none
EventHub from different users RRS feed

  • Question

  • Hi

    I have an eventhub and messages to this eventhub is sent from different sources/customers. I have a customerid field in my message. They have different Policies and different SAS keys to send with. Is there a way to stop users sending messages for each other? Can I force them sending messages with just their own customerids? Can I somehow in stream analytics for example filter out the messages that are not sent from customers (checked with customerid in my message) with their own SAS keys?

    Or what is the preferred way of doing this? I can use different eventhubs as well but I just wonder if there is a solution to this problem?

    Regards


    • Edited by Gökhan Kurt Wednesday, December 17, 2014 8:28 AM
    Tuesday, December 16, 2014 9:18 AM

Answers

  • Hi Gokhan,

    Event Hubs Publisher Policy is the solution you're looking for. With pulbisher policy feature each publisher (in your case each customer) is able to identify itself by using a unique publisher URL and secret key. As long as the secret key is "secret" no other publisher can send events with the same identity. And also on the receive side you can identify the publisher by looking at one of the application properties on the EventData. Besides you can blacklist individual publishers at any time which is basically like disabling a publisher if you think it's compromised or invalid.

    Check Event Publisher section of this page: http://msdn.microsoft.com/en-us/library/azure/dn836025.aspx

    Let me know if you need any questions.

    Tuesday, December 16, 2014 6:25 PM
  • Honestly I don't know much about Stream Analytics. You better ask this under Analytics category. I believe you cannot address your original issue on the receiver side since any customer can impersonate someone else by setting incorrect CustomerId on the event. From the receive perspective all events are valid and CustomerId property is the identifier regardless of whoever sent it. You need to solve this on the send side.

    https://social.msdn.microsoft.com/Forums/en-US/home?forum=AzureStreamAnalytics

    Thursday, December 18, 2014 7:42 PM

All replies

  • Hi Gokhan,

    Event Hubs Publisher Policy is the solution you're looking for. With pulbisher policy feature each publisher (in your case each customer) is able to identify itself by using a unique publisher URL and secret key. As long as the secret key is "secret" no other publisher can send events with the same identity. And also on the receive side you can identify the publisher by looking at one of the application properties on the EventData. Besides you can blacklist individual publishers at any time which is basically like disabling a publisher if you think it's compromised or invalid.

    Check Event Publisher section of this page: http://msdn.microsoft.com/en-us/library/azure/dn836025.aspx

    Let me know if you need any questions.

    Tuesday, December 16, 2014 6:25 PM
  • Hi 

    Thanks for the answer. It seems like that is the thing we are looking for. We donot read EventData but use Stream Analytics. I read about the partitionkey is set depending on the publisher name. Do you think that we can add this WHERE clause in our query to filter out unwanted messages like

    WHERE PartitionKey = CustomerId

    where CustomerId is our internal key for customersids which I can ask the customers to use as publisher names.

    Wednesday, December 17, 2014 8:34 AM
  • Honestly I don't know much about Stream Analytics. You better ask this under Analytics category. I believe you cannot address your original issue on the receiver side since any customer can impersonate someone else by setting incorrect CustomerId on the event. From the receive perspective all events are valid and CustomerId property is the identifier regardless of whoever sent it. You need to solve this on the send side.

    https://social.msdn.microsoft.com/Forums/en-US/home?forum=AzureStreamAnalytics

    Thursday, December 18, 2014 7:42 PM