search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.13k stars 4.53k forks source link

[QUERY] "Invalid Audience" error instead of "Entity Not Found" #44734

Open arunprakashn opened 5 days ago

arunprakashn commented 5 days ago

Library name and version

Azure.Messaging.Servicebus 7.14.0

Query/Question

Previous Issue 36838

Regarding the previous issue, I should expect " 404 messaging entity not found" but I am starting to get "401 Invalid Audience". Did something change at the service level where the exception is reported differently now?

This used to work until yesterday when the exception was "messaging entity not found" and I handled it in my code and it has changed to "Invalid Audience". Note that this happens if I use SasToken generated for a particular queue. Previously, this worked for both connection string and long-lived-sas-connection-string generated for a given queue.

Need inputs on whether the service level exception behaviour and if the return error codes have changed.

Environment

No response

jsquire commented 5 days ago

Hi @arunprakashn. Thaks for reaching out and we regret that you're experiencing difficulties. This is normal and expected behavior. For security reasons, the service performs authorization before it checks for the existence of an entity, ensuring that callers without permissions cannot probe the service to find out what entities may or may not exist.

Because your call was unauthorized, it is rejected before the service attempts to locate and connect to the entity. If you are attempting to discover whether or not an entity exists, you must use valid credentials authorized for that entity.

github-actions[bot] commented 5 days ago

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

arunprakashn commented 5 days ago

Hi @jsquire If you refer to the other issue(https://github.com/Azure/azure-sdk-for-net/issues/36838) that I have linked, you said the other way round when I asked you why it should be "EntityNotFound' instead of "Unauthorized". Also, this behaviour has been observed only since yesterday. Has something changed at the service bus level?

/unresolve

arunprakashn commented 5 days ago

/unresolve

jsquire commented 5 days ago

@arunprakashn: At some point, the Service Bus team changed the ordering on the service. My statement above was confirmation from them directly. The client has no direct insight nor influence over the behavior. If you'd like to discuss further, you'll need to engage with the service team directly. To do so, you'd need to open an Azure support request or inquire on the Microsoft Q&A site.

github-actions[bot] commented 5 days ago

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

arunprakashn commented 5 days ago

/unresolve

It is difficult if the behavior changes abruptly without any intimation. Are there any release notes or any other communication regarding this? Because I wrote the logic based on what you had told in the other issue and now since yesterday its the other way around.

jsquire commented 5 days ago

To reiterate: this is a service behavior and not something that the Azure SDK package has insight into nor influence over. The maintainers of the Azure SDK are unable to assist with questions about service releases, unexpected service behaviors, nor other service issues. You will need to engage the Service Bus service team, as discussed in my previous comment.

github-actions[bot] commented 5 days ago

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

arunprakashn commented 5 days ago

Thanks @jsquire Could you please confirm that when getting this "Invalid Audience" error the SDK has established AMQPS with Azure Service bus? I am interested in checking if the source machine can establish AMQPS successfully.

jsquire commented 5 days ago

@arunprakashn: Yes, a connection has been established for you to see that message. The error is generated by the service; the client does not parse or validate audiences.