I have been working with Kyle H. in Azure Support Chat and he recommended that I post this here.
Please be understanding, as I have read every related Stack Overflow post relevant and have exercised due diligence.
I have completely deleted and restarted both my Azure resources AND source code multiple times. Using this guide: https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-howto-deploy-azure?view=azure-bot-service-4.0
The bot project is using the v4 template 'Echo'.
In Azure Portal, Test in Web Chat: "There was an error sending this message to your bot: HTTP status code Forbidden"
In Bot Emulator with ngrok configured: Cannot post activity. Unauthorized.
Following instructions here: https://docs.microsoft.com/en-us/azure/bot-service/bot-service-troubleshoot-authentication-problems?view=azure-bot-service-4.0#step-2
I ran: curl -k -X POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token -d "grant_type=client_credentials&client_id=b7404e9f-0e74-4174-aa4f-447fdd96d7f0&client_secret=REMOVED&scope=https%3A%2F%2Fapi.botframework.com%2F.default" and I am returned a valid access token.
I have confirmed multiple times that my app registration is using https, as well as the /api/messages route, and that my app service has the two keys MicrosoftAppId and MicrosoftAppPassword and they are set appropriately. Including stopping and starting and the restart functionality. I have also ensured that during deployment(VS 2017 Publish), it removes existing files.
My last attempt was to upgrade the template 'Echo' bot to .net core 2.2 - which deployed successfully. I again verified app id and app password set as described above, and unfortunately both the Bot Emulator and Test in Web Chat failed with the same errors.
Edit 1: I used 'Create new resource' and picked the 'Web App Bot' template. I chose the 'Echo' bot. I chose 'Automatically Generate Application ID and Password' as well. This resulted in a bot deployment that did not have authorization errors. However, I noticed that instead of a 'Bot Channel Registration' resource - it instead created a 'Web App Bot'. When inspecting 'Application Settings', application ID and password aren't present, yet it functions just fine.
Edit 2: I researched deeper, and learned that the 'Web App Bot' created in azure uses the botFilePath and botFileSecret application settings and likely keeps the app id and app password there.
Edit 3: There is a huge difference between the v4 BotBuilder EchoBot template you use in visual studio when creating a new project and the EchoBot template used in Azure when creating a new resource. Narrowing it down now.
Edit 4: I was able to use the Azure created web bot and modify it to continue my work. Was not possible with the Vsix templates even with ensuring app config and .bot file config were correct.
Edit 5:
I also learned that v4 doesn't support Microsoft Teams - and that was the entire purpose of my endeavor. v3 documentation is near nonexistent. So I think I'll be using an entirely different framework to integrate with Teams. I even attempted to implement: https://github.com/OfficeDev/BotBuilder-MicrosoftTeams-dotnet but my bot only responds with "Sorry, there was a problem encountered with your request" in Teams.
Edit 6: I managed to get my bot functioning with Microsoft Teams, during the process solving the unauthorized error.
I created the Echo bot in Azure - and used App Studio in Microsoft Teams to add a manifest and add the bot to our team.
After that, I imported the project located here: https://github.com/OfficeDev/BotBuilder-MicrosoftTeams-dotnet/tree/master/CSharp/Samples/Microsoft.Bot.Builder.Teams.TeamEchoBot
Then I modified setup.cs to work with the encrypted .bot file, based on the source code that created the Echo Bot in Azure.
