I am struggling a bit with the best way to implement Authentication in the bot I'm building with Composer. The bot should be completely locked without authentication. It can be called both as standalone bot and as a skill bot for PVA.
I have a separate dialog that handles with all the authentication that I currently call from the greeting trigger. There are a couple of issues;
Is there a way where the Authentication dialog is called before each and any message / activity / event etc in the root dialog do I can make sure the bot is completely closed without having to add that to each individual trigger in the root dialog?
@DingmaomaoBJTU may help to answer
For the second issue, you can add a condition branch after oauth prompt to check whether token had been retrieved. If not, you can send error message back then cancel all dialogs.
For the first issue, do we have a pattern (i.e. a middleware) to check authentication before all the activities/events @vishwacsena ?
@hibrenda @DingmaomaoBJTU Any updates on this?
@cxbuilders for question 1, may need a sample support from middleware. @cwhitten
@cwhitten @hibrenda do either of you have any updates?
Close this issue. @cxbuilders, please feel free to reopen it if you have other questions.
@ninggao I am under the impression that this question is still outstanding....
@cwhitten @hibrenda @DingmaomaoBJTU pinging everyone again... Any updates on this one?
@cxbuilders , you may need to customize your runtime and build a OAuthMiddleware, which ensure that user is actually logged in in each turn. will this meet your requirement? Please let me know you need further help on this.
@luhan2017 Was afraid of that. I would imagine that this would be something nice to have built into Composer, like a Pre & Post trigger for a Turn, where you would be able to do things like this.
Can you consider that as an enhancement request? Then for now I'll dive into C#... :)
@luhan2017 can you write up a spec for the botbuilder-dotnet repository so the team can discuss it?
@cxbuilders Hi, I could explain the corresponding functionality. Hope it helps.
Step 0: You should eject your own C# runtime (click new copy of runtime ) in Composer:

Step1: Under your customized runtime, you should write your OAuthMiddleware. For example: https://github.com/zidaneymar/CustomizedRuntime/blob/main/azurewebapp/OAuthMiddleware.cs
This middleware do one thing:
On each OnTurnAsync (message comes), pop up an OAuthPrompt dialog to the user, if already signed in, the OAuthPrompt would skip this step automatically. But it would take extra efforts to do this (maybe the responding time would be longer).
Step2: Initialize and load this middleware in Startup.cs
https://github.com/zidaneymar/CustomizedRuntime/blob/3203fca46f2c86a70ab3e9eeefb65af4b5087809/azurewebapp/Startup.cs#L186
https://github.com/zidaneymar/CustomizedRuntime/blob/3203fca46f2c86a70ab3e9eeefb65af4b5087809/azurewebapp/Startup.cs#L103
Step3: Set up your connectionName in Composer settings (or you could hardcode this in your C# file). If you set this config, the C# runtime would try to read this config in YourBot/settings/appsettings.json and create the OAuthMiddleware for you. If you hardcode this config, please set this connectionName to here:https://github.com/zidaneymar/CustomizedRuntime/blob/3203fca46f2c86a70ab3e9eeefb65af4b5087809/azurewebapp/OAuthMiddleware.cs#L37

Step4: Test your bot.

The bot would try to pop up an OAuth card each turn, but after signing in, the bot would skip this and just echo back the response.
@stevengum Steve created a AdaptiveMiddleware proposal, please refer to #4283
@zidaneymar Thanks for the sample that's appreciated. I have used it to trigger custom events called PreActivity & PostActivity so I am able to implement session logic etc there myself in Composer.
@luhan2017 As mentioned, having the PreActivity & PostActivity implemented in Compsoer OOTB would be really useful, as I prob would be using it for the majority of the bots. Should I create a separate feature request for that?
@cxbuilders Sure, please just create a feature request for dotnet sdk https://github.com/microsoft/botbuilder-dotnet/tree/main