Enable Client Certificate Auth for Bot Framework App

Enabling Client Certificate Authentication for Bot Framework Apps

Hi Freist Li,

Thank you for the detailed guide on enabling client certificate authentication for Bot Framework Apps. Here are a few additional tips:

1. Generating Certificates: Generate a self-signed certificate for testing:

   PowerShell

    

   $cert = New-SelfSignedCertificate -Subject "CN=botauth" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature Export-Certificate -Cert $cert -FilePath "C:\temp\selfsign.cer" $mypwd = ConvertTo-SecureString -String "<your password>" -Force -AsPlainText Export-PfxCertificate -Cert $cert -FilePath "C:\temp\selfsign.pfx" -Password $mypwd

2. Implementing in Bot Framework: Extend the ServiceClientCredentialsFactory:

   javascript

    

   const { CertificateAppCredentials } = require('botframework-connector'); class MyServiceClientCredentialsFactory extends ServiceClientCredentialsFactory { async createCredentials(appId, audience, loginEndpoint, validateAuthority, certificateThumbprint, privateKey) { return new CertificateAppCredentials(appId, certificateThumbprint, privateKey); } }

3. Bot Framework Emulator: Note that the Emulator requires AppID and AppPassword, as it doesn’t support certificates.

4. Integration with Platforms like WhatsApp: For those integrating with https://jtwhatsup.com/tmwhatsapp/ or similar platforms, similar secure authentication practices can enhance security.

Thanks again for your insights. Your GitHub example is a valuable resource for the community.

Best regards,
Hallah