Teams Bot

There are a lot of tools to create bots in Teams:

Most of those tools only offer the ability to host in Azure App Service (Web App or Functions). Many of them restrict the language to TypeScript.

Unfortunately, App Service is the most expensive way to host a backend (instead of App Container, AKS, etc.). This post will cover how to build the Microsoft Bot Framework into a container and then deploy that container as an Azure App Container.

It will also discuss how to hook up a channel to Teams.

Creating a Bot Framework Project

Bot Framework supports C# and TypeScript (Python and Java are deprecated). I prefer to write backend services in C#. There are different templates available, but the EchoBot template (simply echos your messages back to you) is a good starting point.

To install:

dotnet new -i Microsoft.Bot.Framework.CSharp.EchoBot
dotnet new echobot --name mybot

To run:

cd mybot
dotnet run

More information can be found here.

Using Bot Framework Emulator Locally

Download the Bot Framework Emulator from here.

Click “Open Bot” and provide Bot URL (the localhost URL of your service) followed by /api/messages.

NOTE: To use the Bot Framework Emulator locally, you must remove the settings from appsettings.json once you supply them.

Add Authentication

There are multiple modes for authentication (User-Assigned Managed Identity, Single-Tenant, and Multi-Tenant). These options are described in detail here.

While this guide does not describe when these authentication modes would be appropriate, here are my thoughts:

  • User-Assigned Managed Identity would be suitable if the front-end is hosted in Azure and has an User-Assigned Managed Identity. The bot does not necessarily need to be hosted in Azure with a Managed Identity, however, this may still be desired if the bot is going to contact other Azure services.
  • Single-Tenant would require the end-user to authenticate to the same Tenant ID as the bot.
  • Multi-Tenant would allow the end-user to authenticate using any Tenant ID.

NOTE: Since I was providing a tenant/username/password to the bot, it seems like Single-Tenant would have been suitable, however, that always failed with a message that the Microsoft App ID or Microsoft App Password was invalid. Perhaps this is because the Azure subscription is not the primary Microsoft subscription but rather a non-production subscription.

To create an Azure AD App Registration:

# create
az ad app create --display-name "cse-decision-insights-bot" --sign-in-audience "AzureADMyOrg"

# add password
az ad app credential reset --id "<app-id>"

Provide values into the appsettings.json file:

{
    "MicrosoftAppType": "MultiTenant",
    "MicrosoftAppId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "MicrosoftAppPassword": "exa...mple",
    "MicrosoftAppTenantId": "",
}

For Multi-Tenant, the MicrosoftAppTenantId should be left blank.

Deploy as Azure App Container

The following Azure Resources will be required:

  • Azure Container Registry
  • Azure App Container Environment
  • Azure App Container

Add a Dockerfile like the below to the root of the project:

FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build-env
WORKDIR /App

# Copy everything
COPY . ./
# Restore as distinct layers
RUN dotnet restore
# Build and publish a release
RUN dotnet publish -c Release -o out

# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:7.0
WORKDIR /App
COPY --from=build-env /App/out .
ENTRYPOINT ["dotnet", "mybot.dll"]

Build the Docker image:

docker build -t <acr-name>.azurecr.io/mybot:1.0.0 .

Deploy to Azure Container Registry:

az acr login --name <acr-name>
docker push <acr-name>.azurecr.io/mybot:1.0.0

Follow these instructions to deploy as an Azure App Container: https://learn.microsoft.com/en-us/azure/container-apps/get-started?tabs=bash.

Using Bot Framework Emulator Remotely

Download ngrok v2 (v1 is deprecated, v3 is incompatible with Bot Framework Emulator). You can download from ngrok archive here. Install ngrok making note of the path.

Click on the gear in the lower-left of the Bot Framework Emulator to set the configuration options:

  • Supply the proper “Path to ngrok”
  • Uncheck “Bypass ngrok for local addresses”
  • Check “Run ngrok when the emulator starts up”
  • Check “Use a sign-in verification card for OAuthCards”

Click “Save”.

Click “Open Bot” and provide Bot URL (the remote URL of your service) followed by /api/messages.

Sometimes it takes a while for ngrok to startup. If you get an error, you can click on the gear again and then look at the ngrok status (wait or reconnect if necessary).

You should now be able to type in the chat window and see your echoed responses.

NOTE: The documentation I found on this said to check “Use v1 authentication tokens”, however, that did not appear to be necessary.

Create Azure Bot Service

Azure Bot Service provides channels which broker your messages from any of the supported front-ends (Teams, Slack, etc.) to a Bot Framework backend.

When provisioning the Azure Bot Service, you must supply the App ID created above.

After provisioning, you must configure the following:

  • Configuration / Messaging endpoint: The remote URL of your service followed by /api/messages.
  • Channels / Teams: Enable Teams channel.

After doing this, you should be able to “Test in Web Chat” and “Open in Teams”.

Create Teams App

You can create your own Teams App using the dev portal https://dev.teams.microsoft.com/home or by adding the Developer App (in Teams).

After creating your app, you need to configure:

  • Basic information / Developer information: As appropriate.
  • Basic information / App URLs: As appropriate.
  • Basic information / Application (client) ID: The App ID created above.
  • App Features / Bot / Enter a bot ID: The App ID created above.
  • App Features / Bot / What can your bot do?: Check “upload and download files”.
  • App Features / Bot / Select the scopes in which people can use this command: Check “Personal”, “Team”, and “Group Chat”.

Publish as appropriate.

Next Steps

Investigation should be continued into:

Written on September 19, 2023