Azure Service Bus Shared Access Signature Generation

Question

I am trying to generate Shared Access signature for the Azure service bus queue. Here is the code snippnet through which I am generating SAS token.

using System;
using System.Globalization;
using System.Security.Cryptography;
using System.Text;
using System.Web;

namespace SASTokenGeneration
{
    class Program
    {
        static void Main(string[] args)
        {
            string resourceUri = "sb://xxxservicequeue.servicebus.windows.net/;SharedAccessKeyName=xxxservicequeue;SharedAccessKey=xxxxxx";
            string key = "token";
            string keyName = "xxxservicequeue";
            try
            {
                TimeSpan sinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
                var week = 60 * 60 * 24 * 7;
                var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + week);
                string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;
                HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
                var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
                var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}",
            HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);

            }
            catch (Exception ex)
            {

            }
        }
    }
}

When I use this token in postman then sometime it gives

MalformedToken: Failed to parse simple web token. azure sevice Bus

and Now I am getting

401 40103: Invalid authorization token signature

From error, I know that I am doing something wrong with connection string but cannot figure out what. Can you please point me in right direction. Thanks

Instead of sharing the screenshot of the code, please paste the actual code. — Gaurav Mantri, Jan 21 '19 at 14:14

Jerry Liu · Answer 1 · 2019-01-25T08:15:37.537

0

Problems may locate at

string resourceUri = "sb://xxxservicequeue.servicebus.windows.net/;SharedAccessKeyName=xxxservicequeue;SharedAccessKey=xxxxxx";
string key = "token";
string keyName = "xxxservicequeue";

The resourceUri is the full URI of the Service Bus resource to which access is claimed, in the format of sb://xxxservicequeue.servicebus.windows.net/ or with specific entity you need to operate like sb://xxxservicequeue.servicebus.windows.net/queueName.

The key should be the value of SharedAccessKeyKey and keyName is SAS policy name like the default RootManageSharedAccessKey.

Have a look at doc for more details.

edited Jan 25 '19 at 08:15

answered Jan 25 '19 at 08:05

Jerry Liu

17,282
4
40
61

1

Thanks for your quick response and really sorry for late reply. I was in a situation. I have read the doc and have done exactly as written. From code share above I can generate SAS token but when I use it on post man I am still getting 401 40103: error – Usman Javed Jan 30 '19 at 07:32
@UsmanJaved If you have corrected the resourceUri and so on, can you confirm the SAS Policy you created is authorized to do what you tried in postman? e.g, With only `Listen` right, we can't send messages. – Jerry Liu Jan 30 '19 at 08:00
Yes I have checked that as well, all rights are given. – Usman Javed Jan 30 '19 at 08:07
@UsmanJaved Could you elaborate which API you are trying to work with SAS? I will have a try as well to see whether I can provide a working sample. – Jerry Liu Jan 30 '19 at 08:08
You mean that I should send you resource uri and SAS token. – Usman Javed Jan 30 '19 at 08:10
@UsmanJaved Nope, just tell me which [rest api](https://learn.microsoft.com/en-us/rest/api/servicebus/) you use. e.g, are you trying to send message or whatever? – Jerry Liu Jan 30 '19 at 08:14
Yes I am trying to send message – Usman Javed Jan 30 '19 at 08:44
https://xxxservicequeue.servicebus.windows.net/xxxservicetopic/messages – Usman Javed Jan 30 '19 at 08:46
@UsmanJaved Sorry for the delay. I follow the [tutorial](https://learn.microsoft.com/en-us/rest/api/servicebus/send-message-batch) and see Status:201 created in postman. Not very practical, but I suggest you create a new policy to try. If you only want to retrieve SAS for usage in SDK, you probably don't need to struggle with API test in postman, we could simply turn to [SDK](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas#use-shared-access-signature-authorization) for help. – Jerry Liu Jan 30 '19 at 10:43
Thank you for your response. I have situation that I need to send and revieve message in jquery client thats why I need API. – Usman Javed Jan 30 '19 at 11:58

Azure Service Bus Shared Access Signature Generation

1 Answers1

Linked