Service Bus Authentication and Authorization
If you’re working in any MABS development that use the typical LOB Relay pattern, there have been changes associated with the security models for the same.
When creating a Service Bus namespace in the Azure portal only SAS (Shared Access Signature) authentication will be enabled/created by default. The accompanying ACS namespace will no longer be created and paired to the Service Bus namespace.
This is a critical component of the LOB RELAY pattern but the decision was made to no automatically create the Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS). Microsoft’s reasoning is that they felt the base majority of their customer base only use ACS for the access key functionality (ACS is a service that provides an easy way of authenticating and authorizing users of your web applications and services) and not for identity federation. Microsoft reports that SAS both scales better and also provides richer functionality than ACS.
Be that as it may for those of us that require ACS for our MABS development we will now need to execute an Azure PowerShell command to create the Azure Namespace and associated ACS credentials and artifacts such as keys, etc.
After launching the Azure PW applet first connect your account using the following command:
PS C:\> Add-AzureAccount
ps C:\> New-AzureSBNamespace -Name ‘MyNamespace’ -Location ‘Central US’
Once executed successfully go back to the Azure Portal and find the namespace and click on the “Connectivity” button in the bottom middle of the screen to retrieve the ACS information.
For more information, see
- Shared Access Signature Authentication with Service Bus
- How to use Shared Access Signature Authentication with Service Bus