Botframework-sdk: 500 Internal Server Error in emulator - V3

There is something really strange going on.
When you load the Bot Template it installs the Package
System.IdentityModel.Tokens.Jwt with the version 4.02. When i try it with that version i get the exception
402: Unauthorized with:
Warning: 0 : Invalid token. System.ArgumentNullException: Value cannot be null.

When iupdate that package to the latest version (5.0.0) i get the same exception as Huskitch.
Well, i only get a 500 InternalServerError exception with the message "An error has occured".

Does it have something to do with the BotID in the web.config? Because on the page about the emulator, you see screenshots where you can enter a botid. I downloaded the latest version but i cant enter a botid.

Greetings

Okay.
Im pretty sure its because of your "System.IdentityModel.Tokens.Jwt" Version.
Mine was also at 5.0.0. which for some reason broke everything.

I converted everything back to the latest 4.02. Version and it kind of works.
I just get the Message:
"iisexpress.exe Warning: 0 : Invalid token. System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier"
everytime my bot receives a message, but it still works.

Im pretty sure there is something wrong with the Botcredentials in the web.config and what the Emulator/BotConnector expects.

Greetings

I tried downgrading the JWT package to 4.02, and now I end up with this in the JSON emulator output

Had the same issue and couldnt resolve it. Thankfully i had a backup of my project from before the V3 update.
Im pretty sure some references are totally messed up. Maybe try to delete the package and reinstall. but i tried that too and it didnt work out.

Hi, I'm experiencing similar issues... Even the sample Echo Bot cloned directly from the repo doesn't work. Apparently it doesn't receive proper Authorization headers in BotAuthentication.cs -> OnAuthorizationAsync().

Hi. Try to reset the project references.
1) remove all references of Bot.Builder and Bo.Connector (and itself)
2) add via nuget Bot.Builder 3.0.1 and WebHost
3) not update anything in Nuget
4) adjust manually the assemblyBinding in terms of versios to reflect your project

<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Net.Http.Primitives" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.2.29.0" newVersion="4.2.29.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.20622.1351" newVersion="4.0.20622.1351" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Rest.ClientRuntime" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Bot.Connector" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Protocol.Extensions" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.0.2.33" newVersion="1.0.2.33" /> </dependentAssembly> </assemblyBinding>

Even if this worked (which it didn't for me), it seems like a temporary solution to the issue.

I uninstalled packages from NuGet, deleted "bin", "obj" and "packages", re-added everything and now the 500 error is gone, but the 401 still persists:

iisexpress.exe Warning: 0 : Invalid token. System.ArgumentNullException: Value cannot be null.
Parameter name: securityToken
   at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in c:\workspace\WilsonForDotNet45Release\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 658
   at Microsoft.Bot.Connector.JwtTokenExtractor.<ValidateTokenAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Bot.Connector.JwtTokenExtractor.<GetIdentityAsync>d__6.MoveNext()

Microsoft.Bot.Builder = 3.0.1
System.IdentityModel.Tokens.Jwt = 4.0.2.206221351

@lamaq-git make sure that you set MicrosoftAppId and MicrosoftAppPassword to the value you got from dev portal. Also, if you run against emulator you can leave all the values blank to disable bot authentication.

I had to revert the version on three of the libraries in my project in order to get this to work.

• Microsoft.Rest.ClientRuntime - 1.8.2
• Newtonsoft.Json - 8.0.3
• System.IdentityModel.Tokens.Jwt - 4.0.2.206221351

@Huskitch and @NanashiGIT how did you do the upgrade to new nuget package? It seems that you upgraded the System.IdentityModel.Tokens.Jwt to latest which is not the right dependency that builder expects.

To upgrade a v1 bot dependencies to use v3 builder and making sure that your dependencies are installed in the right way, follow below steps:

• Go to nuget package manager for your project
• Uninstall Microsoft.Bot.Builder v1
• Uninstall Microsoft.Bot.Connector
• Install Microsoft.Bot.Builder 3.0.1
• update you web.config to have the new fields builder expect:

    <add key="BotId" value="YourBotId" />
    <add key="MicrosoftAppId" value="" />
    <add key="MicrosoftAppPassword" value="" />

Steps above make sure that you have the right dependencies. From what I see, it seems that you are upgrading all of the packages in the nuget package manager and end up with the latest JWT dependency.

