validation #6712

Closed fangyangci closed 6 months ago

fangyangci commented 6 months ago

Description

To resolve the connection issue between DL_ASE and bot, we built DL_ASE v2.0. In v2.0, we used WebSocket/HTTPS instead of named pipe to connect between DL_ASE and bot.

Therefore, we need to add a special header validation for AseChannel.

Specific Changes

  1. Add AseChannel channelId check in ConfigurationBotFrameworkAuthentication.
  2. Fix a potential bug with USGov OAuthEndpoint while using SingleTenant.

Testing

Adding unit tests here is not straightforward, similar to EmulatorValidation and ChannelValidation. I tested this feature locally and also using end-to-end tests in DL_ASE 2.0 within SingleTenant/MultiTenant/UMSI in Public/US Gov Cloud.

Danieladu commented 6 months ago

Please decouple the OAuthEndpoint fix and new ASE channel support. I think they are two things, right?

Danieladu commented 6 months ago

It is better to add the unit test or functional test. Such as the tests in JwtTokenExtractorTests, BotFrameworkAdapterTests, JwtTokenValidationTests

fangyangci commented 6 months ago

Please decouple the OAuthEndpoint fix and new ASE channel support. I think they are two things, right?

I split the USGov SingleTenant bug to a new pr. https://github.com/microsoft/botbuilder-dotnet/pull/6714