Managing Shared Access Signature (SAS) Authorization Rules
Updated: October 8, 2013
Applies To: Service Bus for Windows Server 1.1
Several cmdlets are available for managing the authorization rules for Service Bus namespaces, topics, and queues.
A SAS authorization rule enables developers and administrators to specify access claims based on a shared secret. A SAS rule has the following attributes:
Scope: A Service Bus namespace or messaging entity (queue or topic).
Name: User-friendly name used to identify and manage multiple authorization rules.
Access rights: Comma-separated list of access rights enabled by the rule. Access rights include manage, send and listen.
Primary and Secondary keys: The key that is used by clients trying to access Service Bus entities.
When creating a Service Bus namespace, a default SAS rule is automatically created. You can create additional rules for Service Bus namespaces or entities (queues and topics) to match access requirements for clients. You can use the New-SBAuthorizationRule cmdlet to create a new authorization rule.
This cmdlet has the following format:
New-SBAuthorizationRule [-PrimaryKey <String>] [-Rights {Listen | Manage | Send}] [-SecondaryKey <String>] -Name <String> -NamespaceName <String> [<CommonParameters>]
When creating a new rule, you can provide the primary and secondary keys. If you do not provide these keys, Service Bus will generate random keys for you.
You can use the Update-SBAuthorizationRule cmdlet to change SAS authorization rules for Service Bus namespaces or entities (queues and topics). Use this cmdlet to add new keys (either primary or secondary), or to change access rights as defined in the rule. You can define a key yourself, as in the following example:
C:\>$myKey = '!@123456789012345678901234567890'PS C:\>$base64Key = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes ($myKey)) C:\>Set-SBAuthorizationRule -NamespaceName myNamespace -name myrule -PrimaryKey $base64Key