How to: Set Security and Authentication on a Service Bus Application
This topic discusses how to authenticate a service and client application by using the Windows Azure Service Bus. For more information about setting transport and message-level security, see Securing and Authenticating a Service Bus Connection, and also the Securing Services topic in the Windows Communication Foundation (WCF) documentation.
If you are developing a service, you must first determine what type of credentials you will use to authenticate with the Service Bus, and whether a client that connects to your service must authenticate. All services are required to authenticate with the Service Bus, using SAML, shared secret, or a simple Web token. You may decide to have a different form of authentication for your service as you do for the client. For more information, see Choosing Authentication for a Service Bus Application.
If you are developing a client, determine what type of authentication credentials are required by the service to which you are connecting. This can be done in a variety of ways. This includes retrieving the information from the contract metadata. For more information, see How to: Design a WCF Service Contract for use with the Service Bus.
To set Service Bus authentication with an App.config file
Define a behavior that contains the specified
<transportClientEndpointBehavior>element, and also the relevant credentials.
The following code, from the WebHttpSample in the Windows Azure SDK, shows how to declare and configure a shared secret credential.
<behaviors> <endpointBehaviors> <behavior name="sharedSecretClientCredentials"> <transportClientEndpointBehavior credentialType="SharedSecret"> <clientCredentials> <sharedSecret issuerName="ISSUER_NAME" issuerSecret="ISSUER_SECRET" /> </clientCredentials> </transportClientEndpointBehavior> </behavior> </endpointBehaviors> </behaviors>
In this procedure, the issuer name and secret are held directly in the App.config file. It is recommended that you implement some form of security on any configuration file that contains such security information.
Once you have defined the credentials in the App.config file, the application will use the security configuration automatically. There are no additional steps necessary.
To set Service Bus authentication programmatically
Retrieve the security credentials:
Console.Write("Your Issuer Name: "); string issuerName = Console.ReadLine(); Console.Write("Your Issuer Secret: "); string issuerSecret = Console.ReadLine();
As is common in the Windows Azure SDK samples, this procedure has the issuer name and secret known by the user, and they are typed in directly. For more information about retrieving such information, see Building Applications that Use Access Control Services.
Create the credential endpoint behavior object that contains the security credentials:
TransportClientEndpointBehavior sharedSecretServiceBusCredential = new TransportClientEndpointBehavior(); sharedSecretServiceBusCredential.CredentialType = TransportClientCredentialType.SharedSecret; sharedSecretServiceBusCredential.Credentials.SharedSecret.IssuerName = issuerName; sharedSecretServiceBusCredential.Credentials.SharedSecret.IssuerSecret = issuerSecret;
Create the channel factory to connect to the endpoint:
ChannelFactory<IEchoChannel> channelFactory = new ChannelFactory<IEchoChannel>("RelayEndpoint", new EndpointAddress(serviceUri));
Apply the credentials to the channel factory:
Once you have applied the credentials to the channel factory, you can open a connection to the endpoint and access the Service Bus.