{"id":4465,"date":"2019-01-25T14:38:31","date_gmt":"2019-01-25T19:38:31","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=4465"},"modified":"2019-01-25T17:18:04","modified_gmt":"2019-01-25T22:18:04","slug":"creating-an-azure-bot-internally-hosted","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=4465","title":{"rendered":"Creating An Azure Bot \u2013 Internally Hosted"},"content":{"rendered":"

While hosting a bot on the Azure network allows you to use pre-built solutions<\/a> or develop a bot<\/a> without purchasing dedicated hardware, the bots we\u2019ve deployed thus far do not<\/em> have access to internally-housed data. And program execution can be slow (expensive, or a combination of the two) depending on the chosen pricing plan. But you can build an Azure bot that is essentially a proxy to a self-hosted bot.<\/p>\n

This means you can host the bot on your private network (it needs to be accessible from the Azure subnets) and access internal resources from your bot code. Obviously, there are security implications to making private data available via an Azure bot \u2013 you might want to implement user authentication to verify the bot user\u2019s identity<\/a>, and I wouldn\u2019t send someone their current credit card information over a bot even with<\/em> authentication.<\/p>\n

How to Communicate with a Self-hosted Bot from Azure:<\/h2>\n

Register an Azure bot. From https:\/\/portal.azure.com<\/a>, select \u201cCreate a resource\u201d. Search for \u201cbot\u201d and select \u201cBot Channels Registration\u201d.<\/p>\n

<\/p>\n

On the pane which flies out to the right, click \u201cCreate\u201d (if you will be deploying multiple self-hosted bots to Azure, click the little heart so you can find this item on \u201cMy Saved List\u201d when creating a new resource).<\/p>\n

<\/p>\n

Provide a unique name for your Azure bot. If you have not yet created a resource group, you will need to create one. Make sure the hosting location is reasonable for your user base \u2013 East Asia doesn\u2019t make sense for something used on the East coast of the US!<\/p>\n

Select the pricing tier you want \u2013 I use F0 (free) which allows unlimited messages in standard channels (Teams, Skype, Cortana) and 10,000 messages sent\/received in premium channels (direct user interaction \u2026 which I specifically don\u2019t<\/em> want in this case). Then provide the endpoint URL to interact with your locally hosted bot.<\/p>\n

<\/p>\n

Click \u201cCreate\u201d and Azure will begin deploying your new resource. You can click the \u201cNotifications\u201d bell icon in the upper right-hand portion of the page to view deployment progress.<\/p>\n

<\/p>\n

When deployment completes, click \u201cGo to resource\u201d to finish configuring your Azure bot.<\/p>\n

<\/p>\n

Select \u201cSettings\u201d from the left-hand navigation menu, then find the application ID. Click \u201cManage\u201d.<\/p>\n

<\/p>\n

This will open a new portal \u2013 you may be asked to sign in again. You are now looking at the application registration in Microsoft\u2019s developer application registration portal. There\u2019s already an application secret created but<\/em> beyond the first few letters \u2026 what is it? No idea! I\u2019m a cautious person, and I don\u2019t know if MS has embedded this secret somewhere within the bot resource. Since an application can have two secrets simultaneously, I do not<\/em> delete the automatically-created secret and click \u201cGenerate New Password\u201d.<\/p>\n

<\/p>\n

A new pane will appear with your new secret \u2013 no, the one in the picture isn\u2019t real. Copy that and store it somewhere \u2013 you\u2019ll need to add it to your bot code later.<\/p>\n

<\/p>\n

Close the application registration tab and return to the Azure portal tab. Click on \u201cChannels\u201d in your bot and add channels for any interactions you want to support. In this case, I want to publish my bot to Teams. There aren\u2019t really settings* for teams \u2013 just click to create the channel.<\/p>\n

* You can<\/em> publish a bot to the Microsoft App Source \u2026 but is your bot something that should be available to the Internet at large? It depends! If you\u2019re writing a bot to provide enterprise customers another support avenue, having the bot available through App Source makes sense. If you\u2019re creating a bot to answer employee-specific questions, then you probably want to keep the bot out of App Source<\/p>\n

<\/p>\n

Once the channel has been created, click on the \u201cGet bot embed codes\u201d hyperlink to obtain the bot URL.<\/p>\n

<\/p>\n

Individuals can use the hyperlink provided to add your bot to their Teams chat.<\/p>\n

