I know that I can access anything in Azure Service Bus using SAS token authentication, and it seems that accessing via RBAC is now becoming the preferred auth method for things like Event Hubs. What I cannot find in the various web articles or samples on GitHub is hard evidence that Azure Relay Hybrid Connections access can be granted via RBAC. For various reasons, RBAC is preferable IMHO, but if it's not supported then I will have to go the SAS route, which may result in some insurmountable issues for me. TIA.
Can I Access Azure Service Bus Relay Using RBAC?
171 Views Asked by pjneary At
1
There are 1 best solutions below
Related Questions in AZURE
- Why does Azure Auto-Scale scale go lower then minimum amount of instances?
- Data execution plan ended with error on DB restore
- Why does Azure CloudConfigurationManager.GetSetting return null
- Do I need other roles than Worker Role for a web site and service layer in Azure?
- Azure Web App PATH Variable Modification
- Azure Data Factory: LinkedService for AzureSql in failed state
- How To Update a Web Application In Azure and Keep The App Up the whole time
- Using Azure MobileServices library with my own LAN WebApi
- ionCube loader error on Azure IIS
- App crash (if closed) after click on notification
- How to get sql data bases instances in azure using java api
- I want to create file in azure share using python PUT requests but getting error signature not correct including headers
- Enabling OPTIONS method on Azure Cloud Service (to enable CORS)
- Redirecting subdomain to directory on Azure
- Kaltura account settings error
Related Questions in AZURE-RBAC
- Azure Create deny but Update Allow
- Azure AD Graph vs. MS Graph Application.ReadWrite.All
- Azure RBAC - modularity and custom roles inheritance
- issue setting up app gateway ingress controller(agic) azure kubernetes service(aks)
- How to automate Azure App Configuration role assignment in Azure DevOps classic release pipelines?
- Give permission to Managed Identity to write index policy of Cosmos DB container
- custom RBAC role for select azure resources app gw, vm, storage, CDN, key vault
- Delete permission in custom role
- How do I use the Azure Go SDK to work with role assignments?
- Access to setup Azure keyvault principal in Access policy
- How to implement RBAC in azure and flask application
- RBAC Role for writing/editing EventGrid System Topic Subscriptions?
- Why does Azure's Role Definitions API return more than Permission struct for a role definition?
- How do Azure RBAC custom role definitions behave with regard to lifecycle, assignable scopes and resource location?
- What is a Eligible Schedule Instance in Privileged Identity Management?
Related Questions in AZURE-SERVICEBUSRELAY
- Unable to access WCF service from Mobile Service in Azure
- How many hybrid connections does Azure relay support
- What is max throughput and message rate a message unit can support in Azure Service Bus
- Hosting WCF Service with NetTcpRelayBinding in IIS: host closes when called
- Azure Relay - Not able to Consume/Receive events via Azure Hybrid Connection with Node
- Azure Service Bus WCF Relay functionality without using Hybrid Connections
- Not able to list the hybrid relays inside a relay namespace using namespace connection string
- Azure Relay for Soap WebServices
- Windows Azure ServiceBus Relay clarification
- Azure Servicebus WCF Relay, Address is already in use by an existing listener with different settings
- Relay binding not working for Window Server Service Bus 1.1
- Azure SDK needed on on-premises server?
- Azure Service bus Relay with Java
- how to call one service from another service using azure service bus relay
- azure service bus relay with Javascript client (AngularJS)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Well, as I know, Hybrid Connection does not support RBAC.
Essentially, we prefer to use RBAC because we can use Azure AD auth after granting the RBAC roles to Azure resources, it is a more secure way.
So in your scenario, if you want to avoid the security issue, the best option is to use Azure Keyvault, just store the
SASKeyas a secret in keyvault, then just the client which is added to the access policy(or has theKey Vault Administratorrole if you selectAzure role-based access controlinAccess policiesblade of the keyvault) has the permission to access the secret.Then in your code, you don't need to expose the
SASKey, just use the SDK to get the secret first, then continue to use it depends on your requirement.