Unauthorized request - Bot in Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-3196093%22%20slang%3D%22en-US%22%3EUnauthorized%20request%20-%20Bot%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3196093%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20test%20my%20Teams%20Bot%20in%20Teams%20application.%20I%20validated%20and%20added%20bot%20to%20my%20team.%20Look%20like%20I%20need%20an%20Azure%20app%20service%20to%20run%20the%2C%20so%20I%20deployed%20the%20app%20to%20Azure.%20But%20the%20bot%20in%20teams%2C%20nor%20'Test%20in%20Webchat'%20in%20Azure%20bot%20doesn't%20work.%20I%20followed%20probably%20all%20guides%2C%20including%20troubleshooting%20and%20in%20the%20Azure%20Bot%20resource%20I%20can%20see%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CEM%3EThere%20was%20an%20error%20sending%20this%20message%20to%20your%20bot%3A%20HTTP%20status%20code%20Unauthorized%3C%2FEM%3E%3C%2FP%3E%3CP%3EIn%20App%20service%20Log%20Stream%20I%20could%20see%3A%3C%2FP%3E%3CH3%20id%3D%22toc-hId--1429919664%22%20id%3D%22toc-hId--1429918984%22%3EHTTP%20Error%20401.0%20-%20Unauthorized%3C%2FH3%3E%3CH4%20id%3D%22toc-hId--739358190%22%20id%3D%22toc-hId--739357510%22%3EYou%20do%20not%20have%20permission%20to%20view%20this%20directory%20or%20page.%3C%2FH4%3E%3CDIV%20class%3D%22%22%3E%3CH4%20id%3D%22toc-hId-1748154643%22%20id%3D%22toc-hId-1748155323%22%3EMost%20likely%20causes%3A%3C%2FH4%3E%3CUL%3E%3CLI%3EThe%20authenticated%20user%20does%20not%20have%20access%20to%20a%20resource%20needed%20to%20process%20the%20request.%3C%2FLI%3E%3C%2FUL%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CH4%20id%3D%22toc-hId--59299820%22%20id%3D%22toc-hId--59299140%22%3EThings%20you%20can%20try%3A%3C%2FH4%3E%3CUL%3E%3CLI%3ECreate%20a%20tracing%20rule%20to%20track%20failed%20requests%20for%20this%20HTTP%20status%20code.%20For%20more%20information%20about%20creating%20a%20tracing%20rule%20for%20failed%20requests%2C%20click%20%3CA%20href%3D%22http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D66439%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FLI%3E%3C%2FUL%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CH4%20id%3D%22toc-hId--1866754283%22%20id%3D%22toc-hId--1866753603%22%3EDetailed%20Error%20Information%3A%3C%2FH4%3E%3CDIV%3E%3CBR%20%2F%3E%3CTABLE%20border%3D%220%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%26nbsp%3BModule%26nbsp%3B%26nbsp%3BAspNetCoreModuleV2%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ENotification%26nbsp%3B%26nbsp%3B%26nbsp%3BExecuteRequestHandler%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3E%26nbsp%3BHandler%26nbsp%3B%26nbsp%3BaspNetCore%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3EError%20Code%26nbsp%3B%26nbsp%3B%26nbsp%3B0x00000000%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3CDIV%3E%3CBR%20%2F%3E%3CTABLE%20border%3D%220%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%3CTBODY%3E%3CTR%3E%3CTD%3ERequested%20URL%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2FGraphInterfaceService%3A80%2Fapi%2Fmessages%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2FGraphInterfaceService%3A80%2Fapi%2Fmessages%3C%2FA%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3EPhysical%20Path%26nbsp%3B%26nbsp%3B%26nbsp%3BC%3A%5Chome%5Csite%5Cwwwroot%5Capi%5Cmessages%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ELogon%20Method%26nbsp%3B%26nbsp%3B%26nbsp%3BAnonymous%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%3ELogon%20User%26nbsp%3B%26nbsp%3B%26nbsp%3BAnonymous%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CDIV%20class%3D%22%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3EI%20checked%20Ms%20App%20ID%20and%20client%20secret.%20In%20appsettings.json%2C%20Azure%20App%20Registration%20and%20in%20OAuth%20connection%20in%20Azure%20Bot%20are%20all%20the%20same.%20The%20bot%20is%20working%20on%20localhost%20with%20emulator%20with%20and%20without%20authorization.%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3EWe%20have%20another%20bot%20already%20running%20with%20Teams.%20I%20noticed%20that%20there%20is%20the%20same%20Ms%20App%20ID%20in%20Azure%20Bot%20and%20App%20registration.%20%3CSTRONG%3E%3CU%3EIs%20that%20as%20it%20should%20be%3F%3C%2FU%3E%3C%2FSTRONG%3E%20The%20bot%20described%20above%20have%20different%20ID%20in%20Azure%20Bot%20resource%20and%20App%20registration.%20I%20was%20trying%20to%20find%20if%20I%20can%20make%20it%2C%20but%20without%20success.%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3EFrankly%20speaking%2C%20I%20don't%20know%20what%20is%20this%20address%3A%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3CA%20href%3D%22https%3A%2F%2FGraphInterfaceService%3A80%2Fapi%2Fmessages%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CEM%3Ehttps%3A%2F%2FGraphInterfaceService%3A80%2Fapi%2Fmessages%3C%2FEM%3E%3C%2FA%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3EGraphInterfaceService%20is%20name%20of%20App%20Service%20in%20Azure%2C%20but%20endpoint%20URL%20is%20different.%20And%20I%20added%20%3CEM%3E%2Fapi%2Fmessages%2F%3C%2FEM%3E%20to%20it.%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CBR%20%2F%3E%3CDIV%20class%3D%22%22%3EFurthermore%2C%26nbsp%3Bwhen%20I%20am%20trying%20to%20add%20%22Chat.ReadWrite.All%22%20in%20OAuth%20setting%20sopces%20(Chat.ReadWrite.All%20exists%20in%20App%20registration!)%20it%20shows%20me%20this%20error%20on%20Test%20connection%20(but%20%3CSTRONG%3Edoes%20it%20matter%20what%20scopes%20are%20in%20here%3F%3C%2FSTRONG%3E%20Don't%20know%20if%20they%20are%20used%20to%20obtain%20those%20scopes%20for%20general%20traffic)%3A%3C%2FDIV%3E%3CPRE%3Eerror%3A%20%7B%3CBR%20%2F%3E%26nbsp%3B%20code%3A%20%22ServiceError%22%2C%3CBR%20%2F%3E%26nbsp%3B%20message%3A%20%22Missing%20required%20query%20string%20parameter%3A%20code.%20Url%20%3D%26nbsp%3B%20%26nbsp%3Bhttps%3A%2F%2Ftoken.botframework.com%2F.auth%2Fweb%2Fredirect%3Ferror%3Dinvalid_client%26amp%3Berror_description%3DAADSTS650053%253a%2BThe%2Bapplication%2B%2527GraphInterfaceAuthentication%2527%2Basked%2Bfor%2Bscope%2B%2527Chat.ReadWrite.All%2527%2Bthat%2Bdoesn%2527t%2Bexist%2Bon%2Bthe%2Bresource%2B%252700000003-0000-0000-c000-000000000000%2527.%2BContact%2Bthe%2Bapp%2Bvendor.%250d%250aTrace%2BID%253a%2B8ecdfbf8-1416-4c68-a28a-66848abad800%250d%250aCorrelation%2BID%253a%2B7f0cd7a4-0a36-4058-a286-57aa20a4059b%250d%250aTimestamp%253a%2B2022-02-22%2B00%253a58%253a16Z%26amp%3Bstate%3D377673302917459099fe22675ac76be5%22%3CBR%20%2F%3E%7D%3C%2FPRE%3E%3CDIV%20class%3D%22%22%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3196093%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

