Service Bus for Windows Server: How to define authorization rules at topic level

This is just a ‘reminder’ post for myself (and maybe others) when encountering the same issue.
For Service Bus 1.0 for Windows Server (not Azure), at least on a server not joined to a domain, when using local (workgroup) Windows users for authentication, in order to define the topic authorization rules, the AllowRule.ClaimValue must be the username (without machinename\ in front).
The IssuerName must be the namespace name, and ClaimType must be “nameidentifier”.

An example:

const string userClaim = "nameidentifier";
string userName = "TestUser"; // actual name of the local Windows user
string issuerNamespace = "TestNamespace"; // maybe dynamically obtained using namespaceManager.Address.PathAndQuery.Replace("/", "")
List<AccessRights> accessRights = new List<AccessRights> {AccessRights.Listen};
//...
var topicDescription = namespaceManager.GetTopic("MyTopic");
topicDescription.Authorization.Add(
         new AllowRule(issuerNamespace, userClaim, userName, accessRights));
//...
namespaceManager.UpdateTopic(topicDescription);

Obviously, the local Windows user must exists on both the Service Bus server machine and on the client computer, with the same name and password, and the client application must run using this user.
This type of authentication, Windows integrated using ‘workgroup users’, not joined to a domain, is not quite supported by Microsoft, that assumes that all computers will be joined to a Windows domain, but it works so far.

The MSDN documentation on this issue is not helpfull at all:
http://msdn.microsoft.com/en-us/library/microsoft.servicebus.messaging.authorizationrule.claimvalue.aspx
or http://msdn.microsoft.com/en-us/library/windowsazure/jj193003.aspx
– just auto-generated stuff, with examples taken from Azure Service Bus and usually not updated for Service Bus for Windows Server.

Advertisements
This entry was posted in .NET and tagged , , , , . Bookmark the permalink.

One Response to Service Bus for Windows Server: How to define authorization rules at topic level

  1. Ovidiu Porumb says:

    We’ll remember this one for a long time… 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s