First i was on the correct 4.0.2 version. But then it began giving me the exception:
""iisexpress.exe Warning: 0 : Invalid token. System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier"". So i tried updating it to the newest version (Because it said, the Builder needs JWT >= 4.0.2). But that broke everything.
And im 100% sure the MicrosoftAppId and MicrosoftAppPassword are correct. I've read somewhere, that the keys for the credentials might be a bit bugged (maybe emulator sends credentials not as MicrosoftAppId/MicrosoftAppPassword or something else). I dont know, but there is something broken.

@NanashiGIT builder is dependent on System.IdentityModel.Tokens.Jwt 4.0.2 and when you upgrade to a new version of that package, .Net cannot load the right version of dll when loading dependencies. The error that you were getting when you had the right version of dependency was probably because of not having the right MicrosoftAppId and MicrosoftAppPassword set in your web.config or emulator.

I recommend setting those to empty, both in web.config and emulator (this disables auth), and make sure that your bot is working with auth turned off and after that set the values and check if auth is working correctly.

@msft-shahins This is on a completely new project, from the V3 Bot Builder template.

@msft-shahins I did disabled authentication for quite a bit and it worked. And as i said, the credentials are correct.

@Huskitch then in V3 bot builder template, only update builder in the nuget package manager update tab. Do not update other nuget packages.

@msft-shahins Whats with the BotId in the Webconfig?
Unlike in the screenshots of the emulator, i cant specify an id. I also dont know where to find that id in the Bot Portal.
May that be the culprit for the error messages?

@NanashiGIT if auth doesn't work and you have the right dependencies, I am suspicious that you are using a wrong AppId and AppPassword. Go to dev portal and find the MicrosoftAppId for your bot, then go to Microsoft dev portal app list, find the app id and make sure that you have the right password for that app.

Bot Id == Bot Handle you see in the dev portal UI. builder is using it internally, if you configure it with the InMemoryBotDataStore (which is not the default data store). It is not used for the authentication and we will remove it soon and use MicrosoftAppId as the unique identifier for bot.

@msft-shahins Thanks for your help.
I realized that i have 2 AppSecrets set up for my app (and i dont mean primary/secondary). Maybe thats it and i have to remove one.
I'll try that out tomorrow.

Also make sure that in web.config is correct. They are not called AppId and AppSecret anymore:

    <add key="MicrosoftAppId" value="" />
    <add key="MicrosoftAppPassword" value="" />

@msft-shahins I tried only updating the bot builder package, but then I get this:

@msft-shahins Thank you, I made MicrosoftAppId and MicrosoftAppPassword empty (both in web.config and emulator) and now I'm in the same state as @Huskitch ...

@Huskitch Can you share more details about when this exception happens? What are the configuration for bot and emulator? I guess your project still uses the wrong version of assembly. Make sure to clean your project and rebuild again after you fix dependencies to correct version. This might help you solve the problem.

@msft-shahins The exception happens when I send a message to the bot through the emulator, it shows 505 InternalServerError in the emulator and that exception in VS.

The versions for the nuget packages are as follows:

Microsoft.Bot.Builder: 3.0.1
Microsoft.IdentityModel.Protocol.Extensions: v1.0.2.206221351
Microsoft.Rest.ClientRuntime: 2.3.1
Newtonsoft.Json: 8.0.3
System.IdentityModel.Tokens.Jwt

The Web.config assembly bindings are:

   <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Net.Http.Primitives" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.2.29.0" newVersion="4.2.29.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Rest.ClientRuntime" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>

I've tried both with and without the correct appid and passwords.