<\/p>\n

Ok, done! Except for one little thing \u2013 you need something to answer<\/em> on that endpoint we entered earlier. You need a bot! Microsoft publishes an SDK and tools for building your bot in .NET, JavaScript, Python, and Java<\/a>.<\/p>\n

In this example, I am using a sample Python bot. For convenience, I am handling SSL on my reverse proxy instead of using an ssl wrapper in my Python service. Grab the BotBuilder package from git (https:\/\/github.com\/Microsoft\/botbuilder-python.git<\/a>)<\/p>\n

Install the stuff:<\/p>\n

pip3 install -e .\/libraries\/botframework-connector<\/p>\n

pip3 install -e .\/libraries\/botbuilder-schema<\/p>\n

pip3 install -e .\/libraries\/botbuilder-core<\/p>\n

pip3 install -r .\/libraries\/botframework-connector\/tests\/requirements.txt<\/p>\n

In the .\/samples\/ folder, you\u2019ll find a few beginner bots. Rich-Cards-Bot requires msrest that has some async functionality and the branch in requirements.txt doesn\u2019t exist. Tried a few others and never got anything that worked properly. Same problem with EchoBot-with-State. I am using Echo-Connector-Bot because it doesn\u2019t have this msrest problem, and I can add my own state support later.<\/p>\n

Edit main.py and add your Azure bot application id & secret to APP_ID and APP_PASSWORD<\/p>\n

APP_ID = ”<\/p>\n

APP_PASSWORD = ”<\/p>\n

PORT = 9000<\/p>\n

SETTINGS = BotFrameworkAdapterSettings(APP_ID, APP_PASSWORD)<\/p>\n

ADAPTER = BotFrameworkAdapter(SETTINGS)<\/p>\n

I stash my personal information in a config.py file and added an import to main.py:<\/p>\n

from config import strDBHostname, strDBUserName, strDBPassword, strDBDatabaseName, strDBTableName, APP_ID, APP_PASSWORD<\/p>\n

Tweak the code however you want \u2013 add natural language processing<\/a>, make database connections to internal resources to determine responses, make calls to internal web APIs. I also added console output so I could debug bot operations.<\/p>\n

When you\u2019ve completed your changes, launch your bot by running \u201cpython main.py\u201d<\/p>\n

\"\"<\/a><\/p>\n

Now return to the Azure portal and select \u201cTest in Web Chat\u201d \u2013 this will allow you to test interactions with your bot. Ask questions \u2013 you should see your answers returned.<\/p>\n

<\/p>\n

Once you confirm the bot is functioning properly, use the URL from the Teams channel to interact with your bot within Teams —<\/p>\n

<\/p>\n

URL for my bot in Teams: https:\/\/teams.microsoft.com\/l\/chat\/0\/0?users=28:9699546d-fc09-41bf-b549-aed33280693a<\/a><\/p>\n

The answer is served out of our home automation database \u2013 data that is only accessible on our private network.<\/p>\n

Security<\/em><\/strong> \u2013 as I said earlier, you\u2019ll probably want to take some<\/em> measures to ensure access to your locally hosted bot is coming from legit sources. The app ID and secret provide one level of protection. If a connection does not supply the proper app ID & secret (or if you\u2019ve mis-entered those values in your code!), you\u2019ll get a 401 error.<\/p>\n

 <\/p>\n

But I don\u2019t want the entire Internet DDoS\u2019ing by bot either, and there is no reason for anyone outside of Microsoft Azure subnets should be accessing my locally hosted bot. My bot is hosted in a private container. The reverse proxy allows Internet-sourced traffic in to the private bot resource. Since communication from Azure will be sourced from a known set of networks, you can add a source IP restriction that prevents the general public from accessing your bot directly. See https:\/\/azurerange.azurewebsites.net\/<\/a> for a convenient-to-use list of addresses.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

While hosting a bot on the Azure network allows you to use pre-built solutions or develop a bot without purchasing dedicated hardware, the bots we\u2019ve deployed thus far do not have access to internally-housed data. And program execution can be slow (expensive, or a combination of the two) depending on the chosen pricing plan. But …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,677],"tags":[728,666,665],"class_list":["post-4465","post","type-post","status-publish","format-standard","hentry","category-coding","category-office-365","tag-azure-bot","tag-microsoft-teams","tag-teams"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/4465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4465"}],"version-history":[{"count":3,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/4465\/revisions"}],"predecessor-version":[{"id":4485,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/4465\/revisions\/4485"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}