By default, the Azure Service Bus transport authenticates to the service using the information embedded in the connection string. It's also possible to authenticate using any of the authentication mechanisms supported by Azure Service Bus.
This is useful when, for example, delegating authentication and authorization to a Federated Identity infrastructure such as Active Directory Access Control Service or Active Directory Federation Services.
Changing the authentication mechanism is done using the Azure Service Bus SDK's TokenProvider class. The Azure Service Bus SDK requires an instance of this class at 2 different levels.
NamespaceManager
: requires aTokenProvider
that issues tokens with manage rights on the namespace. Note that this is only needed if queue creation is enabled, so that it can list, create and update entities in the namespace.MessagingFactory
: requires aTokenProvider
that issues tokens with at least send or receive rights on the entities used by the endpoint.
By default the transport configures the token provider at the level of the NamespaceManager
using the connectionstring information and reuses this instance for the MessagingFactory
.
Replacing the NamespaceManager Token Provider
The instance at the NamespaceManager
level can be replaced using the NamespaceManagers().
configuration API.
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.TokenProvider(
factory: s =>
{
return TokenProvider.CreateSharedAccessSignatureTokenProvider("sas");
});
Or alternatively using the NamespaceManagers().
configuration API that allows to override the NamespaceManagerSettings
.
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.NamespaceManagerSettingsFactory(
factory: s =>
{
return new NamespaceManagerSettings
{
TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
};
});
Replacing the MessagingFactory Token Provider
If the MessagingFactory
requires different tokens for authentication then the NamespaceManager
, its TokenProvider
can be replaced using the MessagingFactories().
configuration API that allows to override the MessagingFactorySettings
.
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var factories = transport.MessagingFactories();
factories.MessagingFactorySettingsFactory(
factory: s =>
{
return new MessagingFactorySettings
{
TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
};
});