Integrating Azure Bot in Web Application

0
votes

We have a scenario where a user would first login to web application before starting a conversation with Azure Bot.

My question is how do we ensure bot will only allow user to ask financial questions related to his own accounts considering the bot is capable of answer questions related to financial holding of the person logged in.

Basically is there a way to pass principal object to the bot before the conversation starts. If yes how do we pass those details.

1
botframework
There is currently a PR for a [Web Chat Single Sign On Sample](Samir Shaik) that I would recommend taking a look at. Also, if you feel my answer was sufficient, please "accept" it so I can clear this ticket from my support tracker. If not, let me know how else I can help! - tdurnford

1 Answers

1
votes

The BotFramework currently does not support single sign-on; however, the BotFramework Web Chat Development team has recommended different approaches to create a single sign-on experience and is currently working on developing a sample.

The main approach recommends piggybacking the authentication token on every outgoing message by adding it to the activity's channel data. To do this, you can create a custom middleware that appends the additional data. Take a look at the code snippet below. 

const store = window.WebChat.createStore(
  {},
  ({ dispatch }) => next => action => {
    if (action.type === 'DIRECT_LINE/POST_ACTIVITY') {
      // The channelData submitted here is very similar to HTTP cookies and vulnerable to forgery attack.
      // Make sure you use signature to protect it and verify the signature on the bot side.

      // To minimize unexpected behaviors, we recommend to treat the "action" object as if it is immutable.
      // We use simple-update-in package to update "action" with partial deep cloning.
      action = window.simpleUpdateIn(action, ['payload', 'activity', 'channelData', 'token'], () => token);
    }

    return next(action);
  }
);

window.WebChat.renderWebChat({
  directLine: window.WebChat.createDirectLine({ token }),
  // We will use a custom version of Redux store, which we added middleware to handle backchannel messages.
  store
}, document.getElementById('webchat'));

On the bot side, you can retrieve the token from the channel data and use it to make various requests. For more details on adding data to outgoing activities, take a look at this sample.

For more details regarding recommended approaches, take a look at this issue on GitHub. The Web Chat Development team is also using it to track the progress of the sample.

Hope this helps.