I know that I can access anything in Azure Service Bus using SAS token authentication, and it seems that accessing via RBAC is now becoming the preferred auth method for things like Event Hubs. What I cannot find in the various web articles or samples on GitHub is hard evidence that Azure Relay Hybrid Connections access can be granted via RBAC. For various reasons, RBAC is preferable IMHO, but if it's not supported then I will have to go the SAS route, which may result in some insurmountable issues for me. TIA.
Can I Access Azure Service Bus Relay Using RBAC?
171 Views Asked by pjneary At
1
There are 1 best solutions below
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in AZURE-RBAC
- Azure Storage Account Access: Role Assignments Yield 'Access Denied' even for "Blob Owners" roles
- Adding users file storage feature to my application
- Implementing Azure Policy to Restrict Role Assignments at Subscription Level Except for Specific Service Principal
- Azure RBAC permission to write Cosmos DB index policy but not create container
- How to Test IAM Roles for an App Registration
- is it possible to create Custom RBAC role for 1 specific resource?
- How can I use kusto to show which permissions are being used by which users on the data plane
- How to whitelist only limited IP to access blob storage
- The client XXXXX with object id XXXXX does not have authorization to perform action 'Microsoft.Resources/deployments/write' over scope
- com.databricks.sql.cloudfiles.errors.CloudFilesException: Failed to create an Event Grid subscription
- How do I add a role assignment in the IAM section of subscriptions using powershell? I'm looking to add "Reader" to a service principal
- How to grant access to individual certificate in Azure Key Vault
- Who and what to grant to allow Azure DevOps to grant application role to new Azure Container Environment App created via Bicep script
- Azure Data Factory - Azure RBAC role to manually trigger/run pipelines, but not edit anything in the ADF workspace
- Is it possible to restrict the group to have reader access at container level in azure?
Related Questions in AZURE-SERVICEBUSRELAY
- Azure Service Bus WCF Relay functionality without using Hybrid Connections
- Azure Relay - Not able to Consume/Receive events via Azure Hybrid Connection with Node
- Keep Azure WCF http relay alive
- Calling AzureRelay http endpoint with URL length of more then 450 characters results in error 500
- Is it possible to configure an Azure Relay listener that responds to the local addresses also?
- Throttle the call to downstream systems
- Communicate Azure App Service to locally hosted IIS WCF Service
- Can I Access Azure Service Bus Relay Using RBAC?
- What is max throughput and message rate a message unit can support in Azure Service Bus
- How to implement an HTTP relay / tunnel to access a web app?
- Get the details of Listeners on Azure Relay
- How to configure load balancing strategy for WCF http relay
- MassTransit vs official azure service bus client sdk
- Access Shared Folder Via Azure Hybrid Connection
- How to setup azure relay hybrid connections using C# to connect to on-premises SQL Server?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Well, as I know, Hybrid Connection does not support RBAC.
Essentially, we prefer to use RBAC because we can use Azure AD auth after granting the RBAC roles to Azure resources, it is a more secure way.
So in your scenario, if you want to avoid the security issue, the best option is to use Azure Keyvault, just store the
SASKeyas a secret in keyvault, then just the client which is added to the access policy(or has theKey Vault Administratorrole if you selectAzure role-based access controlinAccess policiesblade of the keyvault) has the permission to access the secret.Then in your code, you don't need to expose the
SASKey, just use the SDK to get the secret first, then continue to use it depends on your requirement.