Using SAS key to authenticate to Azure Service Bus

Azure Service Bus supports ACS (Access Control Service) using Microsoft Azure Active Directory Access Control. The second way how to authenticate ASB is to using SAS (Shared Access Signature) key. You can use general keys valid for whole namespace, or you can create own for specific queue or topic. The key can have some or all of 3 permissions – Send, Listen, Manage. Following code snippets will show how to use SAS key for different action with ASB.
Create a new topic using connection string:

    // this is a default namespace key, when you create a new one
    string cs = "Endpoint=sb://<your-service-bus-name>.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<your-namespace-access-key>";

    NamespaceManager nsm = NamespaceManager.CreateFromConnectionString(cs);

    if (nsm.TopicExists(topicName))
        nsm.DeleteTopic(topicName);

    // creating topic on Azure Service Bus
    if (!nsm.TopicExists(topicName))
    {
        TopicDescription td = new TopicDescription(topicName);
        nsm.CreateTopic(td);
    }        

    // creating topic, sender client
    MessagingFactory mf = MessagingFactory.CreateFromConnectionString(cs);
    TopicClient topicClient = mf.CreateTopicClient(topicName);

    // creating subscriber for the topic
    if (!nsm.SubscriptionExists(topicName, topicSubcriptionName))
    {
        nsm.CreateSubscription(topicName, topicSubcriptionName);
    }

    MessagingFactory mf = MessagingFactory.CreateFromConnectionString(cs);
    SubscriptionClient subscriptionClient = mf.CreateSubscriptionClient(topicName, subscriptionName);

You can create a SAS keys especially for the topic, so you can tightly control the access:

    // this is a default namespace key, when you create a new one
    string cs = "Endpoint=sb://<your-service-bus-name>.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=<your-namespace-access-key>";
    NamespaceManager nsm = NamespaceManager.CreateFromConnectionString(cs);

    if (nsm.TopicExists(topicName))
        nsm.DeleteTopic(topicName);

    // creating topic on Azure Service Bus
    if (!nsm.TopicExists(topicName))
    {
        TopicDescription td = new TopicDescription(topicName);

        // create a new SAS for topic
        topicSendKey = SharedAccessAuthorizationRule.GenerateRandomKey();
        td.Authorization.Add(new SharedAccessAuthorizationRule(topicSendKeyName, topicSendKey, new[] { AccessRights.Send }));
        topicListenKey = SharedAccessAuthorizationRule.GenerateRandomKey();
        td.Authorization.Add(new SharedAccessAuthorizationRule(topicListenKeyName, topicListenKey,new[]{ AccessRights.Listen }));

        nsm.CreateTopic(td);
    }

    Uri runtimeUri = ServiceBusEnvironment.CreateServiceUri("sb", "<your-service-bus-name>", string.Empty);

    // creating topic, sender client
    TokenProvider tps = TokenProvider.CreateSharedAccessSignatureTokenProvider(topicSendKeyName, topicSendKey);
    MessagingFactory mf = MessagingFactory.Create(runtimeUri, tps);
    TopicClient topicClient = mf.CreateTopicClient(topicName);

    // creating subscriber for the topic
    if (!nsm.SubscriptionExists(topicName, topicSubcriptionName))
    {
        nsm.CreateSubscription(topicName, topicSubcriptionName);
    }

    TokenProvider tpl = TokenProvider.CreateSharedAccessSignatureTokenProvider(topicListenKeyName, topicListenKey);
    MessagingFactory mf = MessagingFactory.Create(runtimeUri, tpl);
    SubscriptionClient subscriptionClient = mf.CreateSubscriptionClient(topicName, subscriptionName);

The code sending message to Azure Service Bus:

    BrokeredMessage bm = new BrokeredMessage(message);
    bm.MessageId = Guid.NewGuid().ToString();
    topicClient.Send(bm);

The code receiving message from Azure Service Bus:

    while (true)
    {
        BrokeredMessage message = subscriptionClient.Receive();

        if (message != null)
        {
            T msg = message.GetBody<T>();
            ...
        }
    }

You can find working prototype on my github repository Blog Examples

That’s all, now go write some code.

Leave a Reply

Your email address will not be published. Required fields are marked *