azure-service-bus-dotnet icon indicating copy to clipboard operation
azure-service-bus-dotnet copied to clipboard

Published 20 hours ago verified publisher icon Azure

PeekAsync() requires both Listen and Send rights

Open nkalfov opened this issue 7 years ago • 3 comments

Actual Behavior

  1. I try to execute PeekAsync() from MessageReceiver on a queue with a connection string that has only "Listen" authorization rule.
var connectionString = new ServiceBusConnectionStringBuilder(_configuration.SomeConnectionString);
var messageReceiver = new MessageReceiver(connectionString);
var message = await messageReceiver.PeekAsync();
  1. The following exception is thrown:
Exception: System.AggregateException: 'One or more errors occurred.'
Inner Exception: Unauthorized access. 'Send' claim(s) are required to perform this operation. Resource: 'sb://{$myNamespace}.servicebus.windows.net/{$myQueue}/$management'. TrackingId:*****************_G0, SystemTracker:gateway6, Timestamp:11/1/2017 7:43:47 AM
  1. Ways to avoid the bug:
  • One could avoid the exception if using an authorization rule with both "Listen" and "Send".
  • One could avoid the exception via using a large value for MaxDeliveryCount and then PeekLock messages with .ReceiveAsync() with .AbandonAsync(). However, this is not the most elegant solution.
  1. There is a similar issue raised for the java version of the API, found @ https://github.com/Azure/azure-service-bus-java/issues/110

Expected Behavior

  1. I try to execute PeekAsync() to peek some messages on a queue with connection string that has only "Listen" authorization rule.
  2. I peek messages from the queue.

Versions

  • OS platform and version: Windows 10 Pro 1709 (Build 16299.19)
  • .NET Version: 4.6.1
  • NuGet package version or commit ID: Follows my package.config
<packages>
  <package id="Microsoft.Azure.Amqp" version="2.1.2" targetFramework="net461" />
  <package id="Microsoft.Azure.ServiceBus" version="2.0.0" targetFramework="net461" />
  <package id="Microsoft.Azure.ServiceBus.MessageIdPlugin" version="0.0.1-preview" targetFramework="net461" />
  <package id="System.Net.WebSockets" version="4.0.0" targetFramework="net461" />
  <package id="System.Net.WebSockets.Client" version="4.0.0" targetFramework="net461" />
  <package id="System.Runtime.Serialization.Primitives" version="4.3.0" targetFramework="net461" />
  <package id="System.Runtime.Serialization.Xml" version="4.3.0" targetFramework="net461" />
  <package id="System.Security.Cryptography.Algorithms" version="4.2.0" targetFramework="net461" />
  <package id="System.Security.Cryptography.Encoding" version="4.0.0" targetFramework="net461" />
  <package id="System.Security.Cryptography.Primitives" version="4.0.0" targetFramework="net461" />
  <package id="System.Security.Cryptography.X509Certificates" version="4.1.0" targetFramework="net461" />
</packages>

nkalfov avatar Nov 01 '17 08:11 nkalfov

I am also seeing this, and have worked around it with the Receive/Abandon model for now.

aiden56 avatar Jan 17 '18 13:01 aiden56

This is an annoying thing as I see it. why do you need Send access right to see an peek the queue. to me this does not make sense..

hope you find a solution for this. thnx

pierrebakker avatar Jan 18 '18 08:01 pierrebakker

We will work on this issue shortly. Meanwhile, till the time the fix gets deployed across all data centers, please consider using authorization rule with send claims as well.

nemakam avatar Jan 20 '18 00:01 nemakam