[英]How to Authenticate MS Teams User Against Azure AD
I am trying to create a bot which would be deployed into MS Teams (and Skype for Business). 我正在尝试创建一个将被部署到MS Teams(和Skype for Business)中的机器人。 I see when a user interacts with the bot they are provided with a
channelData.tenant.id
and the Bot Framework docs say that this is the "The tenant ID for the user." 我看到当用户与漫游器进行交互时,会向他们提供一个
channelData.tenant.id
,并且Bot Framework文档说这是“用户的租户ID”。 I was wondering if I can use this (or another piece of information coming from the inbound message) to authenticate the user against my Azure AD? 我想知道是否可以使用此消息(或来自入站消息的另一条信息)来根据我的Azure AD对用户进行身份验证? Also, would this require me to authenticate the user via an authentication flow like is done with the AuthBot?( https://github.com/MicrosoftDX/AuthBot )
另外,这是否需要我像AuthBot一样通过身份验证流程对用户进行身份验证?( https://github.com/MicrosoftDX/AuthBot )
Any help would be great! 任何帮助将是巨大的!
You have the tenant.id
provided in channelData
yes, so you could use it to make some customs requests like with Graph API. 你有
tenant.id
中提供channelData
是的,所以你可以用它来作一些海关请求像图形API。
For MS Teams , you can also get more information by calling GetConversationMembersAsync
and call AsTeamsChannelAccount
method on the members that you got (this method is included in Microsoft.Bot.Connector.Teams
NuGet package) 对于MS Teams ,您还可以通过调用
GetConversationMembersAsync
并在获取的成员上调用AsTeamsChannelAccount
方法来获取更多信息(此方法包含在Microsoft.Bot.Connector.Teams
NuGet包中)。
Sample: 样品:
// Fetch the members in the current conversation
var connector = new ConnectorClient(new Uri(context.Activity.ServiceUrl));
var members = await connector.Conversations.GetConversationMembersAsync(context.Activity.Conversation.Id);
// Concatenate information about all the members into a string
var sb = new StringBuilder();
foreach (var member in members.Select(m => m.AsTeamsChannelAccount()))
{
sb.AppendLine($"GivenName = '{member.Name}', Email = '{member.Email}', User Principal Name '{member.UserPrincipalName}', AAD ObjectId '{member.ObjectId}', TeamsMemberId = '{member.Id}'");
}
// Post the member info back into the conversation
await context.PostAsync($"People in this conversation: {sb.ToString()}");
With this call you will have additional interesting values: Email
and ObjectId
(which is the user's Azure AD object ID). 通过此调用,您将获得其他有趣的值:
Email
和ObjectId
(这是用户的Azure AD对象ID)。
As a conclusion, you still have to log your user if you need to do some authenticated logic, but in MS Teams case you have more information and ways to do it. 结论是,如果您需要执行某些经过验证的逻辑,则仍然必须登录用户,但是在MS Teams情况下,您将拥有更多信息和方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.