如何创建具有仅发布权限的 Azure ServiceBus SaS 令牌?
How do I create an Azure ServiceBus SaS Token with Publish Only Rights?
我需要使用 Microsoft.Azure.ServiceBus 3.X nuget 包以编程方式为服务总线创建 SaS 令牌,以便与 .NET 标准库一起使用。
我可以成功创建和使用令牌来订阅和发布到服务总线。
我没有看到可以将令牌限制为只能发布的选项。
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
我想限制此令牌的权限,使其只能发布到主题,但不能订阅。这可能吗?如果可以,我该怎么做?
Is this possible and if so how can I do this?
如果我没理解错的话,您需要创建一个具有 [send] 权限的策略。然后使用 policyName 和生成的密钥创建 sas 令牌。
策略规则授予的权限可以是以下组合:
- 'Send' - Confers the right to send messages to the entity
- 'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
- 'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
更多信息,请参考此document。
更新:
我们可以使用 Microsoft.Azure.Management.ServiceBus.Fluent 来创建策略。
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:\Tom\Documents\azureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
如何创建azureCred文件,请参考此document。
我需要使用 Microsoft.Azure.ServiceBus 3.X nuget 包以编程方式为服务总线创建 SaS 令牌,以便与 .NET 标准库一起使用。
我可以成功创建和使用令牌来订阅和发布到服务总线。 我没有看到可以将令牌限制为只能发布的选项。
TokenProvider td = SharedAccessSignatureTokenProvider.CreateSharedAccessSignatureTokenProvider(policyName, policyKey, expireTimeSpan);
var token = await td.GetTokenAsync($"{path}{topic}", expireTimeSpan);
我想限制此令牌的权限,使其只能发布到主题,但不能订阅。这可能吗?如果可以,我该怎么做?
Is this possible and if so how can I do this?
如果我没理解错的话,您需要创建一个具有 [send] 权限的策略。然后使用 policyName 和生成的密钥创建 sas 令牌。
策略规则授予的权限可以是以下组合:
- 'Send' - Confers the right to send messages to the entity
- 'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling
- 'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities
更多信息,请参考此document。
更新:
我们可以使用 Microsoft.Azure.Management.ServiceBus.Fluent 来创建策略。
var authorizationRuleName = "xxx"; //policy name
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:\Tom\Documents\azureCred.txt");
var restClient = RestClient.Configure().WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
System.Threading.CancellationToken cancellationToken = new System.Threading.CancellationToken();
ServiceBusManagementClient client = new ServiceBusManagementClient(restClient)
{
SubscriptionId = subscriptionId
};
List<AccessRights?> list = new List<AccessRights?> { AccessRights.Send};
//create policy
SharedAccessAuthorizationRuleInner result = client.Namespaces.CreateOrUpdateAuthorizationRuleAsync(resourceGroupName, nameSpace, authorizationRuleName, list, cancellationToken).Result;
//get key
var key = client.Namespaces.ListKeysAsync(resourceGroupName, nameSpace, authorizationRuleName).Result?.PrimaryKey;
如何创建azureCred文件,请参考此document。