Limit a teams bot to my organization

2019-09-08 01:45发布

站内问答 / 前端开发
1368 2 6

I'm using the MSFT Bot Framework to build a team bot but my bot is only relevant to my organization. Actually I don't want anyone outside my organization to be able to talk to it.

I've been looking how to limit my bot to a specific Office 365 organization but can't find how to do it. The only thing I can find is using the other party userstring to see in which org they live.

My question: Is ther a way to limit my bot to a single O365 organization?

Thanks

Bram

2条回答
闹够了就滚
2楼-- · 2019-09-08 01:53

Its been 2 years but there's no real answer and it popped up in my related list tho...

These days you can write an easy simple middleware that does the tenant filtering like here:

public static string TenantFilterSettingAny = "#ANY#";

/// <summary>
/// Here are below scenarios - 
///     #Scenario 1 - Reject the Bot If Tenant is configured in web.config and doesn't match with Incoming request tenant
///     #Scenario 2 - Allow Bot for every Tenant if Tenant is not configured in web.config file and default value is #ANY#             
/// </summary>
/// <param name="activity"></param>
/// <param name="currentTenant"></param>
/// <returns></returns>
public static bool RejectMessageBasedOnTenant(IMessageActivity activity, string currentTenant)
{
    if (!String.Equals(ConfigurationManager.AppSettings["OFFICE_365_TENANT_FILTER"], TenantFilterSettingAny))
    {
        //#Scenario 1
        return !string.Equals(ConfigurationManager.AppSettings["OFFICE_365_TENANT_FILTER"], currentTenant);
    }
    else
    {
        //Scenario 2
        return false;
    }
}

Its taken from this sample

查看更多
0人赞 添加讨论(0) 举报
ら.Afraid
3楼-- · 2019-09-08 01:57

The most reliable way right now is to implement authentication of users, as demonstrated in AuthBot, and then check the tenant-id of the logged-in user.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)