Closed PaulBGD closed 8 years ago
We use HTTPS with Basic Auth. If you register an endpoint which is HTTP we do NOT send the auth header because with basic auth that would be passing your appsecret in the clear. If you want a secure server, register it with HTTPS. Otherwise turn off the basic auth.
Where is it that I turn that off? I can't find it in my bot settings on the dev.botframework.com site.
I see, so if I include my app id/secret at all, it tries to do authentication. Well thanks.
Just don't call bot.verifyBotFramework(). That's the function which is checking the appId/appsecret is being passed via basic auth.
I'll also update verifyBotFramework() to ignore auth over HTTP
On the .Net side of things you have to comment out the Authentication Attribute if not using SSL... seems that should be documented
My BotConnectorBot isn't working because there's no header passed from Microsoft's server. When I get a message it looks like:
The BotConnectorBot then denies the connection because it's missing a header. Here's the code I'm running on my side, although I think it's an issue with Microsoft's servers: