I have a service bus queue and a windows form client application.
The client application simple sent to queue a brokered message.
To access the queue and send message I use the following code:
string nspace = "myNamespace";
string name = "myName";
string key = "myKey";
TokenProvider tp = TokenProvider.CreateSharedSecretTokenProvider(name, key);
Uri sbu = ServiceBusEnvironment.CreateServiceUri("sb", nspace, string.Empty);
MessagingFactory mf = MessagingFactory.Create(sbu, tp);
QueueClient qc = mf.CreateQueueClient("myQueueName");
MyObject myMessage = new MyObject()
ID = Guid.NewGuid(),
CreatedDate = DateTime.Now,
Message = "Some message to the queue"
BrokeredMessage bMsg = new BrokeredMessage(myMessage);
The code above works fine. I can access myQueueName and send myMessage object.
My question is about security. How can I build my client application, so it can send the message to myQueueName but I don't want to hard code the namespace, name and secret key in the code? If I give the client application to 100 people they will also have
the secret key, name and namespace, and this is what I don't want!
So, how can I build my client application that can send messages in a secure way so the client will not be aware of secret key, name, namespace? Can I use some kind of authentication so the client application will provide instead a custom username and password
and submit the message to the SB queue?
I thought about a WCF asp.net membership authentication. The client app will authenticate to the WCF with an username and password. The WCF also contains the secret key, name and namespace. If client authenticate successfully, then WCF returns basically
the MessagingFactory to the client app. I tried this scenario and didn't work. I also tried that the WCF returns a TokenProvider but this cannot be serialized.
Any help how can I implement this client application securely that I don't have to distribute the secret key, name and namespace with the client application?