search

paolosalvatori / ServiceBusExplorer

The Service Bus Explorer allows users to connect to a Service Bus namespace and administer messaging entities in an easy manner. The tool provides advanced features like import/export functionality or the ability to test topic, queues, subscriptions, relay services, notification hubs and events hubs.
MIT License
2.02k stars 587 forks source link

Can we connect to Azure service bus using SAS with listen and send access #615

Open SanthoshYalamuri opened 2 years ago

SanthoshYalamuri commented 2 years ago

Hello,

I have started to use service bus explorer to connect to Azure service bus with SAS generated with Manage permission enabled, which is successful.

image

But can we connect to the Service bus, without manage permission enabled? The use case is just to view the queues and topics and their contents(similar to Reader)

We are getting the following error with send and receive enabled SAS while connecting to ASB.


<12:13:52> Failed to retrieve EventHub entities. Exception: System.UnauthorizedAccessException: The remote server returned an error: (401) Unauthorized. Manage,EntityRead claims required for this operation. TrackingId:6399943f-493b-4682-abb6-05b53ee56427_G4S2, SystemTracker:XXXXXXX.servicebus.windows.net:$Resources/EventHubs, Timestamp:2022-02-21T12:13:52 ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

              at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

              at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)

           --- End of stack trace from previous location where exception was thrown ---

Does Service Bus Explorer have a prerequisite that we need to use SAS with Manage permission enabled only?

Regards, Santhosh

SeanFeldman commented 2 years ago

You have to have Manage right to list entities.

SanthoshYalamuri commented 2 years ago

Thanks for the confirmation that manage permission is required to list entities.

ErikMogensen commented 2 years ago

@SanthoshYalamuri, I don't know if it is useful for you or not but are you aware that the ability to connect directly to an entity was added recently, #560? Hopefully it does not require the Management permission.

SanthoshYalamuri commented 2 years ago

@ErikMogensen Thanks for notifying, but with the connection string that includes entitypath does not resolve the issue.

ConnectionString: Endpoint=sb://asbname.servicebus.windows.net/;SharedAccessKeyName=sasname;SharedAccessKey=accesskey;EntityPath=topicname

Error: `<07:59:11> Failed to retrieve EventHub entities. Exception: System.UnauthorizedAccessException: The remote server returned an error: (401) Unauthorized. Manage,EntityRead claims required for this operation. TrackingId:010a733f-85d5-47f7-9b11-2ee7b8dc49ed_G7S3, SystemTracker:gseu005sbnt001.servicebus.win at Microsoft.ServiceBus.NamespaceManager.d__68.MoveNext()

dows.net:$Resources/EventHubs, Timestamp:2022-02-23T07:59:11 ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

`

Service Bus explorer version: image

ErikMogensen commented 2 years ago

That was disappointing.

Perhaps it is doing an unnecessary List? A PR for handling this would be much appreciated.

onerob2000 commented 2 years ago

I know this was closed as stale, however we had to stop using SBE due to the level of access required. Having inexperienced users, who only require 'view' access to entities and messages, have unfettered access is a very big concern. It would be appreciated to have a "read only" version. Thank you.

asos-benhoward commented 2 years ago

I've just hit this limitation. Is there a plan to resolve this?