This sample demonstrates how to utilize message-actions feature in Microsoft Teams to implement a bot that helps users anonymously reply to messages.
- How to construct the app manifest to allow your bot to participate in message-actions.
- How to send Task Module dialogs from your bot code.
- How to handle submission of Task Module dialog.
- How to post a reply to a message in a channel from a Task Module submission.
- Go to this link to register a new Bot Framework bot. Don't forget to add the Teams channel.
- You will get an Application ID and Application Secret during registration. Paste these values into web.config.
- Paste the Application ID into the manifest.json file.
- Download ngrok and launch it like so:
ngrok http 3979 --host-header=localhost. - Update your bot's definition in Bot Framework to point to the ngrok URL https tunnel URL.
- Zip up the folder containing manifest.json and sideload this app into Teams by going into a team where you want to test it, and then selecting ... -> Manage Team --> Apps and then "Upload a custom app".
- Now when you or anyone in that team goes to a message in that team and selects ... they should see an option called Take Action --> Reply anonymously.
- If you set breakpoints in your bot code in MessagesController.cs, you should see those breakpoints being hit.
- Step-in in debugger and enjoy!
The code currently uses HMACSHA1 to hash the AAD ID of the user to a hash with the bot's Application Secret as the salt. The hash is converted into a base64string and then RoboHash is used to convert this hash into a unique avatar for the user. The end result is that AAD ID of user is uniquely hashed to a Robohash avatar that stays the same for that user for each reply.
Since message is posted by the bot on user's behalf, the user is "anonymous" for others in the team. Since the RoboHash avatar image that the user's ID gets mapped to remains the same everytime that user replies, the user replying remains anonymous while others still have a chance to associate the messages with that user's anonymous version which is important for continuity of conversation.
So is the user truly "anonymous"? Not really. Clues for unmasking someone are in the description above. There might be other clues as well, e.g. language/grammer/tone, and excessive use of emojies or GIFs :)