How do I create an Azure ServiceBus SaS Token with Publish Only Rights?
up vote
0
down vote
favorite
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus
add a comment |
up vote
0
down vote
favorite
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus
azure token servicebus
edited 2 days ago
asked Nov 20 at 23:54
Kevin
4,762113949
4,762113949
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
add a comment |
up vote
1
down vote
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
add a comment |
up vote
1
down vote
up vote
1
down vote
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
edited yesterday
answered Nov 21 at 1:16
Tom Sun
15.8k2821
15.8k2821
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
add a comment |
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
Thanks my goal is to do this programmatically
– Kevin
2 days ago
Thanks my goal is to do this programmatically
– Kevin
2 days ago
1
1
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
@Kevin I have updated the answer with demo code.
– Tom Sun
yesterday
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53403366%2fhow-do-i-create-an-azure-servicebus-sas-token-with-publish-only-rights%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown