Choosing Authentication for a Service Bus Application
Updated: February 3, 2015
The TransportClientEndpointBehavior behavior is a Windows Communication Foundation (WCF) class that is used to specify the Microsoft Azure Service Bus authentication credentials for a particular endpoint. Instances of this behavior are shareable across endpoints so that the descriptions of multiple endpoints (listener and channels) using the same Service Bus credentials can be populated with the same configured instance of this class.
The behavior can be defined and applied to endpoints in code and in configuration files.
The CredentialType property specifies which authentication method will be used on the endpoint. The possible values for this property are as follows:
TokenProvider: specifies that a custom token provider credential is used to authenticate with Microsoft Azure Service Bus. The token provider supports the use of Saml, OAuth, shared secret, SAS, simple Web, and Windows tokens.
Saml: this option specifies that the client credential is provided in the Security Assertion Markup Language (SAML) format, over the Secure Sockets Layer protocol. This option requires that you write your own SSL credential server.
SharedSecret: This option specifies that the client credential is provided as a self-issued shared secret that is registered with Access Control through the Azure portal. This option requires no additional settings on the Credentials property.
SimpleWebToken: This option specifies that the client credential is provided as a self-issued shared secret that is registered with Access Control through the Azure portal, and presented in the emerging industry-standard format called simple Web token (SWT). Similar to the shared secret option, this option requires no additional settings on the Credentials property.
Unauthenticated: This option specifies that there is no client credential provided. This option avoids acquiring and sending a token. It is used by clients that are not required to authenticate, based on the policy of their service binding. Note that this setting might leave data non-secure if not used together with another security measure.