0

I am creating an app which needs to create and delete subscriptions to an already created topic in azure service bus.

does my share access token need manage permissions on the topic to create and delete subscriptions? I've does some preliminary googling, and none of the articles I can find shows the correlation of the three roles (manage, send, listen) to the subscription entity.

Thanks!

update I have created a Shared Access Policy directly on the topic, then I have the following code written to reach out to the Topic, create subscriptions, then cancel/dispose of them via an IDisposable interface:

public class SubscriptionHandler : IDisposable
{
    protected NamespaceManager SubManager { get; set; }
    protected SubscriptionDescription SubDetails { get; set; }
    public SubscriptionClient Client { get; }

    public SubscriptionHandler(AuthDetails details)
    {
        try
        {
            var connectionString = ConfigurationManager.AppSettings["Microsoft.ServiceBus.ConnectionString"];
            SubManager = NamespaceManager.CreateFromConnectionString(connectionString);
            SubDetails = new SubscriptionDescription("topic", $"record{details.ID}.Other{details.OtherID}");
            if (!SubManager.SubscriptionExists(SubDetails.TopicPath, SubDetails.Name))
            {   //setting subscription to receive all bookings that are for the given businessID
                SubManager.CreateSubscription(SubDetails, new SqlFilter($"ID = {details.ID}"));
            }

            Client = SubscriptionClient.CreateFromConnectionString(connectionString, SubDetails.TopicPath, SubDetails.Name);
        }catch (Exception ex)
        {
            throw;
        }
    }

    public void Dispose()
    {
        if(Client != null)
        {
            Client.Close(); // telling subscription we are no longer going to recieve messages
        }

        if (SubManager != null && SubManager.SubscriptionExists(SubDetails.TopicPath, SubDetails.Name))
        {
            SubManager.DeleteSubscription(SubDetails.TopicPath, SubDetails.Name);
        }
    }

however, I am still getting unauthorized exception thrown on the

SubManager.CreateSubscription(SubDetails, new SqlFilter($"ID = {details.ID}")); call. I copied the connection string from the SharedAccessPolicy connection strings, then removed the EntityPath name value pair.... What am I doing wrong?

Nathan Tregillus
  • 6,006
  • 3
  • 52
  • 91

1 Answers1

1

does my share access token need manage permissions on the topic to create and delete subscriptions?

As the official document mentioned about Rights required for Service Bus operations, the Create a subscription and Delete subscription operations need Manage permission on the topic.

Without the Manage permission, you would get the 401 response as follows when you deal with the Create/Delete subscription operation:

enter image description here

Bruce Chen
  • 18,207
  • 2
  • 21
  • 35
  • Thank you Bruce! you are my go to guy on all of my azure questions! – Nathan Tregillus May 16 '17 at 20:20
  • Hey Bruce, I created a Shared access key directly on the topic I created with manage, send, and listen claims. However, when I reach my code for creating the subscription, I am still seeing an unauthorized exception thrown. I am updating my question with the snippet of code I am using to create and dispose the subscription – Nathan Tregillus May 16 '17 at 21:15
  • I adjusted to use the shared access token with all claims on the entire service bus( where I have a number of other queues,etc) and it works, but I wanted to limit this connection string to just the Topic i created. is this possible? – Nathan Tregillus May 16 '17 at 22:03
  • I supposed that when you removing the `EntityPath` from your connection string, you could try to check whether you have left a semicolon (;) in the end of your connection string. – Bruce Chen May 17 '17 at 00:18
  • I did leave the semi-colon.... could that have affected the connection? – Nathan Tregillus May 17 '17 at 14:06
  • I have checked the connection string, without the last semi-colon, it could work as expected. – Bruce Chen May 18 '17 at 01:30