How would you go about using Service Bus in a scenario where only client applications with unexpired subscriptions can receive messages from the service bus? Let's say you have a paid service where users can buy subscriptions to your messages for a period of time, so you want your service bus to send new messages only to a selected group of clients (clients with active subscriptions). It is much preferred if authorization for this is done on the server side and not on the client app. Looking at the service bus models (queues, topics, relays), none of them seem to fit this use case.
One way I was thinking to implement this was to change the SAS Key every day and get client applications to query the SAS key from a Web API. So only clients with valid subscriptions can refresh their SAS and receive from the service bus. I don't know if SAS could be changed through the API, though.
Is there any better support for this kind of scenario in Azure Service Bus, or can you think of a better way to implement it?
Related
We have a microservice which forwards Salesforce Event Bus Channels to Azure Service Bus Topics.
We want to give Microsoft Dynamics access to some -- but not all -- of the Topics.
While I could create a listen policy for each Topic and then give the Dynamics 365 developers a dozen connection strings, this seems less than ideal.
Is there a way to create a policy and connection string which would allow listening to an arbitrary collection of Topics on the Azure Service Bus without granting access to all of the Topics on the same bus?
AFAIK you can't have a SAS for multiple entities, but you can leverage Azure AD based authentication/authorization instead by giving your app registration access to multiple entities.
Another option would be to chain entities with auto forwarding by creating a single final queue where are messages are forwarded from the topics that you need, and dynamics would have access only to the final queue. When you need to add/remove topics, it would only have to be done in Service Bus and dynamics would just continute to listen on the same final queue.
I am working on a POC where I have a publisher which is publishing message to Azure Service Bus using Topics. Multiple subscribers have subscribed to the topic.
One of the subscriber wants to send message to Salesforce. What is the best way to send message to Salesforce
I have following options in mind:
Use Azure function to listen to Service bus and then connect with Salesforce to send data. Not sure if a connector already exists.
Read data from Service bus using a .net client and then send message to Azure Logic Apps. From Logic app use Salesforce connector to send message to Salesforce. Not sure if Logic apps can directly subscribe to Service bus.
What are pros can cons of both the options ?
Both approaches are valid but the one to chose depends on the level of comfort you have with the aforementioned technologies.
Integration with Salesforce is done via REST API. The LogicApps connector simplifies it quite a bit. Except, I would not read data from Service Bus message using a .NET client and then send message to Azure Logic Apps, but rather trigger Logic Apps with an incoming message using Service Bus connector and invoke Salesforce connector. This way there will be less moving parts.
In case you’re comfortable with Salesforce REST API, Function is a valid approach as well.
I have a scenario where an Azure SB subscription message is being received by an unknown consumer/client. We landed in this scenario as we have multiple function apps/logic apps running.
I would like to pause all the consumers/client for that subscription for some time but cannot find any way out.
Is there any audit log that can give me information about which "client" is connected to which "topic/queue".
Is there any audit log that can give me information about which "client" is connected to which "topic/queue".
Broker side logging feature is not available at this point. You won't be able to determine the client that is trying to access the specified subscription.
I have a scenario where an Azure SB subscription message is being received by an unknown consumer/client.
With Azure Service Bus consumer/client has to be known for security reasons. You're either giving out a connection string or a SAS token. Trying to reset those tokens or Shared Access keys would be another avenue, but it would mean affecting anyone else using those.
I'm building a queue messaging system in Azure and what I'm trying to do is an outbound message queue container in Azure Storage Queue that allows my desktop Windows Services to get the latest messages from that queue. The problem I'm facing is that I want to have multiple queues per tenant (each Windows service serves one client) in one storage account. As far as I see, there is no way to restrict the connection string access to each queue. On the other hand, it is not practical for me to create one storage account per tenant. What is the best way to restrict client access to one specific queue with the current security methods available in Azure? I was thinking about using Service Bus Queues, but even that doesn't solve the connection string issue I have in the client application.
I think service bus queues is your answer; they allow a multi-subscriber model with "subjects" and various filters etc.
Storage queues are very simplistic and are not the right answer for this particular scenario.
Sorry, on my mobile so haven't got all the relevant docs to hand.
One option is to use AAD identities and Storage's AAD authentication support (which is currently in public preview).
You would need a Service Principal in Azure AD for each tenant for this,
and add the principal to the Storage Queue Data Reader or Storage Queue Data Contributor role on their respective queue.
You can then use the principal's credentials to get an access token that is tenant-specific.
Documentation:
https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-aad-authentication-for-storage/
https://joonasw.net/view/azure-ad-authentication-with-azure-storage-and-managed-service-identity
I'm looking to use Azure Service Bus with topics but need to handle the scenario where a subscriber might not be listening for a message it's interested in (e.g. server being rebooted etc.). This is the typical durable subscriber pattern as described here http://www.eaipatterns.com/DurableSubscription.html.
What I can't work out is how to apply this with Azure Service Bus and I can't seem to find any examples or discussion of this in the documentation. Is this something that Azure service bus provides or should I start looking at alternatives to Azure Service Bus?
This is built straight into Service Bus. As long as a subscription is created it is durable. You create a topic and then create one or more subscriptions. One or more consumers then listen to a subscription when they are active. If they go inactive, such as the server being rebooted, then the subscription stores the messages until a consumer comes back up and asks for one.
Service Bus would only be nondurable if you were creating and destroying subscriptions on the fly as each consumer becomes active or becomes inactive. If there are no subscriptions then messages sent to a topic are lost. Once you create a subscription, any messages sent to the topic (if they pass any filters applied) will be available on the subscription regardless if there are any active consumers using that subscription. Subscriptions exist until you remove them or, if you have the idle removal feature turned on, they surpass the idle deletion time.
You can verify this with a simple console application, or using LinqPad to set up code that does the following:
Create a topic.
Create a subscription on that topic (no filters)
Send a few messages to the topic.
In a different script or console app, create a MessageReceiver for that subscription and pull down the messages.
The messages within a subscription are durable for the life of that subscription, until they are processed (completed, etc.), they are forwarded somewhere else or they expire.
I am not sure where you looked for documentation, following are good to read:
1) http://azure.microsoft.com/en-us/documentation/articles/service-bus-dotnet-how-to-use-topics-subscriptions/
2) http://code.msdn.microsoft.com/windowsazure/Simple-Publish-Subscribe-d406eb03