3

I am building a Banking Bot and I need to authenticate the user before providing any details to him. If the Bot is idle for 5 min, I need user to re-authenticate before proceeding further.

I am using Microsoft Bot framework and LUIS for BOT development. Can anyone help me with this problem?

Gagan Bajaj
  • 169
  • 1
  • 16
  • You may want to check [how secure a particular channel](https://docs.botframework.com/en-us/faq/#do-the-bots-registered-with-the-bot-framework-collect-personal-information-if-yes-how-can-i-be-sure-the-data-is-safe-and-secure-what-about-privacy) is first –  Feb 16 '17 at 14:36
  • @Daniel: I was trying to prompt the user for id and password and then authenticate user via service using oAuth2 and OpenId connect. But not sure is this a good way to secure. Please let me know if there is a better way... – Gagan Bajaj Feb 16 '17 at 15:04
  • @Micky: I am not sure how this link can solve my problem. It does not talk about securing user credentials... :( – Gagan Bajaj Feb 16 '17 at 15:05
  • It's not meant to solve your problem, only to be mindful of potential security limitations –  Feb 16 '17 at 22:49
  • Check out Microsoft's [AzureBot example](https://github.com/Microsoft/AzureBot). It uses the [AuthBot package](https://github.com/MicrosoftDX/AuthBot) to authenticate against AD and other providers such as Facebook –  Feb 19 '17 at 10:32
  • Yes, I got that on GitHub...thanks for reverting back MickyD... – Gagan Bajaj Feb 19 '17 at 16:21

2 Answers2

1

Directly authenticating user through chat window is not recommended and in such cases you'll need to use magic codes for authentication. Consider using third pattern described there which is quite secure.

Just Shadow
  • 10,860
  • 6
  • 57
  • 75
0

You must use a signin card, to ensure the user is authenticated and you know the user. You must avoid to ask the user to enter his credential in the chat. For the idle time, you can use a middleware component to intercept all messages from user and review the last time he sent a message to the bot.

sGambolati
  • 783
  • 8
  • 25