Recently when I did the Minecraft + Azure blog post sample I’d been chatting with Josh Twist and Santosh Chandwani around some of the security stuff for Service Bus Relay and I learned a couple of things I wasnt already aware of and couldnt remember seeing in documentation or blog posts so I thought it was worth sharing. Ages ago I had done a couple of blog posts about flowing additional tokens through relay on my old blog so lets firstly call out to them as they are similar if your interested in this topic:
- Combining Shared Secret & Username Token with SB Relay
- Combining x509 Certificate with Shared Secret on SB Relay
In this new scenario I have a REST service on premise which I have connected to the Azure Service Bus Relay using the WCF Web HTTP Relay Binding. I have also ensured that the client is required to authenticate against service bus to call my service. What I didnt know was that there are 2 HTTP Headers that the client can use and not only 1. The client can supply a token in either the:
- Standard HTTP Authorization header
- A custom header called ServiceBusAuthorization
Firstly it is quite easy to call the secured Azure Service Bus endpoint with a simple REST client either from .net or something like PostMan because as long as I get a valid string for my token I simply populate one of those headers and it will authenticate against service bus.
The additional benefit is that if I want to authenticate against service bus but also flow an additional token to the actual service so I can gain access to that too then I can achieve this by putting the Service Bus token in the ServiceBusAuthorization header and the other token in the standard HTTP Authorization header. This then opens you up to be able to cover most REST type security scenarios.
If you want to see a video covering a simple example illustrating this then check out the below:
The client side code sample is available at the following link:
If you like this article and some of my others you may be interested in seeing me speak at the london BizTalk summit. Check out the below: