Secure your bot

Your bot can be connected to many different communication channels (Skype, SMS, email, and others) through the Bot Framework Connector service. This article describes how to secure your bot by using HTTPS and Bot Framework authentication.

Use HTTPS and Bot Framework authentication

To ensure that your bot's endpoint can only be accessed by the Bot Framework Connector, configure your bot's endpoint to use only HTTPS and enable Bot Framework authentication by registering your bot to acquire its appID and password.

Configure authentication for your bot

Specify the bot's appID and password in your bot's web.config file.


To find your bot's AppID and AppPassword, see MicrosoftAppID and MicrosoftAppPassword.

    <add key="MicrosoftAppId" value="_appIdValue_" />
    <add key="MicrosoftAppPassword" value="_passwordValue_" />

Then, use the [BotAuthentication] attribute to specify authentication credentials when using the Bot Builder SDK for .NET to create your bot.

To use the authentication credentials that are stored in the web.config file, specify the [BotAuthentication] with no parameters.

public class MessagesController : ApiController

To use other values for authentication credentials, specify the [BotAuthentication] attribute and pass in those values.

[BotAuthentication(MicrosoftAppId = "_appIdValue_", MicrosoftAppPassword="_passwordValue_")]
public class MessagesController : ApiController

Additional resources