ServiceBusExplorer icon indicating copy to clipboard operation
ServiceBusExplorer copied to clipboard

Published 20 hours ago verified publisher icon paolosalvatori

Can we connect to Azure service bus using SAS with listen and send access

Open SanthoshYalamuri opened this issue 3 years ago • 7 comments

Hello,

I have started to use service bus explorer to connect to Azure service bus with SAS generated with Manage permission enabled, which is successful.

image

But can we connect to the Service bus, without manage permission enabled? The use case is just to view the queues and topics and their contents(similar to Reader)

We are getting the following error with send and receive enabled SAS while connecting to ASB.


<12:13:52> Failed to retrieve EventHub entities. Exception: System.UnauthorizedAccessException: The remote server returned an error: (401) Unauthorized. Manage,EntityRead claims required for this operation. TrackingId:6399943f-493b-4682-abb6-05b53ee56427_G4S2, SystemTracker:XXXXXXX.servicebus.windows.net:$Resources/EventHubs, Timestamp:2022-02-21T12:13:52 ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

              at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

              at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)

           --- End of stack trace from previous location where exception was thrown ---

Does Service Bus Explorer have a prerequisite that we need to use SAS with Manage permission enabled only?

Regards, Santhosh

SanthoshYalamuri avatar Feb 21 '22 12:02 SanthoshYalamuri

You have to have Manage right to list entities.

SeanFeldman avatar Feb 21 '22 14:02 SeanFeldman

Thanks for the confirmation that manage permission is required to list entities.

SanthoshYalamuri avatar Feb 22 '22 09:02 SanthoshYalamuri

@SanthoshYalamuri, I don't know if it is useful for you or not but are you aware that the ability to connect directly to an entity was added recently, #560? Hopefully it does not require the Management permission.

ErikMogensen avatar Feb 22 '22 16:02 ErikMogensen

@ErikMogensen Thanks for notifying, but with the connection string that includes entitypath does not resolve the issue.

ConnectionString: Endpoint=sb://asbname.servicebus.windows.net/;SharedAccessKeyName=sasname;SharedAccessKey=accesskey;EntityPath=topicname

Error: `<07:59:11> Failed to retrieve EventHub entities. Exception: System.UnauthorizedAccessException: The remote server returned an error: (401) Unauthorized. Manage,EntityRead claims required for this operation. TrackingId:010a733f-85d5-47f7-9b11-2ee7b8dc49ed_G7S3, SystemTracker:gseu005sbnt001.servicebus.win at Microsoft.ServiceBus.NamespaceManager.<GetEventHubsAsync>d__68.MoveNext()

dows.net:$Resources/EventHubs, Timestamp:2022-02-23T07:59:11 ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

`

Service Bus explorer version: image

SanthoshYalamuri avatar Feb 23 '22 08:02 SanthoshYalamuri

That was disappointing.

Perhaps it is doing an unnecessary List? A PR for handling this would be much appreciated.

ErikMogensen avatar Feb 23 '22 14:02 ErikMogensen

I know this was closed as stale, however we had to stop using SBE due to the level of access required. Having inexperienced users, who only require 'view' access to entities and messages, have unfettered access is a very big concern. It would be appreciated to have a "read only" version. Thank you.

onerob2000 avatar Aug 30 '22 17:08 onerob2000

I've just hit this limitation. Is there a plan to resolve this?

asos-benhoward avatar Sep 28 '22 17:09 asos-benhoward