@Huskitch Microsoft.Rest.ClientRuntime: 2.3.1 is the problem. It seems that you have updated that too. The correct dependencies are:

Microsoft.Bot.Builder- 3.0.1
Microsoft.IdentityModel.Protocol.Extensions- 1.0.2.206221351
Microsoft.Rest.ClientRuntime - 1.8.2
Newtonsoft.Json - 8.0.3
System.IdentityModel.Tokens.Jwt - 4.0.2.206221351

here is the packages.config for a project from template with correct dependencies:

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Autofac" version="3.5.2" targetFramework="net46" />
  <package id="Chronic.Signed" version="0.3.2" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.Bot.Builder" version="3.0.1" targetFramework="net46" />
  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.2.206221351" targetFramework="net46" />
  <package id="Microsoft.Rest.ClientRuntime" version="1.8.2" targetFramework="net46" />
  <package id="Microsoft.WindowsAzure.ConfigurationManager" version="3.2.1" targetFramework="net46" />
  <package id="Newtonsoft.Json" version="8.0.3" targetFramework="net46" />
  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net46" />
</packages>

@msft-shahins Just made a fresh project and made sure all of the dependencies are the same, now I'm getting this exception after sending a message to the bot:

@Huskitch can you set a breakpoint on the messages controller and check if you are getting the message from the emulator?

@msft-shahins Yeah, I get the message, the method runs fine up until this breakpoint:

@Huskitch can you check the reply activity that is getting generated? It seems to me that the post to emulator is failing. what is the emulator configuration that you are using to post the message?

This is the emulator setup:

I've tried both with and without appid and pw, (though it shouldn't matter right?).

Here's the activity object received:

And here's the reply object:

@Huskitch, your emulator url is wrong! It should be http://localhost:9000. It is basically the url that the emulator is listening on and is set in the ServiceUrl of incoming activity. You can read more about the reply scheme here.

I'm getting a 500 error also, my Emulator URI is correct, app id and secret are blank _and_ I have the correct Nuget package versions referenced.

The exceptions seem to be thrown somewhere internally after the StartAsync method of my LuisDialog returns.

This is what I see in the output window of VS:

Here's my emulator:

@msft-shahins I've deleted the 2 keys and set a new one. But then i realized that this wont have anything to do with the emulator authenticating at the local running bot.
Anyway, unless i leave everything blank i still get the mentioned exception.
My web config keys are
BotId
MicrosoftAppId
MicrosoftAppPassword

Oops, turns out my issue was my own fault - I was using a LuisDialog and had a space at the end of the attribute so the authentication was failing. Removing the space leaves me with a working bot.

@NanashiGIT are you getting "SecurityTokenSignatureKeyNotFoundException" when you set the MicrosoftAppId and password? Are you getting the exception on the incoming request or when wants to post back the reply? can you share your MicrosoftAppId?

@msft-shahins I only get the error when setting the AppId and Password, so yes.
Im getting the exception even before the Post-Method is called. So on incoming requests.
My ID:
......

@msft-shahins, I?m also having the same error:

InternalServerError {
"message": "An error has occurred.",
"exceptionMessage": "Could not load type 'System.IdentityModel.Tokens.TokenValidationParameters' from assembly 'System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.",

I'm having the error while calling the bot in the "Test connection to your bot" of the dev portal.

I have updated packages.config to the contents you mention above (+clean project + redeploy). And I upgraded a project to v3, and fixed the 3 keys in web.config. Ideas?

@lokijota it seems that your bot still depends on the newer System.IdentityModel.Tokens.Jwt (5.0.0.127). Make sure that you have the right dependency and everything works locally against emulator. Then do a clean deployment. If you are deploying to azure from Visual Studio, make sure to select Remove additional files at destination. I have noticed that sometimes the dependencies aren't refreshed correctly, if I don't select that option.

