locked
Event Hub output binding with SharedAccessSignature RRS feed

  • Question

  • Looking for some guidance regarding Event Hub output binding to work with SharedAccessSignature element in the connection string instead of SharedAccessKeyName/SharedAccessKey. I have Microsoft.ServiceBus.Messaging.EventHubSender::CreateFromConnectionString->Send working, but Functions binding with same connection string does nothing. I see that https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-hubs#output---configuration mentions "Copy this connection string by clicking the Connection Information button for the namespace, not the event hub itself" but not clear whether binding "magic" happens only with a that particular form of a connection string. SharedAccessKeyName/SharedAccessKey connection string works perfectly fine but I was trying to find a way to get publisher revocation protection with SAS token and currently unsure whether it's a bug or enhancement request for the roadmap or am I missing something. I searched the docs/web/this group extensively but nothing turned up
    Wednesday, December 6, 2017 12:30 AM

Answers

  • Thank you Connor for the reply! While it did not directly answer how to create a proper connection string, it made me dig into the source code for webjobs-sdk and eventually I was able to create working connection string that respects publisher revocation. Including C# code snippet for connection string generation for anyone's reference:

    using Microsoft.Azure.EventHubs;
    
    // Service Bus namespace containing destination Event Hub
    const string serviceBusNamespace = "your-serviceBusNamespace";
    // Name of the Shared Access Policy defined at the namespace level and having "Send" claim
    const string sharedAccessPolicy = "your-sharedAccessPolicy";
    // Value of the primary key for the Shared Access Policy
    const string sharedAccessKey = "your-sharedAccessKey";
    // Name of the destination Event Hub
    const string eventHub = "your-eventHub";
    // Name of the publisher sending events
    const string publisher = "your-publisher";
    // Time-to-live for the Shared Access Signature
    var ttl = TimeSpan.FromDays(your-ttl);
    
    var endpoint = $"sb://{serviceBusNamespace}.servicebus.windows.net/";
    var entityPath = $"{eventHub}/Publishers/{publisher}";
    var tokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(sharedAccessPolicy, sharedAccessKey, ttl);
    var sharedAccessSignature = (await tokenProvider.GetTokenAsync($"{endpoint}{entityPath}", ttl)).TokenValue;
    var connectionString = $"Endpoint={endpoint};EntityPath={entityPath};SharedAccessSignature={sharedAccessSignature}";

    • Marked as answer by Alex Smelov Tuesday, December 26, 2017 8:38 PM
    Tuesday, December 26, 2017 8:38 PM

All replies

  • The value you put in Connection is passed through the EventHubsConnectionStringBuilder, and then the result of that is passed to CreateFromConnectionString. https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.eventhubs.eventhubsconnectionstringbuilder?view=azure-dotnet
    • Proposed as answer by Connor McMahon Thursday, December 7, 2017 1:50 AM
    Thursday, December 7, 2017 1:50 AM
  • Thank you Connor for the reply! While it did not directly answer how to create a proper connection string, it made me dig into the source code for webjobs-sdk and eventually I was able to create working connection string that respects publisher revocation. Including C# code snippet for connection string generation for anyone's reference:

    using Microsoft.Azure.EventHubs;
    
    // Service Bus namespace containing destination Event Hub
    const string serviceBusNamespace = "your-serviceBusNamespace";
    // Name of the Shared Access Policy defined at the namespace level and having "Send" claim
    const string sharedAccessPolicy = "your-sharedAccessPolicy";
    // Value of the primary key for the Shared Access Policy
    const string sharedAccessKey = "your-sharedAccessKey";
    // Name of the destination Event Hub
    const string eventHub = "your-eventHub";
    // Name of the publisher sending events
    const string publisher = "your-publisher";
    // Time-to-live for the Shared Access Signature
    var ttl = TimeSpan.FromDays(your-ttl);
    
    var endpoint = $"sb://{serviceBusNamespace}.servicebus.windows.net/";
    var entityPath = $"{eventHub}/Publishers/{publisher}";
    var tokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(sharedAccessPolicy, sharedAccessKey, ttl);
    var sharedAccessSignature = (await tokenProvider.GetTokenAsync($"{endpoint}{entityPath}", ttl)).TokenValue;
    var connectionString = $"Endpoint={endpoint};EntityPath={entityPath};SharedAccessSignature={sharedAccessSignature}";

    • Marked as answer by Alex Smelov Tuesday, December 26, 2017 8:38 PM
    Tuesday, December 26, 2017 8:38 PM