How do I create an Azure ServiceBus SaS Token with Publish Only Rights?
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
add a comment |
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
add a comment |
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
I need to create a SaS token programmatically for a service bus with Microsoft.Azure.ServiceBus 3.X nuget package to work with a .NET standard library.
I can successfully create and use a token to subscribe and publish to Service Bus.
I don't see an option where I can limit the token to be able to only publish.
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
I would like to limit the rights on this token to be able to only publish to the topic, but not subscribe. Is this possible and if so how can I do this?
azure token servicebus azure token servicebus asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
edited Nov 21 '18 at 11:48
Kevin
asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
asked Nov 20 '18 at 23:54
KevinKevin
4,814113949
4,814113949
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53403366%2fhow-do-i-create-an-azure-servicebus-sas-token-with-publish-only-rights%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
add a comment |
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
add a comment |
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
Is this possible and if so how can I do this?
If I understand correctly, you need to create a policy with [send] right. And then use the policyName and generated key to create the sas token.
The rights conferred by the policy rule can be a combination of:
'Send' - Confers the right to send messages to the entity
'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
For more information, please refer to this document.
Update:
We could use the Microsoft.Azure.Management.ServiceBus.Fluent to create the policy.
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:TomDocumentsazureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
How to create the azureCred file, please refer to this document.
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
edited Nov 22 '18 at 5:35
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
answered Nov 21 '18 at 1:16
Tom SunTom Sun
17.6k2923
17.6k2923
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
add a comment |
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
Thanks my goal is to do this programmatically
– Kevin
Nov 21 '18 at 13:10
1
1
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
@Kevin I have updated the answer with demo code.
– Tom Sun
Nov 22 '18 at 5:37
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53403366%2fhow-do-i-create-an-azure-servicebus-sas-token-with-publish-only-rights%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
