Conventions & Security

Class library vs. Serialization Conventions

All of the objects described use lower-camel casing on the wire. The C# libraries use strongly typed names that are pascal cased. Our documentation sometimes will use one or the other but they are interchangeable.

C# property wire serialization javascript name
ReplyToId replyToId replyToId

Example serialization

1 {
2  "type": "message",
3  "conversation": {
4  "Id": "GZxAXM39a6jdG0n2HQF5TEYL1vGgTG853w2259xn5VhGfs"
5  },
6  "timestamp": "2016-03-22T04:19:11.2100568Z",
7  "channelid": "skype",
8  "text": "You said:test",
9  "attachments": [],
10  "from": {
11  "name": "Test Bot",
12  "id": "MyTestBot",
13  },
14  "recipient": {
15  "name": "tom",
16  "id": "1hi3dbQ94Kddb",
17  },
18  "locale": "en-Us",
19  "replyToId": "7TvTPn87HlZ",
20  "entities": [],
21 }

Securing your bot

Developers should ensure that their bot's endpoint can only be called by the Bot Connector.

To do this you should

  • Configure your endpoint to only use HTTPS
  • Use the Bot Framework SDK's authentication: MicrosoftAppId Password: MicrosoftAppPassword

BotAuthentication Attribute

To make it easy for our C# developers we have created an attribute which does this for your method or controller.

To use with the AppId and AppSecret coming from the web.config

[BotAuthentication]
public class MessagesController : ApiController
{
}

Or you can pass in the appId appSecret to the attribute directly:

[BotAuthentication(MicrosoftAppId = "_MicrosoftappId_")]
public class MessagesController : ApiController
{
}