Shared Access Policy Programatic Creation for Azure Service Bus

Question

I need to create/update and delete Shared Access Policy programmatically from my application on an existing Service Bus.

I can do that just fine from portal.azure.com but how do I do that programmatically? Is there a rest API for this? I've read through this document but can't seem to make it work.

Any help will be highly appreciated, thanks!

score 0 · Answer 1 · answered Aug 29 '19 at 14:28

0

It is possible to create Shared access policy for Azure bus Service queus or topics. Please refer the below link for programmatical implementation with .Net https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas#generate-a-shared-access-signature-token

answered Aug 29 '19 at 14:28

Nishanth Prabhakaran

339
1
2
15

Thanks, I think I've seen that link before but I'm curious to know why do they end with 'nsm.CreateQueue(qd);' does this means that they create the queue or they use an existing Queue? Do you know? – ProgrammerV5 Aug 29 '19 at 14:34
This means they are creating a new queue. Have you checked with Service bus SDK for SaS – Nishanth Prabhakaran Aug 29 '19 at 14:41
I haven't found anything for an existing one, I've seen a few examples but for creating new ones. – ProgrammerV5 Aug 29 '19 at 14:44
Have you checked Microsoft.Servicebus.Messaging SDK. There you would find the option for managing SAS – Nishanth Prabhakaran Aug 29 '19 at 14:57

score 0 · Answer 2 · answered Aug 29 '19 at 15:24

Please use the below code for creating the Shared access policy programatically.

  public async Task<ResourceAuthorizationRule> UpdateAuthorizationRuleForQueueAsync(string connectionString, string queuePath, string RuleName, IList<RuleRequest> RuleRequest)
    {
        ResourceAuthorizationRule _sharedAccessAuthorizationRule = new ResourceAuthorizationRule();

        NamespaceManager namespaceManager = NamespaceManager.CreateFromConnectionString(connectionString);

        var queue = await namespaceManager.GetQueueAsync(queuePath);
        queue.Authorization.Clear();

        int index = connectionString.IndexOf("SharedAccessKeyName=");
        var queueConnectionString = connectionString.Substring(0, index);

        foreach (RuleRequest _authorization in RuleRequest)
        {
            var rightList = new List<Microsoft.ServiceBus.Messaging.AccessRights>();
            foreach (var rule in _authorization.Rights)
            {
                if (rule.Equals(Models.Azure.AccessRights.Manage))
                {
                    rightList.AddRange(new[]
                        {Microsoft.ServiceBus.Messaging.AccessRights.Manage, Microsoft.ServiceBus.Messaging.AccessRights.Send, Microsoft.ServiceBus.Messaging.AccessRights.Listen});
                    break;
                }
                else
                {
                    if (rule.Equals(Models.Azure.AccessRights.Send))
                    {
                        rightList.Add(Microsoft.ServiceBus.Messaging.AccessRights.Send);
                    }
                    if (rule.Equals(Models.Azure.AccessRights.Listen))
                    {
                        rightList.Add(Microsoft.ServiceBus.Messaging.AccessRights.Listen);
                    }
                }
            }
            queue.Authorization.Add(new SharedAccessAuthorizationRule(_authorization.RuleName,
                                    _authorization.PrimaryKey ?? SharedAccessAuthorizationRule.GenerateRandomKey(),
                                    _authorization.SecondaryKey ?? SharedAccessAuthorizationRule.GenerateRandomKey(),
                                    rightList));
        }

        dynamic result = await namespaceManager.UpdateQueueAsync(queue);
        foreach (var _authorization in result.Authorization)
        {
            _sharedAccessAuthorizationRule.Rights = new List<Models.Azure.AccessRights?>();
            if (_authorization.KeyName == RuleName)
            {
                _sharedAccessAuthorizationRule.Name = _authorization.KeyName;
                _sharedAccessAuthorizationRule.PrimaryKey = _authorization.PrimaryKey;
                _sharedAccessAuthorizationRule.SecondaryKey = _authorization.SecondaryKey;
                foreach (Models.Azure.AccessRights right in _authorization.Rights)
                {
                    _sharedAccessAuthorizationRule.Rights.Add(right);
                }

                _sharedAccessAuthorizationRule.PrimaryConnectionString = queueConnectionString + "SharedAccessKeyName=" + RuleName + ';' + _authorization.ClaimType + '=' + _authorization.PrimaryKey + ";EntityPath=" + queuePath;
                _sharedAccessAuthorizationRule.SecondaryConnectionString = queueConnectionString + "SharedAccessKeyName=" + RuleName + ';' + _authorization.ClaimType + '=' + _authorization.SecondaryKey + ";EntityPath=" + queuePath;
            }
        }

        return _sharedAccessAuthorizationRule;
    }

Thanks but again, this relies on an existing queue I don't want to do it on a specific queue, I need it for the service bus itself (I guess that it is called namespace?) — ProgrammerV5, Aug 29 '19 at 15:42
Trying to do it with this now: https://docs.azure.cn/en-us/dotnet/api/microsoft.azure.management.eventhub.namespacesoperationsextensions.createorupdateauthorizationruleasync?view=azure-dotnet — ProgrammerV5, Aug 29 '19 at 15:43
Yes, thats great. Please try. It seems it will work for this one. — Nishanth Prabhakaran, Aug 29 '19 at 15:57

Shared Access Policy Programatic Creation for Azure Service Bus

2 Answers2

Linked