I am trying to test my Teams Bot in Teams application. I validated and added bot to my team. Look like I need an Azure app service to run the, so I deployed the app to Azure. But the bot in teams, nor 'Test in Webchat' in Azure bot doesn't work. I followed probably all guides, including troubleshooting and in the Azure Bot resource I can see:


There was an error sending this message to your bot: HTTP status code Unauthorized

In App service Log Stream I could see:

HTTP Error 401.0 - Unauthorized

You do not have permission to view this directory or page.

Most likely causes:

  • The authenticated user does not have access to a resource needed to process the request.

Things you can try:

  • Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.

Detailed Error Information:


 Module  AspNetCoreModuleV2
Notification   ExecuteRequestHandler
 Handler  aspNetCore
Error Code   0x00000000

Requested URL   https://GraphInterfaceService:80/api/messages
Physical Path   C:\home\site\wwwroot\api\messages
Logon Method   Anonymous
Logon User   Anonymous
 
I checked Ms App ID and client secret. In appsettings.json, Azure App Registration and in OAuth connection in Azure Bot are all the same. The bot is working on localhost with emulator with and without authorization. 
We have another bot already running with Teams. I noticed that there is the same Ms App ID in Azure Bot and App registration. Is that as it should be? The bot described above have different ID in Azure Bot resource and App registration. I was trying to find if I can make it, but without success.
Frankly speaking, I don't know what is this address:
GraphInterfaceService is name of App Service in Azure, but endpoint URL is different. And I added /api/messages/ to it.

Furthermore, when I am trying to add "Chat.ReadWrite.All" in OAuth setting sopces (Chat.ReadWrite.All exists in App registration!) it shows me this error on Test connection (but does it matter what scopes are in here? Don't know if they are used to obtain those scopes for general traffic):
error: {
  code: "ServiceError",
  message: "Missing required query string parameter: code. Url =   https://token.botframework.com/.auth/web/redirect?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27GraphInterfaceAuthentication%27+asked+for+scope+%27Chat.ReadWrite.All%27+that+doesn%27t+exist+on+the+resource+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+8ecdfbf8-1416-4c68-a28a-66848abad800%0d%0aCorrelation+ID%3a+7f0cd7a4-0a36-4058-a286-57aa20a4059b%0d%0aTimestamp%3a+2022-02-22+00%3a58%3a16Z&state=377673302917459099fe22675ac76be5"
}




0 Replies