1

I have a service bus topic with 50 subscribers with their own filters. How I can secure a message from rest of 49 subscriber if some one guess the subscriber name? Is there anyway I can validate subscriber credentials?

Right now my plan B is create a 50 queues, so that each one will have their own secured connection string. Could some one suggest right approach?

Sap_vr
  • 2,379
  • 2
  • 17
  • 17
  • If you need to secure messages from tenants, why not to use separate namespaces? Alternatively, you could also have path hierarchy and a custom token provider, where based on the path you'd allow or forbid access. – Sean Feldman Feb 14 '18 at 21:25
  • Yes that is my plan B. I am looking is there anyway I can achieve with single namespace – Sap_vr Feb 15 '18 at 14:46

1 Answers1

1

If you want to stay within a single namespace and still ensure that tenants cannot see other messages, you could go with a path hierarchy (tenant1/queue, tenant2/queue) and a custom token provider. Custom token provider would be deciding based on the tenant making request if an entity (queue can be accessed or not.

You could build a web service that a user authenticates with and the web service would hand the appropriate token that carries the desired rights, and the management of those rights happens in the Service Bus SAS rules. Issued token would span an entity a user has access to.

Sean Feldman
  • 23,443
  • 7
  • 55
  • 80
  • Does this scheme mean you need a queue for each tenant? – Cocowalla Mar 07 '18 at 21:48
  • 1
    Absolutely. A tenant == a queue – Sean Feldman Mar 07 '18 at 21:56
  • For backend, cloud-hosted components that will interact with these queues, is there a simple way to consume from all these queues? Or would you need to connect to the management node, enumerate all available 'tenant' queues and start tasks to consume from them all? – Cocowalla Mar 08 '18 at 14:42
  • 1
    If you have a tenant with multiple queues, the tenant could either listen to all of those queues or use auto-forwarding to consolidate to a single queue and listen to that queue only. – Sean Feldman Mar 08 '18 at 17:59
  • Ah, I wasn't aware of that capability - looks like a good fit! – Cocowalla Mar 08 '18 at 21:02
  • 1
    Great, then seems like you've found your answer ;) Auto-forwarding is nicely explained here: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-auto-forwarding – Sean Feldman Mar 08 '18 at 22:20