Custom Token Provider

Component: Azure Service Bus Transport (Legacy)
NuGet Package NServiceBus.Azure.Transports.WindowsAzureServiceBus (8.x)
Target NServiceBus Version: 7.x
This page refers to the legacy Azure Service Bus transport, which is rendered obsolete by the Azure Service Bus transport built to target both .NET Framework and .NET Core. All new projects should use the new Azure Service Bus transport.

By default the Azure Service Bus transport authenticates to the service using the information embedded in the connection string. But it's also possible to let it authenticate using any of the authentication mechanisms supported by Azure Service Bus.

This is useful when, for example, delegating authentication and authorization to a Federated Identity infrastructure such as Active Directory Access Control Service or Active Directory Federation Services.

Changing the authentication mechanism is done using the Azure Service Bus SDK's TokenProvider class. The Azure Service Bus SDK requires an instance of this class at 2 different levels.

  • NamespaceManager: requires a TokenProvider that issues tokens with manage rights on the namespace. Note that this is only needed if queue creation is enabled, so that it can list, create and update entities in the namespace.
  • MessagingFactory: requires a TokenProvider that issues tokens with at least send or receive rights on the entities used by the endpoint.

By default the transport configures the token provider at the level of the NamespaceManager using the connectionstring information and reuses this instance for the MessagingFactory.

Replacing the NamespaceManager Token Provider

The instance at the NamespaceManager level can be replaced using the NamespaceManagers().TokenProvider() configuration API.

var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.TokenProvider(
    factory: s =>
    {
        return TokenProvider.CreateSharedAccessSignatureTokenProvider("sas");
    });

Or alternatively using the NamespaceManagers().NamespaceManagerSettingsFactory() configuration API that allows to override the NamespaceManagerSettings.

var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.NamespaceManagerSettingsFactory(
    factory: s =>
    {
        return new NamespaceManagerSettings
        {
            TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
        };
    });

Replacing the MessagingFactory Token Provider

If the MessagingFactory requires different tokens for authentication then the NamespaceManager, its TokenProvider can be replaced using the MessagingFactories().MessagingFactorySettingsFactory() configuration API that allows to override the MessagingFactorySettings.

var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var factories = transport.MessagingFactories();
factories.MessagingFactorySettingsFactory(
    factory: s =>
    {
        return new MessagingFactorySettings
        {
            TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
        };
    });

Last modified