@msft-shahins, here's what I did:~

• there was an assembly redirect in web.config:

 <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.0.0.127" newVersion="5.0.0.127" />
      </dependentAssembly>

I commented this line, cleaned, redeployed, and when I tested it, the Internal Server Error remained, but this time referring to the 4.x version of the Jwt assembly;

• I had already set the "clear files at destination" option;
• I removed the Jwt reference from the project, removed/added Bot.Builder again in Nuget, and redeployed. And again the 500 error mentioning the 5.x version.

frustrated... :-(

Any other idea?

ps: here's the packages.config file:

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Autofac" version="3.5.2" targetFramework="net46" />
  <package id="Chronic.Signed" version="0.3.2" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net46" />
  <package id="Microsoft.Bot.Builder" version="3.0.1" targetFramework="net46" />
  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.2.206221351" targetFramework="net46" />
  <package id="Microsoft.Rest.ClientRuntime" version="1.8.2" targetFramework="net46" />
  <package id="Microsoft.WindowsAzure.ConfigurationManager" version="3.2.1" targetFramework="net46" />
  <package id="Newtonsoft.Json" version="8.0.3" targetFramework="net46" />
  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net46" />
</packages>

and when I remove and re-add the Nuget reference to bot.builder, the redirect xml gets reinserted in web.config (and thus I end up with the 500 again):

      <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.0.0.127" newVersion="5.0.0.127" />
      </dependentAssembly>

Plus, the reference in Nuget seems to be right (and un-upgraded):

remove this from your web.config:

 <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.0.0.127" newVersion="5.0.0.127" />
      </dependentAssembly>

and also make sure that your bot works against emulator with your MicrosoftAppId and MicrosoftAppPassword before trying the deployment.

Hi,

I had another problem: the NewtonSoft assembly was at version 9.x . Fixed that, redeployed, and now it seems to be working, error 500 is gone. I still have a compilation warning:

1>C:\Program Files (x86)\MSBuild\14.0bin\Microsoft.Common.CurrentVersion.targets(1820,5): warning MSB3277: Found conflicts between different versions of the same dependent assembly that could not be resolved. These reference conflicts are listed in the build log when log verbosity is set to detailed.

... but whatever this is, the bot seems to be working now.

(and I did remove the redirect from web.config)

I can confirm that if you accidentally upgrade your nugget packages, you will have to downgrade the packages and update the dependencies in the web.config file. I used TheMakerBotShow example to compare my project and everything worked find after updating.

Looking at the most recent reports on this thread, the latest outstanding issues related to assembly bindings. Are there any open runtime issues still present in your code?

I am closing this issue assuming that the improvements in auth reliability and exception translation released in nuget 3.1 addresses all of the issues in this thread.

Hello All,

I am facing the same issue like 500 internal server error. I changed the code to version 3. Please help me out

@nitk-rashid attach a debugger to your bot and see what exception is getting thrown by the bot when it receives the message.

One weird trick to get your bot to work in development: Run it with the debugger attached. It seems the BotAuthentication filter attribute will return early if MicrosoftAppId is empty, but only when debugger is attached. See line 27.

https://docs.botframework.com/en-us/csharp/builder/sdkreference/d0/d3b/_bot_authentication_8cs_source.html

I'm getting this now, and unable to hit a breakpoint. Are these dependencies still needing to be from versions earlier this year?

Maybe it's about changing the scope of your methods in the messagescontroller from "public" to "private".

This framework was too unstable and the docs not clear enough so I stopped using it. (That and the requirement to publish it - not OK for on premise connectivity)

i create my bot using bot builder framework in asp.net .Bot work fine in emulator but give me error when i try to connect it with skype ...

"Your bot did not respond to our Ping request with a success code. Please verify your bot is running and responsive before Publishing your bot. The error received from your bot was: Unauthorized(401), BotAuthenticator failed to authenticate incoming request!"

please help me !!

@UsamaAslam - You should check existing open and closed issues for "401" errors (there are many that have been closed) or open a new issue for that. This thread is for 500 errors.

@stingyJack - sorry to disturb you but i already open new thread and i receive no response so that is why i post here . if you know any thing please inform me i will be very thankful to you

@usamaalam - If none of the existing closed "401" issues matched your problem (not likely - a similar error message present is in several), you will just have to wait for the maintainer of this module to reply back.