0

I am trying to update an Azure Service Bus Subscription using REST API.

When I include "ForwardTo" property in my request XML, I am getting Authorization Failure (401) error from Service Bus.

Here's my request XML looks like:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
  <entry xmlns="http://www.w3.org/2005/Atom">
    <content type="application/xml">
      <SubscriptionDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect">
        <LockDuration>PT1M</LockDuration>
        <RequiresSession>false</RequiresSession>
        <DefaultMessageTimeToLive>P10675199DT2H48M5.4775807S</DefaultMessageTimeToLive>
        <DeadLetteringOnMessageExpiration>false</DeadLetteringOnMessageExpiration>
        <DeadLetteringOnFilterEvaluationExceptions>true</DeadLetteringOnFilterEvaluationExceptions>
        <MessageCount>1</MessageCount>
        <MaxDeliveryCount>10</MaxDeliveryCount>
        <EnableBatchedOperations>true</EnableBatchedOperations>
        <Status>Active</Status>
      <ForwardTo>sb://namespacename.servicebus.windows.net/t200</ForwardTo>
        <CreatedAt>2017-08-14T16:17:15.308721Z</CreatedAt>
        <UpdatedAt>2017-08-16T15:33:03.0317963Z</UpdatedAt>
        <AccessedAt>2017-08-16T11:29:37.993Z</AccessedAt>
        <AutoDeleteOnIdle>P10675199DT2H48M5.4775807S</AutoDeleteOnIdle>
        </SubscriptionDescription>
    </content>
  </entry>

However, if I remove "ForwardTo" node from the request XML, everything works great.

I looked at Service Bus REST API documentation as well and unfortunately the documentation is quite incomplete. It does not provide any example as to how one could go about crafting the XML request payload.

I even looked at other SDKs (Python for example) and there also a lot of properties are conveniently ignored :(.

Funny thing is that I performed the same operation through Service Bus Explorer (which uses .Net SDK) and there the operation is working fine. I connected to my Service Bus account using HTTP protocol and traced the request/response through Fiddler, and my request and the request sent by Service Bus Explorer are more or less the same (it sends some extra parameters which I did not include in my request).

Furthermore, Service Bus is not giving me any more details about the error. Only thing I get from there is:

{
    "statusCode": 401,
    "baseError": null,
    "headers": {
        "transfer-encoding": "chunked",
        "content-type": "application/xml; charset=utf-8",
        "server": "Microsoft-HTTPAPI/2.0",
        "strict-transport-security": "max-age=31536000",
        "date": "Wed, 16 Aug 2017 15:41:33 GMT",
        "connection": "close"
    }
}

I am at a complete loss here as to what could be causing this error.

I do know that Service Bus REST API is pretty choosy about order in which XML elements should appear in the request body and to the best of my knowledge, the ordering is correct (but again I may be wrong as I don't have any reference document to compare my request body against).

When I change the order of "ForwardTo" node, I don't get any error but then this property is ignored (because of the order of XML elements in the request body).

Any insights into this would be highly appreciated.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • I have done this before using the c# management libraries for servicebus (just a note that it can be done) – Poul K. Sørensen Aug 16 '17 at 16:13
  • Looks like I just use the path : https://github.com/s-innovations/MessageProcessor.ServiceFabric/blob/master/src/ServiceFabric.QueueManagerActor/Actors/DispatcherManagerActor.cs#L132 and not the full namespace uri – Poul K. Sørensen Aug 16 '17 at 16:15
  • 1
    Thanks! I looked at the .Net SDK code and if you just specify path, SDK pretends the Service Bus URI to the path. – Gaurav Mantri Aug 16 '17 at 16:24

1 Answers1

0

With the help of Azure Service Bus product team, I was able to resolve this issue.

Essentially the request need to include 2 additional headers: ServiceBusSupplementaryAuthorization and ServiceBusDlqSupplementaryAuthorization. First header is required if ForwardTo property is set for the queue. Second header is required if ForwardDeadLetteredMessagesTo property is set for the queue. These headers should not be present if these properties are not set on the queue.

These authorization headers are computed in the same way is your regular request authorization header with one minor difference. The URL needed for computing these request headers is the value of ForwardTo and ForwardDeadLetteredMessagesTo properties for ServiceBusSupplementaryAuthorization and ServiceBusDlqSupplementaryAuthorization headers respectively.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241