Getting Started
 NServiceBus
 Transports
 Persistence
 ServiceInsight
 ServicePulse
 ServiceControl
 Monitoring
 Previews
 Samples

Custom Token Provider

Target Version: NServiceBus 7.x
This page refers to the legacy Azure Service Bus transport that uses the WindowsAzure.ServiceBus NuGet package. This package is currently on extended support until May 2022, after which it will be out of support according to the support policy. All users should migrate to the Azure Service Bus transport transport.

By default, the Azure Service Bus transport authenticates to the service using the information embedded in the connection string. It's also possible to authenticate using any of the authentication mechanisms supported by Azure Service Bus.

This is useful when, for example, delegating authentication and authorization to a Federated Identity infrastructure such as Active Directory Access Control Service or Active Directory Federation Services.

Changing the authentication mechanism is done using the Azure Service Bus SDK's TokenProvider class. The Azure Service Bus SDK requires an instance of this class at 2 different levels.

  • NamespaceManager: requires a TokenProvider that issues tokens with manage rights on the namespace. Note that this is only needed if queue creation is enabled, so that it can list, create and update entities in the namespace.
  • MessagingFactory: requires a TokenProvider that issues tokens with at least send or receive rights on the entities used by the endpoint.

By default the transport configures the token provider at the level of the NamespaceManager using the connectionstring information and reuses this instance for the MessagingFactory.

Replacing the NamespaceManager Token Provider

The instance at the NamespaceManager level can be replaced using the NamespaceManagers().TokenProvider() configuration API.

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.TokenProvider(
    factory: s =>
    {
        return TokenProvider.CreateSharedAccessSignatureTokenProvider("sas");
    });

Or alternatively using the NamespaceManagers().NamespaceManagerSettingsFactory() configuration API that allows to override the NamespaceManagerSettings.

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var managers = transport.NamespaceManagers();
managers.NamespaceManagerSettingsFactory(
    factory: s =>
    {
        return new NamespaceManagerSettings
        {
            TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
        };
    });

Replacing the MessagingFactory Token Provider

If the MessagingFactory requires different tokens for authentication then the NamespaceManager, its TokenProvider can be replaced using the MessagingFactories().MessagingFactorySettingsFactory() configuration API that allows to override the MessagingFactorySettings.

Copy code|Copy usings|Edit
var transport = endpointConfiguration.UseTransport<AzureServiceBusTransport>();
var factories = transport.MessagingFactories();
factories.MessagingFactorySettingsFactory(
    factory: s =>
    {
        return new MessagingFactorySettings
        {
            TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("sas")
        };
    });

Last modified

Feedback